Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Security Tool lässt sich auch mit der Anleitung nicht löschen (https://www.trojaner-board.de/89719-security-tool-laesst-anleitung-loeschen.html)

grafeko 19.08.2010 11:05

Security Tool lässt sich auch mit der Anleitung nicht löschen
 
Hallo!

Als ich Heute meinen Laptop hochgefahren habe, ist Security Tool aufgetaucht. Das Problem hatte ich schon einmal am Anfang des Jahres und damal konnte ich es super nach der hier im Forum beschrieben Anleitung löschen. Das wollte ich auch diesmal wieder probieren, doch leider lässt mich "Security Tool" weder die rkill (auch nicht unbenannt) noch Malwarebytes (exe habe ich auch schon unbenannt) ausführen oder installieren.

Malwarebytes lässt sich zwar im abgesicherten Modus ausführen, aber da findet das Programm keinen Trojaner oder sonstige Fehler.

Einen Wiederherstellungspunkt lässt mich Security Tool auch nicht auswählen. Und andere Virenprogramme (auch unbenannt) werden auch blockiert ...



Habt ihr eine Lösung? Schon mal Danke im Vorraus!!!!

cosinus 19.08.2010 19:33

Es gibt eine zufällig benannte Setupdatei von malwarebytes probier das => http://malwarebytes.org/mbam-download-exe-random.php

Denk ans Update nach dem Installieren!!!!

grafeko 20.08.2010 00:13

Danke!

Konnte Security Tool im abgesicherten Modus löschen und danach konnte ich auch Malwarebytes drüber laufe lassen... Sollte alles wieder i.O. sein.


*close*

cosinus 20.08.2010 08:07

Poste das Logfile! Mit Malwarebytes allein ist nicht getan!

grafeko 20.08.2010 13:15

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4450

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

20.08.2010 05:56:47
mbam-log-2010-08-20 (05-56-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 312599
Laufzeit: 3 Stunde(n), 8 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)





HiJackthis Logfile:
HiJackthis Logfile:
Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:41:46, on 20.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\mHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\msconfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate1c98e4a399e56fd) (gupdate1c98e4a399e56fd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7742 bytes

--- --- ---

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{D3CA66CF-B7AF-4F24-A749-C4D2F52DD632}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-12-11 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
Burn4Free Toolbar Helper - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2009-11-25 815104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Burn4Free Toolbar - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2009-11-25 815104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-11-28 134808]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1985-01-01 815104]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-02-06 90191]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-02-06 81920]
"CHotkey"=C:\Windows\mHotkey.exe [2005-12-15 547840]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-22 107112]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-19 2403568]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2009-07-09 49968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
C:\Program Files\avmwlanstick\FRITZWLANMini.exe [2007-02-03 283136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-19 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-09-14 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlyAway]
C:\Users\???\AppData\Local\Temp\ARCA38E\FlyAway.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
C:\Program Files\FreePDF_XP\fpassist.exe [2008-07-22 357376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-01-23 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
C:\Program Files\Logitech\Logitech Vid\Vid.exe [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2082-02-15 4317184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\showwnd]
C:\Windows\showwnd.exe [2003-09-18 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sniffer]
C:\Windows\Temp\_ex-08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-11 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{CA62012F-160F-7A2E-BB1E-5EC812B3192A}]
C:\Users\???\AppData\Roaming\Pyda\roelu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Status Monitor.lnk]
C:\PROGRA~1\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-19 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^???^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Medien-Prüfung.lnk]
C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2008-11-28 327680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}]
shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5b0603f-cf91-11de-8dc1-001167000000}]
shell\AutoRun\command - E:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}]
shell\AutoRun\command - G:\setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-19 13:51:57 ----A---- C:\Windows\system32\lsdelete.exe
2010-08-19 12:47:42 ----HDC---- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-19 12:44:23 ----D---- C:\ProgramData\Lavasoft
2010-08-19 12:44:23 ----D---- C:\Program Files\Lavasoft
2010-08-19 12:43:10 ----D---- C:\Users\???\AppData\Roaming\SUPERAntiSpyware.com
2010-08-19 12:43:10 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-08-19 12:41:54 ----D---- C:\Program Files\SUPERAntiSpyware
2010-08-19 10:27:47 ----A---- C:\Windows\ntbtlog.txt
2010-08-19 01:39:20 ----A---- C:\Windows\system32\wpcap.dll
2010-08-19 01:39:19 ----A---- C:\Windows\system32\Packet.dll
2010-08-16 12:38:58 ----D---- C:\Windows\Favorites
2010-08-15 13:22:21 ----D---- C:\ProgramData\Soulseek
2010-08-15 13:21:33 ----D---- C:\Program Files\SoulseekNS
2010-08-13 00:22:37 ----A---- C:\Windows\system32\iertutil.dll
2010-08-13 00:22:36 ----A---- C:\Windows\system32\mshtml.dll
2010-08-13 00:22:34 ----A---- C:\Windows\system32\ieframe.dll
2010-08-13 00:22:32 ----A---- C:\Windows\system32\urlmon.dll
2010-08-13 00:22:31 ----A---- C:\Windows\system32\wininet.dll
2010-08-13 00:22:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-13 00:22:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-13 00:22:31 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-13 00:22:30 ----A---- C:\Windows\system32\mstime.dll
2010-08-13 00:22:30 ----A---- C:\Windows\system32\ieui.dll
2010-08-13 00:22:29 ----A---- C:\Windows\system32\occache.dll
2010-08-13 00:22:28 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-13 00:22:28 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-13 00:22:28 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-13 00:22:28 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-13 00:22:28 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-13 00:22:28 ----A---- C:\Windows\system32\iesetup.dll
2010-08-13 00:22:28 ----A---- C:\Windows\system32\iernonce.dll
2010-08-13 00:22:28 ----A---- C:\Windows\system32\iepeers.dll
2010-08-13 00:22:23 ----A---- C:\Windows\system32\iccvid.dll
2010-08-13 00:22:17 ----A---- C:\Windows\system32\schannel.dll
2010-08-13 00:21:44 ----A---- C:\Windows\system32\rtutils.dll
2010-08-13 00:21:31 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-13 00:21:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-13 00:21:26 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 23:14:28 ----D---- C:\Users\???\AppData\Roaming\Qahu
2010-08-12 23:14:28 ----D---- C:\Users\???\AppData\Roaming\Pyda
2010-08-02 21:17:34 ----A---- C:\Windows\system32\shell32.dll
2010-07-30 14:36:05 ----D---- C:\Program Files\Hercules

