| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira Antivir entdeckt autorun.inf und verweigert ZugriffWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.07.2010, 21:38
| #1 |
| |  Avira Antivir entdeckt autorun.inf und verweigert Zugriff Hallo, ich habe wohl - wie so viele - auch ein Problem mit dem Wurm autorun.inf. Mein Avira-Guard meldet immer nach Anschluss meiner externen Festplatte: "Zu Ihrer Sicherheit wurde der Zugriff auf die Datei 'D:\autorun.inf' blockiert." Aus anderen Einträgen auf trojaner-board habe ich erfahren, dass ich Malwarebytes durchlaufen lasse und anschließend OTL. Das habe ich mal gemacht und poste das jetzt mal untenstehend. OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.07.2010 22:05:27 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Rachel\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 21,38 Gb Free Space | 28,69% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 321,67 Gb Free Space | 69,06% Space Free | Partition Type: NTFS Drive E: | 73,06 Gb Total Space | 69,67 Gb Free Space | 95,36% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RACHELS-POMPUTA Current User Name: Rachel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Rachel\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Uniblue\RegistryBooster\registrybooster.exe (Uniblue Systems Limited) PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Programme\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Rachel\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/rswin_3725.dll () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (TpChoice) -- C:\Windows\System32\DRIVERS\TpChoice.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (VClone) -- C:\Windows\system32\DRIVERS\VClone.sys (Elaborate Bytes AG) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}:5.0.19 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_DE&apn_uid=38BAC10B-A8E4-48F7-B6C0-711F57FE9E5A&apn_ptnrs=PV&apn_sauid=3023A355-263E-4577-8D2E-1AC80F0B9BBD&apn_dtid=&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.20 13:48:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.20 14:19:34 | 000,000,000 | ---D | M] [2008.10.10 12:18:09 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\mozilla\Extensions [2010.07.20 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\mozilla\Firefox\Profiles\syeqpirf.default\extensions [2010.05.03 13:44:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rachel\AppData\Roaming\mozilla\Firefox\Profiles\syeqpirf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.02 14:35:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Rachel\AppData\Roaming\mozilla\Firefox\Profiles\syeqpirf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.06.25 17:05:49 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\mozilla\Firefox\Profiles\syeqpirf.default\extensions\toolbar@ask.com [2010.07.20 12:32:55 | 000,002,384 | ---- | M] () -- C:\Users\Rachel\AppData\Roaming\Mozilla\FireFox\Profiles\syeqpirf.default\searchplugins\askcom.xml [2010.05.02 10:00:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.03.08 19:41:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.08.23 17:29:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} [2010.05.02 10:00:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2008.03.08 19:41:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\real-networks@