======List of files/folders modified in the last 1 months======

2085-12-23 10:42:24 ----R---- C:\Windows\RtlExUpd.dll
2082-02-15 14:30:56 ----A---- C:\Windows\system32\Uci32112.dll
2082-02-15 14:30:56 ----A---- C:\Windows\system32\SRSWOW.dll
2082-02-15 14:30:56 ----A---- C:\Windows\system32\SRSTSXT.dll
2082-02-15 14:30:56 ----A---- C:\Windows\system32\RtkPgExt.dll
2082-02-15 14:30:56 ----A---- C:\Windows\system32\RtkCoInst.dll
2082-02-15 14:30:56 ----A---- C:\Windows\system32\RtkAPO.dll
2082-02-15 14:30:56 ----A---- C:\Windows\system32\mdmxsdk.dll
2082-02-15 14:30:56 ----A---- C:\Windows\RtlUpd.exe
2082-02-15 14:30:56 ----A---- C:\Windows\RtHDVCpl.exe
2010-08-20 14:14:22 ----D---- C:\Windows\Prefetch
2010-08-20 14:14:16 ----D---- C:\Windows\Temp
2010-08-20 13:51:48 ----D---- C:\Users\???\AppData\Roaming\vlc
2010-08-20 13:41:42 ----D---- C:\Windows\System32
2010-08-20 13:41:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-20 13:41:41 ----D---- C:\Windows\inf
2010-08-20 13:39:03 ----D---- C:\Windows\Tasks
2010-08-20 08:23:34 ----D---- C:\Windows\system32\Tasks
2010-08-20 08:11:08 ----SHD---- C:\System Volume Information
2010-08-20 02:32:41 ----D---- C:\Program Files\trend micro
2010-08-20 01:07:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-20 01:07:29 ----D---- C:\Windows\system32\drivers
2010-08-20 01:04:20 ----D---- C:\Program Files\Trillian
2010-08-19 13:41:21 ----D---- C:\Windows\ModemLogs
2010-08-19 13:19:40 ----D---- C:\Windows\system32\catroot
2010-08-19 13:19:39 ----DC---- C:\Windows\system32\DRVSTORE
2010-08-19 12:50:28 ----D---- C:\Program Files\Google
2010-08-19 12:47:42 ----SHD---- C:\Windows\Installer
2010-08-19 12:47:42 ----HD---- C:\ProgramData
2010-08-19 12:44:23 ----RD---- C:\Program Files
2010-08-19 12:44:14 ----D---- C:\Windows\winsxs
2010-08-19 10:27:47 ----D---- C:\Windows
2010-08-16 12:46:34 ----D---- C:\Users\???\AppData\Roaming\Skype
2010-08-16 12:38:53 ----D---- C:\Program Files\Windows Media Player
2010-08-16 12:38:12 ----RD---- C:\Users
2010-08-13 13:05:44 ----D---- C:\Windows\Microsoft.NET
2010-08-13 13:05:09 ----RSD---- C:\Windows\assembly
2010-08-13 11:15:44 ----D---- C:\Program Files\Internet Explorer
2010-08-13 11:15:42 ----D---- C:\Windows\system32\migration
2010-08-13 11:15:34 ----D---- C:\Program Files\Movie Maker
2010-08-13 11:04:18 ----D---- C:\Program Files\Windows Mail
2010-08-13 00:20:42 ----D---- C:\Windows\system32\catroot2
2010-08-12 23:15:28 ----SD---- C:\Users\???\AppData\Roaming\Microsoft
2010-08-08 16:39:53 ----D---- C:\Program Files\ICQ6.5
2010-08-08 16:35:57 ----D---- C:\Users\???\AppData\Roaming\skypePM
2010-08-06 09:51:25 ----D---- C:\Program Files\Mozilla Firefox
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-30 14:36:05 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-26 20:51:48 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-27 371248]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-22 247144]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-22 25448]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-26 185744]
R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 irda;IrDA-Protokoll; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2082-02-15 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2082-02-15 8192]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2006-02-25 19200]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2006-11-22 34576]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2006-11-22 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2006-11-22 18320]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2082-02-15 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2082-02-15 206848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2082-02-15 1668456]
R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2009-10-07 25752]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVENG.SYS [2010-02-16 84912]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVEX15.SYS [2010-02-16 1324720]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2082-02-15 1786880]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-02-06 4456320]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-01 109744]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-26 26384]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [1985-01-01 179256]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [1985-01-01 290304]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2006-11-22 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2006-11-22 44304]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2082-02-15 659968]
S3 amp64n2z;amp64n2z; C:\Windows\system32\drivers\amp64n2z.sys []
S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2007-01-26 4352]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2006-12-28 33936]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
S3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2009-10-07 114712]
S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-10-07 266008]
S3 LVUVC;Logitech Webcam 250(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-22 274328]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS [2082-02-15 6909]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AppMgmt;Anwendungsverwaltung; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-28 30872]
R2 Irmon;Infrarotüberwachungsdienst; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1355416]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-28 1962136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c98e4a399e56fd;Google Update Service (gupdate1c98e4a399e56fd); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-29 144672]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S3 CscService;Offlinedateien; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Fax;Fax; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 FontCache;Windows-Dienst für Schriftartencache; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-01-23 545576]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;Anschlussumleitung für Terminaldienst im Benutzermodus; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;Blockebenen-Sicherungsmodul; C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2082-02-15 386560]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-02-16 66872]
S4 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-02-16 107832]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 vvdsvc;VJVodServices; C:\Windows\System32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------





Wenn ich allerdings unter msconfig, Systemstart aufrufe finde ich dort:

"sniffer Windows/Temp/_ex-08.exe" habe es unter Google gesucht und es soll eine gefährliche Datei sein. Allerdings haben Malwarebytes und SuperAntiSpyware nichts gefunden...


Auch finde ich unter Systemstart:
{CA602012F-160F...5EC812B3192A} User/Benutzer/Name/AppData/Roaming/Pyda/roelu.exe
Da weiß ich auch nicht was dies sein könnte und die Datei in dem angegebenen Ordner ist auch nicht zu sehen.


Ist das an Logfiles ok???

cosinus 21.08.2010 14:03

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

grafeko 21.08.2010 15:03

OTL Logfile:
Code:

OTL logfile created on: 21.08.2010 15:16:21 - Run 3
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\Philip\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 1,31 Gb Free Space | 0,88% Space Free | Partition Type: NTFS
Drive D: | 293,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PHILIP-LAPTOP
Current User Name: Philip
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Philip\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\SoulseekNS\slsk.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Programme\Symantec AntiVirus\SavRoam.exe (symantec)
PRC - C:\Programme\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\mHotkey.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Philip\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (vvdsvc) -- C:\Windows\System32\Nagasoft\vjocx.dll (南京纳加软件有限公司)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (UIUSys) -- C:\Windows\System32\drivers\UIUSYS.SYS (Conexant Systems, Inc)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100329.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100329.002\NAVENG.SYS (Symantec Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) Logitech Webcam 250(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder\SysInfo.sys ()
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (BT) -- C:\Windows\System32\drivers\BtNetDrv.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (Aspi32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: support@burn4free-toolbar.com:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.9
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.04.05 21:50:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.19 01:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.06 09:51:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.22 14:57:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.01 11:57:37 | 000,000,000 | ---D | M]
 
[2009.02.14 02:41:55 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\mozilla\Extensions
[2010.08.21 13:51:13 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions
[2010.06.05 07:37:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.05 07:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}
[2010.04.20 06:44:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.06.05 07:37:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.20 03:15:37 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\firefox@tvunetworks.com
[2010.08.21 13:51:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.18 10:27:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007.04.16 19:07:12 | 000,180,293 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npViewpoint.dll
[2010.08.06 09:51:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.06 09:51:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.06 09:51:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.06 09:51:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.06 09:51:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Programme\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Programme\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Programme\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CHotkey] C:\Windows\mHotkey.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Philip\Desktop\STUFF\VFL\VfL_Screen_1280x1024.jpg
O24 - Desktop BackupWallPaper: C:\Users\Philip\Desktop\STUFF\VFL\VfL_Screen_1280x1024.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.07.12 19:23:44 | 000,587,142 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007.08.14 11:29:14 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2007.03.07 15:54:52 | 000,136,744 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\Shell - "" = AutoRun
O33 - MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found
O33 - MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\Shell - "" = AutoRun
O33 - MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.21 15:12:40 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Philip\Desktop\OTL.exe
[2010.08.20 01:07:14 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\Unity
[2010.08.19 13:19:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.08.19 13:19:34 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.08.19 12:54:42 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\Sunbelt Software
[2010.08.19 12:47:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010.08.19 12:44:23 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.08.19 12:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.08.19 12:43:10 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\SUPERAntiSpyware.com
[2010.08.19 12:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.08.19 12:41:54 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.08.19 09:58:14 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Philip\Desktop\OTH.scr
[2010.08.19 09:48:14 | 000,000,000 | ---D | C] -- C:\Users\Philip\Desktop\X
[2010.08.19 01:39:21 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\drivers\npf.sys
[2010.08.19 01:39:20 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll
[2010.08.19 01:39:19 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll
[2010.08.16 12:38:58 | 000,000,000 | ---D | C] -- C:\Windows\Favorites
[2010.08.15 13:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Soulseek
[2010.08.15 13:21:33 | 000,000,000 | ---D | C] -- C:\Programme\SoulseekNS
[2010.08.15 11:30:03 | 000,000,000 | ---D | C] -- C:\Users\Philip\Desktop\Marek_Hemmann-Left__Right_EP
[2010.08.13 00:22:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.13 00:22:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.13 00:22:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.13 00:22:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.13 00:22:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.13 00:22:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.13 00:22:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.13 00:22:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.13 00:22:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.13 00:22:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.13 00:22:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.13 00:22:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.13 00:22:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.13 00:22:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.13 00:22:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.13 00:22:23 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.13 00:21:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.13 00:21:40 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.13 00:21:31 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.13 00:21:30 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.12 23:14:28 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\Qahu
[2010.08.12 23:14:28 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\Pyda
[2010.07.30 18:15:52 | 000,000,000 | ---D | C] -- C:\Users\Philip\Desktop\Desire
[2010.07.30 14:36:05 | 000,000,000 | ---D | C] -- C:\Programme\Hercules
[1 C:\Users\Philip\*.tmp files -> C:\Users\Philip\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2085.12.23 10:42:24 | 000,499,712 | R--- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2082.02.15 14:30:56 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2082.02.15 14:30:56 | 001,814,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2082.02.15 14:30:56 | 001,786,880 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys
[2082.02.15 14:30:56 | 001,668,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2082.02.15 14:30:56 | 001,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2082.02.15 14:30:56 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys
[2082.02.15 14:30:56 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys
[2082.02.15 14:30:56 | 000,532,480 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2082.02.15 14:30:56 | 000,489,472 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2082.02.15 14:30:56 | 000,339,968 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2082.02.15 14:30:56 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys
[2082.02.15 14:30:56 | 000,159,744 | ---- | M] (Conexant Systems, Inc) -- C:\Windows\System32\Uci32112.dll
[2082.02.15 14:30:56 | 000,144,201 | ---- | M] () -- C:\Windows\System32\drivers\HSFProf.cty
[2082.02.15 14:30:56 | 000,135,168 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2082.02.15 14:30:56 | 000,094,208 | ---- | M] (Conexant) -- C:\Windows\System32\mdmxsdk.dll
[2082.02.15 14:30:56 | 000,017,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2082.02.15 14:30:56 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys
[2082.02.15 14:30:56 | 000,006,909 | R--- | M] (Conexant Systems, Inc) -- C:\Windows\System32\drivers\UIUSYS.SYS
[2010.08.21 15:23:17 | 003,670,016 | -HS- | M] () -- C:\Users\Philip\ntuser.dat
[2010.08.21 15:12:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Philip\Desktop\OTL.exe
[2010.08.21 15:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.21 14:58:08 | 000,013,072 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\nvModes.dat
[2010.08.21 14:58:08 | 000,013,072 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\nvModes.001
[2010.08.21 14:57:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.21 13:45:27 | 000,672,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.21 13:45:27 | 000,632,628 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.21 13:45:27 | 000,119,932 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.21 13:45:26 | 001,564,404 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.21 13:45:26 | 000,146,176 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.21 13:41:37 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.08.21 13:39:48 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D3CA66CF-B7AF-4F24-A749-C4D2F52DD632}.job
[2010.08.21 13:37:19 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.21 13:37:11 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.21 13:37:11 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.21 13:37:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.21 13:36:38 | 2143,440,896 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.20 15:26:38 | 000,524,288 | -HS- | M] () -- C:\Users\Philip\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2010.08.20 15:26:38 | 000,065,536 | -HS- | M] () -- C:\Users\Philip\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010.08.20 15:26:21 | 003,207,688 | -H-- | M] () -- C:\Users\Philip\AppData\Local\IconCache.db
[2010.08.20 09:36:33 | 000,809,218 | ---- | M] () -- C:\Users\Philip\Desktop\BA_Vorlage_Vers_1.2.docx
[2010.08.20 02:32:42 | 000,001,874 | ---- | M] () -- C:\Users\Philip\Desktop\HijackThis.lnk
[2010.08.19 13:19:34 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.08.19 12:47:37 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.08.19 12:42:13 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.19 09:58:16 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Philip\Desktop\OTH.scr
[2010.08.19 01:39:22 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\drivers\npf.sys
[2010.08.19 01:39:20 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll
[2010.08.19 01:39:20 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll
[2010.08.13 11:19:43 | 000,374,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.08.12 14:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.08.06 01:02:11 | 000,184,320 | ---- | M] () -- C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.02 21:31:55 | 000,056,894 | ---- | M] () -- C:\Users\Philip\Desktop\BA_Vorlage_Vers_1.1.docx
[2010.08.02 21:17:50 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.07.30 14:36:11 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Hercules QuickAccess für modem Router.lnk
[2010.07.30 00:08:53 | 000,309,415 | ---- | M] () -- C:\Users\Philip\Desktop\Namor_pre1.jpg
[2010.07.29 23:42:39 | 000,299,395 | ---- | M] () -- C:\Users\Philip\Desktop\Retro_pre5.jpg
[1 C:\Users\Philip\*.tmp files -> C:\Users\Philip\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.20 13:39:03 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.08.20 02:32:42 | 000,001,874 | ---- | C] () -- C:\Users\Philip\Desktop\HijackThis.lnk
[2010.08.19 13:51:57 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.08.19 12:47:37 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.08.19 12:42:12 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.19 12:35:02 | 2143,440,896 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.16 13:20:34 | 000,809,218 | ---- | C] () -- C:\Users\Philip\Desktop\BA_Vorlage_Vers_1.2.docx
[2010.08.02 21:31:41 | 000,056,894 | ---- | C] () -- C:\Users\Philip\Desktop\BA_Vorlage_Vers_1.1.docx
[2010.07.30 14:36:11 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Hercules QuickAccess für modem Router.lnk
[2010.07.30 00:08:41 | 000,309,415 | ---- | C] () -- C:\Users\Philip\Desktop\Namor_pre1.jpg
[2010.07.29 23:42:34 | 000,299,395 | ---- | C] () -- C:\Users\Philip\Desktop\Retro_pre5.jpg
[2010.06.13 13:39:33 | 000,017,408 | ---- | C] () -- C:\Users\Philip\AppData\Local\WebpageIcons.db
[2010.02.20 19:41:07 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2009.11.03 03:53:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.07 07:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 07:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.11 04:10:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.29 22:45:06 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.08.20 17:51:02 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.08.20 17:51:02 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.07.23 09:58:20 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.06.20 14:17:33 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2009.06.20 14:12:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.06.13 13:10:50 | 000,000,079 | ---- | C] () -- C:\Windows\ricdb.ini
[2009.05.05 13:52:38 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2009.05.05 13:52:36 | 000,000,149 | ---- | C] () -- C:\Windows\KPCMS.INI
[2009.04.05 22:39:53 | 001,627,176 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\NMM-MetaData.db
[2009.04.03 01:10:15 | 000,000,389 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.02.17 15:28:13 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini
[2009.02.16 19:52:45 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.02.16 19:52:44 | 000,022,328 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\PnkBstrK.sys
[2009.02.16 00:40:17 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.02.14 12:28:34 | 000,000,094 | ---- | C] () -- C:\Users\Philip\AppData\Local\fusioncache.dat
[2009.02.14 04:48:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.14 02:49:52 | 000,013,072 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\nvModes.001
[2009.02.14 02:27:45 | 000,013,072 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\nvModes.dat
[2009.02.13 19:57:45 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2009.02.13 19:57:45 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2009.02.13 19:57:45 | 000,011,776 | ---- | C] () -- C:\Windows\HIDMNT.dll
[2009.02.13 19:54:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.02.13 19:17:09 | 000,184,320 | ---- | C] () -- C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.13 18:47:12 | 000,000,680 | ---- | C] () -- C:\Users\Philip\AppData\Local\d3d9caps.dat
[2007.10.13 00:20:06 | 000,151,417 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007.05.15 20:06:58 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.03.29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >

--- --- ---








OTL Logfile:
Code:

OTL Extras logfile created on: 21.08.2010 15:16:21 - Run 3
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\Philip\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 1,31 Gb Free Space | 0,88% Space Free | Partition Type: NTFS
Drive D: | 293,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PHILIP-LAPTOP
Current User Name: Philip
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3F22726A-484B-4A4B-9258-51520BAB7EF6}" = rport=139 | protocol=6 | dir=out | app=system |
"{49902F38-39B3-4A78-A31D-7D76441451EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E178C3E-AC14-4952-BDB2-85606297B611}" = rport=137 | protocol=17 | dir=out | app=system |
"{740EAC45-F484-4430-B14A-8B435E72D101}" = rport=138 | protocol=17 | dir=out | app=system |
"{99F95496-446C-4082-ACFC-74F18EC03226}" = lport=445 | protocol=6 | dir=in | app=system |
"{B8CA5268-67FC-416D-8E37-E96176B1B08F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BC7F7B1D-390D-43B4-99A0-9D7EDC1462E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C6F92363-403B-4C16-84AC-D69EF9F6A9DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{CCE7947B-2925-486A-AE4C-E6A1C5C634E0}" = lport=137 | protocol=17 | dir=in | app=system |
"{D5CF8A38-F3E1-4760-A241-2DAEE49C11EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{F5B1A0BA-99E2-4AAA-BB0E-9B027443EEE4}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EA8BE2-8CB1-4F78-90DF-1683BDABBFCD}" = protocol=17 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{03EA90DE-CE53-4DD7-87CE-862FFD059D17}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{04DDEA50-DD47-47C0-BE9E-D1A0E7A5316B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C17730D-4EF1-4F9F-BD70-EA5A03046725}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0F8E77B3-5CD8-4D07-AB2B-DF530499369E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0FDF7416-1B36-4E43-8A0C-E63CC6364185}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{16212E48-05AA-45AA-BC21-54CFE6325FBD}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{196C3466-66D6-4B44-8853-5E0EB2997622}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1D0A0791-0F7B-4B2B-B9C4-93FD4E851ED3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1FEA4BDF-3512-4DD1-A7EC-7078DD714FCD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{261E3391-B91A-4750-A2A4-C242DFDB43B9}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{2AF0E11C-8BD1-4F99-B616-39FE8F9CF0DC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{2F2DA772-6F05-4BDA-BF50-9F9C79F16AF7}" = protocol=6 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{327D3EE0-7348-49CA-95AD-62D5D87C4BE5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3502D2EE-A65C-4C83-90F8-28F9090F683D}" = protocol=17 | dir=in | app=e:\program files\eidos\kane and lynch dead men\kaneandlynch.exe |
"{37D727CF-1707-40EA-929D-27868BC8C1EA}" = protocol=6 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
"{3CCF004E-E991-42CA-B6AD-A9FF5489CE1C}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{410ACD87-8ACC-4920-B450-499E415F18ED}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{433815A3-32A5-4F55-B3C4-CF563F969F5C}" = protocol=6 | dir=in | app=e:\program files\eidos\kane and lynch dead men\kaneandlynch.exe |
"{4610D013-D514-431F-9FC1-A909762E1652}" = protocol=6 | dir=in | app=c:\users\philip\desktop\treiber vista\03bluetooth\bluesoleil.exe |
"{47EB37B2-9866-428F-87D8-C0931CB1CDB7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{4889E2F8-4A29-4A86-8EA0-C9BFEE839C03}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{49B95979-141E-4436-9782-49BF127B237D}" = protocol=6 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{546B0B54-85CC-4CAB-B477-0CA742A74653}" = protocol=17 | dir=in | app=c:\users\philip\desktop\treiber vista\03bluetooth\bluesoleil.exe |
"{578F196F-771D-44AD-8912-8CB4E31555C4}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"{65E2389F-CFE1-415D-BDCD-2F5F64BB77AE}" = protocol=17 | dir=in | app=e:\program files\sierra\fear\fear.exe |
"{6D1FDE9E-9D25-4226-8F4B-C6C9D0725ABD}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{70404507-42A8-483B-87CA-663E3471CA4F}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{76541A50-4159-4587-A730-07757EE03F1F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{77A304C7-BC8C-4E2E-91D0-6FEE195A5D6D}" = protocol=17 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
"{7F1AF9F1-2E14-4475-AF1D-6AA176B52475}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{8130C9E9-6B28-4525-8B4C-C63E74379693}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{92B5E71F-A29C-4D45-9F61-F930FBF87F04}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{9378DEE4-AF65-43B6-9F35-A0B679F0BFB4}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{941DCA47-8B1E-46B4-87DD-83235BE614F3}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{94C5043D-8821-4704-8AC9-E4FB2AC277BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E7EC9EF-DB48-4791-8AEC-FD774741FC77}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{9FB30BB5-F150-43F1-828F-244074A4E561}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2E1896C-2382-495D-A506-04D39542E929}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C615C37F-8180-426C-B50C-69328DC7AAF1}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"{C7D01CCB-590C-4E76-98FD-7E047AEE09BD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CB4B7473-3ADE-408D-BF0C-C626C05AEC7D}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{CDA0B96F-4A0E-4993-ABAC-FC794BB5E5B7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CF2C6583-5D9E-4A83-B318-7BB20B3686FB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CF5801FC-E761-4E00-B72B-83033198903C}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{D1EA8466-AA5D-415A-8921-CFA4D625397B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D81FF843-2D88-4981-8F27-0A5481FB9527}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{DBCC6A5B-2500-41F8-A920-EFAE5C6DAAD1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{E2B01B96-BC21-493F-9EA7-F2845ADFED39}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{E5E77079-AC2A-4134-89D3-9871246F7C8D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EB5CF598-E3D9-4CDB-BF16-98669A929427}" = protocol=6 | dir=in | app=e:\program files\sierra\fear\fear.exe |
"{F06BC9FF-5D40-4311-9C7D-F3B912497B27}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1B74A97-2BB2-4A2A-AD13-884BC7A8C038}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{F222FD03-C6AC-4600-8193-57BDF8FC9E84}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{F2E09DC6-FC6D-426F-BD17-9D6874FE9E3E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F6C7E1AB-6A72-41C4-BBF6-B1D6C713FD50}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F78A5C07-CBB4-47C9-92AE-B58A40233C60}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{F9422CBC-569B-4F1A-BFA3-039EE906C2B9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FCA7A458-0460-4A2F-9CF8-11AA6A83A20C}" = protocol=17 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{FF48185F-9AD5-4D95-9EE2-1CBBFC89BF00}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"TCP Query User{2D179BBD-2B29-4385-8B4B-BEF48741137E}E:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe" = protocol=6 | dir=in | app=e:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"TCP Query User{3365311F-865A-4385-ACF4-B74764ADEBF9}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{47ED15B6-FA71-4CB2-8F2B-C9A1CC576329}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{4CB3F23F-BA12-415F-B224-256B34EFC3B8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4E206B53-1A5F-4EE8-A150-7FCC5264D36E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{59A7AE6F-AB58-4F3F-B841-3E7CE7F95691}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{63CF61F2-292A-4245-B528-1AFD16448FCA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{66C46E6C-0C9E-4FAE-831B-7608A13CE6F4}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{69321B8A-8138-4782-8D04-9005E967BB2A}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{6CEC4B4D-69A4-400B-9187-08F67C239300}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{73500EA5-9973-422F-907D-9D90AA44714D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{736D7AC1-5CB4-4E09-BEE4-ECBBA820D6B8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{7CC3BBFD-9BBA-42CE-8A97-E37D7279CDA1}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{865F9A29-6772-4F99-A191-BD4DA971438A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{88219CC4-B53D-41C8-9BA8-2F54384B8AF7}C:\program files\mytunes redux\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\program files\mytunes redux\mdnsresponder.exe |
"TCP Query User{9242A77A-F79C-4E24-B505-989FE60C64A9}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9D56EDDC-FFF4-4657-87A0-F762E13BD35D}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B21253F2-0742-4B4B-B7F3-BB836979D875}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{B5CAE42B-F20A-4B48-A8AE-A9F029578854}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{E276B503-DD75-4951-9C3B-61C0B7CFC3E9}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{FB423E92-FAE6-4D3D-A3CC-DBD0509626BD}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{FB5D3BB3-FD74-426E-8161-7E3BA461C0BD}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{11E21A06-FEAC-4625-A85C-540FC763F344}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{14CCD3D7-2B32-4E68-A920-E2E392B79B9F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{1C3A900D-8A3F-4284-9746-9D09B080E167}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{1E330617-18DC-4434-B9F2-2B737D40D84E}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{275911B3-7E30-45DF-B4C5-A13E44780B34}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{38799B66-420D-47E2-A8C0-017FDDDC7876}E:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe" = protocol=17 | dir=in | app=e:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"UDP Query User{44B98803-12DC-4EC7-8543-D00496B02D53}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{5DD20AF8-71C5-436F-BDCA-44907A6D05AE}C:\program files\mytunes redux\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\program files\mytunes redux\mdnsresponder.exe |
"UDP Query User{5FA8F20F-5AB9-4274-B7EB-6078DD2A0EF7}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{699764EA-0DEC-4BF6-A3B6-38F983BDD873}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6F09A7CB-880F-4327-9527-556234AC16AA}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{7BEB0B4F-4087-4A2E-AC91-247E19EBAD54}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{81C7A81A-31CC-423D-A43D-1B152FD7B935}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{84EFEE83-89BB-496B-A51E-1A7F63775ABC}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{8AA0E2D7-9715-4814-9008-A3E6CE98412E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8ADABF8E-AADD-41E0-8416-5D05845D8444}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9DE068F8-5CAA-4AB4-8026-08BB91F78497}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{9FD4CD04-5CD6-47A8-BAD8-40DB400880FF}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{A5D2210C-2AE5-48E9-9C92-47BB3F83D089}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{CC891B87-694B-4A5C-BA57-C2060EB4AED9}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{DBB50151-63C0-4FE3-98BD-3399CE291F56}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{F0A97609-3526-47A6-861F-B892334CA509}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.204.00
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5de3ab6c-60a6-4ca1-9593-3781164fe188}" = Nero 9 Essentials
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{785F267D-DC33-4404-83ED-7B0CD5E63474}" = Bluesoleil3.1.0.2 Release 070119
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7FEFAD2B-CD9B-478F-8AD4-4A9B54FB786D}" = Prish Image Resizer
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.7
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9844EC6-BCB2-4603-9241-E0A5F46499AF}" = Hercules QuickAccess
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F385F486-C1BC-4350-8837-6F17761134B5}" = Multimedia Keyboard Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows-Treiberpaket - Nokia Modem  (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows-Treiberpaket - Nokia Modem  (10/27/2008 3.9)
"841F246A60607D129BAE7F771CB55E7B3EF8BCF8" = Windows Driver Package - Intel (NETw2v32) net  (11/01/2006 9.1.0.111)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"AIM_6" = AIM 6
"AnyDVD" = AnyDVD
"AudioCon" = AudioCon
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"C805F03D733C5C658A973935646FBB5296D72B14" = Windows Driver Package - Intel (NETw3v32) net  (10/30/2006 10.6.0.29)
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"FLV Player" = FLV Player 2.0 (build 25)
"Free FLV to AVI MP4 3GP WMV MP3 Converter_is1" = Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2
"FreePDF_XP" = FreePDF XP (Remove only)
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"Governor of Poker1.0" = Governor of Poker
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.0.4380
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"myTunes Redux_is1" = myTunes Redux 1.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Open Video Converter_is1" = Open Video Converter version 3.3
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"S.A.D. - FreeMusic_is1" = S.A.D. - FreeMusic
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"ShotOnline" = ShotOnline
"Smart PC Professional_is1" = Smart PC Professional v5.4
"SopCast" = SopCast 3.0.3
"Soulseek2" = SoulSeek 157 NS 13e
"SPVOD Player1.8" = SPVOD Player1.8
"ST5UNST #2" = Kaminfeuer Titanium Edition II
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Sweet Home 3D_is1" = Sweet Home 3D version 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.6.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"VueScan" = VueScan
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.08.2010 09:10:06 | Computer Name = Philip-Laptop | Source = Google Update | ID = 20
Description =
 
Error - 20.08.2010 01:10:40 | Computer Name = Philip-Laptop | Source = WinMgmt | ID = 10
Description =
 
Error - 20.08.2010 01:11:07 | Computer Name = Philip-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\VideoConverter\VideoConverterX64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.08.2010 02:12:19 | Computer Name = Philip-Laptop | Source = WinMgmt | ID = 10
Description =
 
Error - 20.08.2010 02:14:54 | Computer Name = Philip-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\VideoConverter\VideoConverterX64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.08.2010 02:14:54 | Computer Name = Philip-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\VideoConverter\VideoConverterX64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.08.2010 07:35:28 | Computer Name = Philip-Laptop | Source = WinMgmt | ID = 10
Description =
 
Error - 20.08.2010 07:45:29 | Computer Name = Philip-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 20.08.2010 07:45:29 | Computer Name = Philip-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 21.08.2010 07:37:49 | Computer Name = Philip-Laptop | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 19.08.2010 05:37:03 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10005
Description =
 
Error - 19.08.2010 05:37:12 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10005
Description =
 
Error - 19.08.2010 05:37:22 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10005
Description =
 
Error - 19.08.2010 05:37:47 | Computer Name = Philip-Laptop | Source = Service Control Manager | ID = 7001
Description =
 
Error - 19.08.2010 05:37:47 | Computer Name = Philip-Laptop | Source = Service Control Manager | ID = 7026
Description =
 
Error - 19.08.2010 05:56:57 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10005
Description =
 
Error - 19.08.2010 06:31:02 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10005
Description =
 
Error - 19.08.2010 06:54:30 | Computer Name = Philip-Laptop | Source = Service Control Manager | ID = 7030
Description =
 
Error - 19.08.2010 08:14:07 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10010
Description =
 
Error - 21.08.2010 07:42:29 | Computer Name = Philip-Laptop | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >

--- --- ---





Danke für die Hilfe!

Gruß,
Philip

cosinus 22.08.2010 18:33

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.07.12 19:23:44 | 000,587,142 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007.08.14 11:29:14 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2007.03.07 15:54:52 | 000,136,744 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\Shell - "" = AutoRun
O33 - MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found
O33 - MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\Shell - "" = AutoRun
O33 - MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
[2010.08.19 12:47:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

grafeko 22.08.2010 23:48

Hat ales geklappt und Rechner wurde neu gestartet...

Hier das Logfile:


All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. D:\autorun.ico scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\ not found.
File move failed. D:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b0603f-cf91-11de-8dc1-001167000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b0603f-cf91-11de-8dc1-001167000000}\ not found.
File E:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\ not found.
File G:\setup.exe not found.
C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Philip
->Temp folder emptied: 1949464 bytes
->Temporary Internet Files folder emptied: 23526573 bytes
->Java cache emptied: 70877643 bytes
->FireFox cache emptied: 64831651 bytes
->Flash cache emptied: 8991 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109080 bytes
RecycleBin emptied: 154626 bytes

Total Files Cleaned = 154,00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08232010_003545

Files\Folders moved on Reboot...
File move failed. D:\autorun.ico scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\Setup.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Vielen Dank für die Hilfe!!! Ich hoffe nun ist alles wieder gut.

Gruß,
Philip

grafeko 22.08.2010 23:52

Allerdings sind:

"sniffer Windows/Temp/_ex-08.exe"

und

{CA602012F-160F...5EC812B3192A} User/Benutzer/Name/AppData/Roaming/Pyda/roelu.exe


immer noch unter Systemstart bei msconfig zu finden. Ich weiß nicht was was die machen, bze wie ich diese löschen kann...

cosinus 23.08.2010 12:44

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

grafeko 23.08.2010 15:50

Habe alles nach Anleitung durchgeführt und die beschriebenen Programme sind aus dem Systemstart verschwunden. =)

Vielen Dank noch mal für die kompetente Hilfe!!!

Gruß,
Philip


Hier das Logfile:



Combofix Logfile:
Code:

ComboFix 10-08-22.05 - Philip 23.08.2010  16:04:57.1.2 - x86
ausgeführt von:: c:\users\Philip\Desktop\cofi.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Symantec AntiVirus *disabled* (Outdated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Philip\AppData\Local\TempDIR
c:\users\Philip\AppData\Roaming\AD ON Multimedia
c:\users\Philip\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\config.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\ui
c:\windows\system32\wpcap.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-23 bis 2010-08-23  ))))))))))))))))))))))))))))))
.

2010-08-23 14:13 . 2010-08-23 14:31        --------        d-----w-        c:\users\Philip\AppData\Local\temp
2010-08-23 14:13 . 2010-08-23 14:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-08-22 22:35 . 2010-08-22 22:35        --------        d-----w-        C:\_OTL
2010-08-19 23:07 . 2010-08-19 23:07        --------        d-----w-        c:\users\Philip\AppData\Local\Unity
2010-08-19 11:51 . 2010-08-12 12:15        15880        ----a-w-        c:\windows\system32\lsdelete.exe
2010-08-19 11:19 . 2010-08-12 12:15        64288        ----a-w-        c:\windows\system32\drivers\Lbd.sys
2010-08-19 11:19 . 2010-08-19 11:19        95024        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2010-08-19 10:54 . 2010-08-19 10:54        --------        d-----w-        c:\users\Philip\AppData\Local\Sunbelt Software
2010-08-19 10:45 . 2010-08-20 00:48        63488        ----a-w-        c:\users\Philip\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-19 10:45 . 2010-08-19 10:45        52224        ----a-w-        c:\users\Philip\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-19 10:45 . 2010-08-20 00:48        117760        ----a-w-        c:\users\Philip\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-19 10:44 . 2010-08-19 11:19        --------        d-----w-        c:\programdata\Lavasoft
2010-08-19 10:44 . 2010-08-19 10:44        --------        d-----w-        c:\program files\Lavasoft
2010-08-19 10:43 . 2010-08-19 10:43        --------        d-----w-        c:\users\Philip\AppData\Roaming\SUPERAntiSpyware.com
2010-08-19 10:43 . 2010-08-19 10:43        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2010-08-19 10:41 . 2010-08-19 10:43        --------        d-----w-        c:\program files\SUPERAntiSpyware
2010-08-16 10:38 . 2010-08-16 10:38        --------        d-----w-        c:\windows\Favorites
2010-08-15 11:22 . 2010-08-15 11:22        --------        d-----w-        c:\programdata\Soulseek
2010-08-15 11:21 . 2010-08-15 11:21        --------        d-----w-        c:\program files\SoulseekNS
2010-08-12 22:21 . 2010-06-18 17:31        36864        ----a-w-        c:\windows\system32\rtutils.dll
2010-08-12 22:21 . 2010-06-21 13:37        2037760        ----a-w-        c:\windows\system32\win32k.sys
2010-08-12 22:21 . 2010-06-08 17:35        3600768        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-08-12 22:21 . 2010-06-08 17:35        3548040        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-08-12 22:21 . 2010-06-11 16:15        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2010-08-12 22:21 . 2010-06-18 15:04        302080        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-08-12 22:21 . 2010-06-18 15:04        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-08-12 22:21 . 2010-06-16 16:04        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-08-12 21:14 . 2010-08-19 11:49        --------        d-----w-        c:\users\Philip\AppData\Roaming\Pyda
2010-08-12 21:14 . 2010-08-18 23:53        --------        d-----w-        c:\users\Philip\AppData\Roaming\Qahu
2010-07-30 12:36 . 2010-07-30 12:36        --------        d-----w-        c:\program files\Hercules

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2085-12-23 08:42 . 2009-02-13 17:50        499712        ------r-        c:\windows\RtlExUpd.dll
2010-08-23 13:32 . 2009-09-08 20:50        --------        d-----w-        c:\program files\Trillian
2010-08-23 09:49 . 2009-08-20 12:52        --------        d-----w-        c:\users\Philip\AppData\Roaming\Skype
2010-08-23 09:46 . 2009-02-14 00:27        13072        ----a-w-        c:\users\Philip\AppData\Roaming\nvModes.dat
2010-08-22 11:36 . 2008-01-21 08:31        672620        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-22 11:36 . 2008-01-21 08:31        146176        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-20 11:51 . 2009-09-07 06:29        --------        d-----w-        c:\users\Philip\AppData\Roaming\vlc
2010-08-20 00:32 . 2010-04-26 15:31        --------        d-----w-        c:\program files\trend micro
2010-08-19 23:07 . 2010-04-26 14:42        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-19 10:50 . 2009-02-14 02:12        --------        d-----w-        c:\program files\Google
2010-08-13 09:04 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-08-08 14:39 . 2009-02-14 01:39        --------        d-----w-        c:\program files\ICQ6.5
2010-08-08 14:35 . 2009-08-20 12:57        --------        d-----w-        c:\users\Philip\AppData\Roaming\skypePM
2010-07-30 12:36 . 2009-02-13 17:50        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-07-26 18:51 . 2010-06-21 21:19        --------        d-----w-        c:\programdata\Microsoft Help
2010-07-18 08:26 . 2010-07-18 08:26        --------        d-----w-        c:\program files\Common Files\Skype
2010-07-10 08:58 . 2010-06-28 08:13        --------        d-----w-        c:\programdata\DivX
2010-07-10 08:58 . 2010-06-28 08:52        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 08:57 . 2010-07-10 08:57        56765        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 08:57 . 2009-02-14 01:39        --------        d-----w-        c:\program files\DivX
2010-07-10 08:57 . 2010-07-10 08:57        57715        ----a-w-        c:\programdata\DivX\Player\Uninstaller.exe
2010-07-10 08:47 . 2010-07-10 08:47        84054        ----a-w-        c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-10 08:46 . 2010-07-10 08:45        54153        ----a-w-        c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 08:29 . 2010-06-28 08:44        1062184        ----a-w-        c:\programdata\DivX\Setup\Resource.dll
2010-07-10 08:29 . 2010-06-28 08:44        895256        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-09 21:37 . 2009-08-30 00:06        0        ----a-w-        c:\windows\system32\drivers\lvuvc.hs
2010-06-30 10:13 . 2009-02-16 20:10        --------        d-----w-        c:\users\Philip\AppData\Roaming\DivX
2010-06-28 14:31 . 2010-04-03 14:01        439816        ----a-w-        c:\users\Philip\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-28 08:44 . 2009-09-10 01:37        --------        d-----w-        c:\program files\Common Files\DivX Shared
2010-06-28 08:44 . 2010-06-28 08:44        56997        ----a-w-        c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-28 08:44 . 2010-06-28 08:44        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        57054        ----a-w-        c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        54166        ----a-w-        c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        57532        ----a-w-        c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        56458        ----a-w-        c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        54174        ----a-w-        c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        54128        ----a-w-        c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        54644        ----a-w-        c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        57409        ----a-w-        c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        54101        ----a-w-        c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        52963        ----a-w-        c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        54073        ----a-w-        c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42        56969        ----a-w-        c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-06-26 06:05 . 2010-08-12 22:22        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 22:22        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 22:22        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 22:22        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-06-25 22:04 . 2009-02-14 02:45        --------        d-----w-        c:\program files\Microsoft.NET
2010-06-25 09:43 . 2009-02-15 19:18        --------        d-----w-        c:\program files\EA SPORTS
2010-06-22 22:21 . 2009-02-13 16:47        100432        ----a-w-        c:\users\Philip\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 16:16 . 2010-08-12 22:22        274944        ----a-w-        c:\windows\system32\schannel.dll
2010-05-27 20:08 . 2010-08-12 22:22        81920        ----a-w-        c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-11 10:56        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 10:56        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-25 17:12 . 2010-05-25 17:12        7680        ----a-w-        c:\users\Philip\AppData\Roaming\Trillian\languages\de\talk.dll
2010-05-25 17:12 . 2010-05-25 17:12        7168        ----a-w-        c:\users\Philip\AppData\Roaming\Trillian\languages\de\events.dll
2010-05-25 17:12 . 2010-05-25 17:12        2048        ----a-w-        c:\users\Philip\AppData\Roaming\Trillian\languages\de\toolkit.dll
2010-05-25 17:12 . 2010-05-25 17:12        10240        ----a-w-        c:\users\Philip\AppData\Roaming\Trillian\languages\de\buddy.dll
2006-05-03 09:06 . 2009-11-03 01:51        163328        --sh--r-        c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-11-03 01:51        31232        --sh--r-        c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-11-03 01:51        216064        --sh--r-        c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-11-25 09:04        815104        ----a-w-        c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-11-25 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-11-25 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [1985-01-01 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-06 90191]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-06 81920]
"CHotkey"="mHotkey.exe" [2005-12-15 547840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Philip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Medien-Prüfung.lnk]
path=c:\users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk
backup=c:\windows\pss\PMB Medien-Prüfung.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-07-09 20:07        49968        ----a-w-        c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 17:08        209153        ----a-w-        c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2007-02-02 22:26        283136        ----a-w-        c:\program files\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-02-19 06:22        1089536        ------r-        c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-11-22 21:12        107112        ----a-w-        c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47        57344        ----a-w-        c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 15:57        86016        ------w-        c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-09-14 20:09        157592        ----a-w-        c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50        1144104        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2008-07-22 20:44        357376        ----a-w-        c:\program files\FreePDF_XP\fpassist.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47        31016        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16        141608        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 19:35        5458704        ----a-w-        c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36        2793304        ----a-w-        c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 10:47        1205760        ----a-w-        c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08        417792        ----a-w-        c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2082-02-15 12:30        4317184        ----a-w-        c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\showwnd]
2003-09-18 19:09        36864        ----a-w-        c:\windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57        26192168        ----a-r-        c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-11 14:12        198160        ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2006-11-28 10:34        134808        ----a-w-        c:\progra~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29        37888        ----a-w-        c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f2,8b,43,05,57,35,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c98e4a399e56fd;Google Update Service (gupdate1c98e4a399e56fd);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-26 4352]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-02-16 717296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1355416]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
vvdsvc        REG_MULTI_SZ          vvdsvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-08-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 02:16]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 02:16]

2010-08-23 c:\windows\Tasks\User_Feed_Synchronization-{D3CA66CF-B7AF-4F24-A749-C4D2F52DD632}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\02mqam55.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Philip\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Philip\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\02mqam55.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-FlyAway - c:\users\Philip\AppData\Local\Temp\ARCA38E\FlyAway.exe
MSConfigStartUp-sniffer - c:\windows\Temp\_ex-08.exe
MSConfigStartUp-{CA62012F-160F-7A2E-BB1E-5EC812B3192A} - c:\users\Philip\AppData\Roaming\Pyda\roelu.exe
AddRemove-Ad-Aware - c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
AddRemove-S.T.A.L.K.E.R. - Shadow of Chernobyl_is1 - e:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-23 16:30
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2032161511-3869678311-1123258137-1000\Software\SecuROM\License information*]
"datasecu"=hex:aa,56,ff,6d,30,1a,52,5c,14,d1,fc,b1,63,7d,49,ed,df,08,42,28,6f,
  23,9f,c7,df,3d,bb,f9,80,61,76,fb,bf,f2,95,32,3e,bd,53,ad,10,b0,a0,f6,98,3b,\
"rkeysecu"=hex:a8,c8,61,1d,ff,07,1b,c8,b3,0d,de,43,3b,ca,e8,9f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-23  16:41:24
ComboFix-quarantined-files.txt  2010-08-23 14:41

Vor Suchlauf: 1.681.248.256 Bytes frei
Nach Suchlauf: 1.420.222.464 Bytes frei

- - End Of File - - 8850CD46BEC408BAB7C98D90ACE506E9

--- --- ---

cosinus 23.08.2010 17:26

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

grafeko 23.08.2010 23:38

Wie viele Programme sind es denn noch die durchlaufen müssen? ;)


GMER:


GMER Logfile:
Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-24 00:19:50
Windows 6.0.6002 Service Pack 2
Running: id7n8l1x.exe; Driver: C:\Users\Philip\AppData\Local\Temp\kxryykob.sys


---- System - GMER 1.0.15 ----

SSDT            86D82598                                                                                                            ZwAlertResumeThread
SSDT            86D82678                                                                                                            ZwAlertThread
SSDT            86D89D58                                                                                                            ZwAllocateVirtualMemory
SSDT            86D7DA30                                                                                                            ZwConnectPort
SSDT            86D97DD0                                                                                                            ZwCreateMutant
SSDT            A1E1D3F4                                                                                                            ZwCreateThread
SSDT            86D89BC8                                                                                                            ZwFreeVirtualMemory
SSDT            86D97EB0                                                                                                            ZwImpersonateAnonymousToken
SSDT            86D97F90                                                                                                            ZwImpersonateThread
SSDT            86D7C8B0                                                                                                            ZwMapViewOfSection
SSDT            86D97CF0                                                                                                            ZwOpenEvent
SSDT            A1E1D3E0                                                                                                            ZwOpenProcess
SSDT            86D82EC0                                                                                                            ZwOpenProcessToken
SSDT            A1E1D3E5                                                                                                            ZwOpenThread
SSDT            86D84EB8                                                                                                            ZwOpenThreadToken
SSDT            86D89048                                                                                                            ZwResumeThread
SSDT            86D84DD8                                                                                                            ZwSetContextThread
SSDT            86D7C710                                                                                                            ZwSetInformationProcess
SSDT            86D82980                                                                                                            ZwSetInformationThread
SSDT            86D97C10                                                                                                            ZwSuspendProcess
SSDT            86D827C0                                                                                                            ZwSuspendThread
SSDT            A1E1D3EF                                                                                                            ZwTerminateProcess
SSDT            86D828A0                                                                                                            ZwTerminateThread
SSDT            86D7C7F0                                                                                                            ZwUnmapViewOfSection
SSDT            86D89C88                                                                                                            ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 11D                                                                                        822E2880 8 Bytes  [98, 25, D8, 86, 78, 26, D8, ...]
.text          ntkrnlpa.exe!KeSetEvent + 131                                                                                        822E2894 4 Bytes  [58, 9D, D8, 86]
.text          ntkrnlpa.exe!KeSetEvent + 1C1                                                                                        822E2924 4 Bytes  [30, DA, D7, 86]
.text          ntkrnlpa.exe!KeSetEvent + 1F5                                                                                        822E2958 4 Bytes  [D0, 7D, D9, 86]
.text          ntkrnlpa.exe!KeSetEvent + 222                                                                                        822E2985 3 Bytes  [D3, E1, A1]
.text          ...                                                                                                                 
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                            section is writeable [0x8BC03340, 0x295097, 0xE8000020]
?              C:\Users\Philip\AppData\Local\Temp\catchme.sys                                                                      Das System kann die angegebene Datei nicht finden. !
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !
?              C:\Users\Philip\AppData\Local\Temp\mbr.sys                                                                          Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                              SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                              SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x48 0x78 0xB1 0x96 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x44 0xD8 0x97 0xC2 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x64 0x62 0x03 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x64 0x62 0x02 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x48 0x78 0xB1 0x96 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x44 0xD8 0x97 0xC2 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x64 0x62 0x03 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x64 0x62 0x02 0x00 ...

---- EOF - GMER 1.0.15 ----

--- --- ---





OSAM:


OSAM Logfile:
Code:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:35:43 on 24.08.2010

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"Ad-Aware Update (Weekly).job" - "Lavasoft                                                              " - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\Windows\system32\drivers\Aspi32.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\Users\Philip\AppData\Local\Temp\catchme.sys  (File not found)
"Conexant Setup API" (UIUSys) - "Conexant Systems, Inc" - C:\Windows\System32\DRIVERS\UIUSYS.SYS
"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Program Files\MediaCoder\SysInfo.sys  (File found, but it contains no detailed information)
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyDelay.sys
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kxryykob" (kxryykob) - ? - C:\Users\Philip\AppData\Local\Temp\kxryykob.sys  (Hidden registry entry, rootkit activity | File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File found, but it contains no detailed information)
"mbr" (mbr) - ? - C:\Users\Philip\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVEX15.SYS
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
"SRTSP" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSP.SYS
"SRTSPL" (SRTSPL) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPL.SYS
"SRTSPX" (SRTSPX) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPX.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMTDI.SYS

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "Burn4Freecontext menu" - "Ikysasoft s.r.l. uninominale" - C:\Windows\System32\B4FM.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{8BEEE74D-455E-4616-A97A-F6E86C317F32} "VpshellEx Class" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Burn4Free Toolbar" - ? - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} "Burn4Free Toolbar" - ? - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{D187A56B-A33F-4CBE-9D77-459FC0BAE012} "Burn4Free Toolbar Helper" - ? - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"ccApp" - "Symantec Corporation" - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"CHotkey" - ? - mHotkey.exe
"vptray" - "Symantec Corporation" - C:\PROGRA~1\SYMANT~1\VPTray.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"RICOH Language Monitor2" - "RICOH CO.,Ltd." - C:\Windows\system32\RC4MON.DLL
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate1c98e4a399e56fd)" (gupdate1c98e4a399e56fd) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"SAVRoam" (SavRoam) - "symantec" - C:\Program Files\Symantec AntiVirus\SavRoam.exe
"Symantec AntiVirus" (Symantec AntiVirus) - "Symantec Corporation" - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
"Symantec AntiVirus Definition Watcher" (DefWatch) - "Symantec Corporation" - C:\Program Files\Symantec AntiVirus\DefWatch.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

grafeko 24.08.2010 00:15

und Bootkit:




.\debug.cpp(238) : Debug log started at 23.08.2010 - 22:43:46
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows Vista Business Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82236000 0x003b9000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x82203000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x80403000 0x00007000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8040a000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8047a000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8048b000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x80493000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x804d4000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x80606000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x80682000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8068f000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x806d5000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x806de000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x806e6000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x8070d000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x8071c000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x8071f000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x80729000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x80738000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x80782000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys"
.\debug.cpp(256) : 0x80789000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x80797000 0x0002d000 "\SystemRoot\system32\DRIVERS\pcmcia.sys"
.\debug.cpp(256) : 0x807c4000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x807d4000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x807dc000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x805b4000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x805e6000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x87e01000 0x0000f000 "\SystemRoot\system32\DRIVERS\Lbd.sys"
.\debug.cpp(256) : 0x87e10000 0x0000a000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
.\debug.cpp(256) : 0x87e1a000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x87e8b000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x87f96000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x87fc1000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8800d000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x880f7000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x88112000 0x00004000 "\SystemRoot\System32\Drivers\vbtenum.sys"
.\debug.cpp(256) : 0x88205000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x88315000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8834e000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x88356000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x88365000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x8838c000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x8839d000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x883be000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x883c7000 0x00007000 "\SystemRoot\System32\Drivers\BTHidMgr.sys"
.\debug.cpp(256) : 0x883ee000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x88116000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x8811f000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x883f9000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x8bc03000 0x00440000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
.\debug.cpp(256) : 0x8c043000 0x000a1000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x8c0e4000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8c0f0000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8c400000 0x001c1000 "\SystemRoot\system32\DRIVERS\NETw3v32.sys"
.\debug.cpp(256) : 0x8c5c1000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x8c17d000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x8c5cc000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8c5db000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys"
.\debug.cpp(256) : 0x8c5eb000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0x8812e000 0x0004c000 "\SystemRoot\system32\drivers\tifm21.sys"
.\debug.cpp(256) : 0x8c1bb000 0x0001a000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0x8c1d5000 0x0000f000 "\SystemRoot\system32\DRIVERS\Rtlh86.sys"
.\debug.cpp(256) : 0x8c1e4000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x8817a000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x88184000 0x00008000 "\SystemRoot\system32\DRIVERS\nscirda.sys"
.\debug.cpp(256) : 0x8818c000 0x00009000 "\SystemRoot\system32\drivers\irenum.sys"
.\debug.cpp(256) : 0x88195000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x881a8000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x881b3000 0x0002b000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0x8c5f9000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x881de000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x881e9000 0x00007000 "\SystemRoot\System32\Drivers\ElbyCDFL.sys"
.\debug.cpp(256) : 0x8c5fb000 0x00002000 "\SystemRoot\System32\Drivers\ElbyDelay.sys"
.\debug.cpp(256) : 0x88200000 0x00005000 "\SystemRoot\System32\Drivers\AnyDVD.sys"
.\debug.cpp(256) : 0x8ce0f000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8ce27000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x8ce2d000 0x0000a000 "\SystemRoot\System32\Drivers\VcommMgr.sys"
.\debug.cpp(256) : 0x8ce37000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x8ce66000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x8cea7000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8ceb2000 0x00007000 "\SystemRoot\system32\DRIVERS\blueletaudio.sys"
.\debug.cpp(256) : 0x8ceb9000 0x0002d000 "\SystemRoot\system32\DRIVERS\portcls.sys"
.\debug.cpp(256) : 0x8cee6000 0x00025000 "\SystemRoot\system32\DRIVERS\drmk.sys"
.\debug.cpp(256) : 0x8cf0b000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x8cf35000 0x00006000 "\SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys"
.\debug.cpp(256) : 0x8cf3b000 0x00008000 "\SystemRoot\System32\Drivers\RootMdm.sys"
.\debug.cpp(256) : 0x8cf43000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
.\debug.cpp(256) : 0x8cf50000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x8cf67000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x8cf72000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8cf95000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x8cfa4000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x8cfb8000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x8cfcd000 0x00003000 "\SystemRoot\system32\DRIVERS\btnetdrv.sys"
.\debug.cpp(256) : 0x8cfd0000 0x00007000 "\SystemRoot\system32\DRIVERS\VComm.sys"
.\debug.cpp(256) : 0x8da05000 0x00089000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0x8da8e000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8da9e000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8daa0000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x8daaa000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x8dab7000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x8daec000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x8e603000 0x00196000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
.\debug.cpp(256) : 0x8e799000 0x0003d000 "\SystemRoot\system32\DRIVERS\HSXHWAZL.sys"
.\debug.cpp(256) : 0x8dafd000 0x00103000 "\SystemRoot\system32\DRIVERS\HSX_DPV.sys"
.\debug.cpp(256) : 0x8e805000 0x000b4000 "\SystemRoot\system32\DRIVERS\HSX_CNXT.sys"
.\debug.cpp(256) : 0x8e8b9000 0x00049000 "\SystemRoot\System32\Drivers\SRTSP.SYS"
.\debug.cpp(256) : 0x8e902000 0x00011000 "\SystemRoot\System32\Drivers\SRTSPX.SYS"
.\debug.cpp(256) : 0x8ef43000 0x00022000 "\??\C:\Windows\system32\Drivers\SYMEVENT.SYS"
.\debug.cpp(256) : 0x8ef79000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x8ef82000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x8ef8b000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x8ef9b000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8efa2000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8efa9000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x8efb1000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8efb8000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8efc4000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8efe5000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8efed000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8eff5000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8e913000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8e921000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x8e92a000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8e940000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x8e954000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8e99c000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8e9ce000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8e9e4000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8e7d6000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x9320e000 0x0002c000 "\SystemRoot\System32\Drivers\SYMTDI.SYS"
.\debug.cpp(256) : 0x9323a000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x932a6000 0x00022000 "\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS"
.\debug.cpp(256) : 0x932c8000 0x00006000 "\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"
.\debug.cpp(256) : 0x932ce000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x9330a000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x93314000 0x0005e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
.\debug.cpp(256) : 0x93372000 0x0001d000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
.\debug.cpp(256) : 0x9338f000 0x0005b000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x8e7e9000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x8cfd7000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0x933ea000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0x883ce000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x933ec000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x93200000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x8e9f2000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x81690000 0x00203000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x8cff3000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x818b0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x818d0000 0x0000e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x9f40f000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x9f42a000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0x9f43e000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0x9f4ee000 0x0001e000 "\SystemRoot\system32\DRIVERS\irda.sys"
.\debug.cpp(256) : 0x9f50c000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x9f51c000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x9f546000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x9f550000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x9f563000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x9f5d0000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xa3a00000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0xa3a19000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0xa3a2e000 0x00021000 "\SystemRoot\system32\drivers\mrxdav.sys"
.\debug.cpp(256) : 0xa3a4f000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xa3a6e000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0xa3aa7000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0xa3abf000 0x00027000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xa3ae6000 0x0004e000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa3b34000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0xa3b3d000 0x00004000 "\SystemRoot\System32\Drivers\Aspi32.SYS"
.\debug.cpp(256) : 0xa3b41000 0x00003000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys"
.\debug.cpp(256) : 0xa3b44000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xa6605000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0xa66e3000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0xa66ed000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xa66f9000 0x00008000 "\SystemRoot\system32\DRIVERS\xaudio.sys"
.\debug.cpp(256) : 0xa6701000 0x00005000 "\SystemRoot\system32\Drivers\LVPr2Mon.sys"
.\debug.cpp(256) : 0xa6742000 0x00008000 "\??\C:\Users\Philip\AppData\Local\Temp\catchme.sys"
.\debug.cpp(256) : 0xa674a000 0x00002000 "\??\C:\Windows\system32\Drivers\PROCEXP113.SYS"
.\debug.cpp(256) : 0xa674c000 0x00006000 "\??\C:\Users\Philip\AppData\Local\Temp\mbr.sys"
.\debug.cpp(256) : 0xa678f000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0xa6706000 0x00017000 "\??\C:\Users\Philip\AppData\Local\Temp\kxryykob.sys"
.\debug.cpp(256) : 0x8ee00000 0x00142000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVEX15.SYS"
.\debug.cpp(256) : 0xa677a000 0x00014000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVENG.SYS"
.\debug.cpp(256) : 0x77aa0000 0x00127000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM12"
.\debug.cpp(400) : Destination="\Device\Serial11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8169&SUBSYS_05711558&REV_10#4&271a6e5&0&58F0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth DUN Modem"
.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&3ccce59&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LogiProcMon2"
.\debug.cpp(400) : Destination="\Device\LogiProcMon2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
.\debug.cpp(400) : Destination="\Device\SymEvent"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_05711558&REV_02#3&21436425&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_05711558&REV_02#3&21436425&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination="\Device\avgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2E886D71-44A0-45DC-9A6E-72ECE267F788}"
.\debug.cpp(400) : Destination="\Device\NDMP16"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{3db0c7f9-f9ec-11dd-8ee8-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) : Destination="\Device\Tun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI9"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv10920"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#HIDCLASS#0000#{57574d37-c5e9-412d-a115-fa6d779eff08}"
.\debug.cpp(400) : Destination="\Device\0000000a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AA7BA3E4-6E84-4391-AF36-990F521EC667}"
.\debug.cpp(400) : Destination="\Device\NDMP3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination="\Device\00000069"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&18a2e25&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHidMgr"
.\debug.cpp(400) : Destination="\Device\BTHidMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice"
.\debug.cpp(400) : Destination="\Device\SpDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C01E#6&18a89d3a&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000090"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth Fax Modem"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\XAudio"
.\debug.cpp(400) : Destination="\Device\XAudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination="\Device\PEAuth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F10001&REV_0900#4&32d912ea&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination="\Device\0000008d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTMgr"
.\debug.cpp(400) : Destination="\Device\BTMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803A&SUBSYS_05711558&REV_00#4&271a6e5&0&39F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Lbd"
.\debug.cpp(400) : Destination="\Device\Lbd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination="\Device\Winachsf0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000064"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0006#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\00000059"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) : Destination="\Device\NAVEX15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AC9DA846-C20C-435E-8E00-E5181B79BBA3}"
.\debug.cpp(400) : Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM4"
.\debug.cpp(400) : Destination="\Device\Serial3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0297&SUBSYS_05711558&REV_A1#4&12ac2c4d&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F10001&REV_0900#4&32d912ea&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination="\Device\0000008d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0008#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\0000005b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM5"
.\debug.cpp(400) : Destination="\Device\Serial4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8169&SUBSYS_05711558&REV_10#4&271a6e5&0&58F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0003#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM6"
.\debug.cpp(400) : Destination="\Device\Serial5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) : Destination="\Device\EraserCtrlDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination="\Device\ConexantDiagnosticsServer"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&fb914ef&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F26D997E-07E4-4F14-9784-6D2C161038B5}"
.\debug.cpp(400) : Destination="\Device\NDMP14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A9064B0C-9EBC-4C5F-A2F5-CA365FACBE6C}"
.\debug.cpp(400) : Destination="\Device\NDMP8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM7"
.\debug.cpp(400) : Destination="\Device\Serial6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0007#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\0000005a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0004#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\00000057"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2F1F689C-4E19-439F-970B-9D3953DD3745}"
.\debug.cpp(400) : Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM8"
.\debug.cpp(400) : Destination="\Device\Serial7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kxryykob"
.\debug.cpp(400) : Destination="\Device\kxryykob"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbMmDp32"
.\debug.cpp(400) : Destination="\Device\MbMmDp32"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&f2a43fe&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FA5FEC4F-2363-4CEF-BF2C-207DFCF6F71B}"
.\debug.cpp(400) : Destination="\Device\NDMP6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM9"
.\debug.cpp(400) : Destination="\Device\Serial8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000062"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0005#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0002#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\00000055"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000000b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) : Destination="\Device\NAVENG"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0001#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
.\debug.cpp(400) : Destination="\Device\SRTSPX"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10018086&REV_02#4&18ca3d5f&0&00E0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10018086&REV_02#4&18ca3d5f&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv10920"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv10920"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination="\Device\HSF_MDMDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A3F04F10-FC76-46FC-9E8F-27B734564D1C}"
.\debug.cpp(400) : Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{352C79AB-B68D-4768-8A93-06E1D1AFE8FF}"
.\debug.cpp(400) : Destination="\Device\NDMP7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0AE757D4-6131-4E7D-B60A-3C61B2794A3A}"
.\debug.cpp(400) : Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS541616J9SA00_________________SB4OC70P#5&3832fb37&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\catchme"
.\debug.cpp(400) : Destination="\Device\catchme"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination="\Device\nativewifip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1f0bbc4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{43B21A2A-57C0-4B3B-8A10-B0E3A37170DF}"
.\debug.cpp(400) : Destination="\Device\NDMP15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VcommMgrDevice"
.\debug.cpp(400) : Destination="\Device\VcommMgrDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000065"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7540A_________________1.01____#5&25794a92&0&1.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T1L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C01E#6&18a89d3a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000090"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP"
.\debug.cpp(400) : Destination="\Device\0000008d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803B&SUBSYS_05711558&REV_00#4&271a6e5&0&3AF0#{2c9f2281-eb3c-11d6-80af-0001020c74d4}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_05711558&REV_02#3&21436425&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_05711558&REV_02#3&21436425&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#NSC6001#3#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SASKUTIL"
.\debug.cpp(400) : Destination="\Device\SASKUTIL"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination="\Device\WANARPV6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO"
.\debug.cpp(400) : Destination="\Device\ElbyCDIO"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) : Destination="\Device\ASYNCMAC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#NSC6001#3#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureE791E791Offset7E00Length2542978200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000092"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&35cf9db4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&3ccce59&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7540A_________________1.01____#5&25794a92&0&1.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T1L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI"
.\debug.cpp(400) : Destination="\Device\SymTDI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1206#4&18a2e25&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination="\Device\MICH_AZ0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5B57F689-8F2D-46EF-A146-A183C215B8B7}"
.\debug.cpp(400) : Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV"
.\debug.cpp(400) : Destination="\Device\SASDIFSV"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9910E0F9-32C1-486B-8A25-AE2E168AF504}"
.\debug.cpp(400) : Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
.\debug.cpp(400) : Destination="\Device\mbr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
.\debug.cpp(400) : Destination="\Device\SRTSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THM0#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000066"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000005e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\RaidPort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2896157a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000005d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_05711558&REV_02#3&21436425&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM10"
.\debug.cpp(400) : Destination="\Device\Serial9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination="\Device\SynTP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0297&SUBSYS_05711558&REV_A1#4&12ac2c4d&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM11"
.\debug.cpp(400) : Destination="\Device\Serial10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination="\Device\avipbb"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PROCEXP113"
.\debug.cpp(400) : Destination="\Device\PROCEXP113"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv10920"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C01E#5&3a3d845d&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000006a"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132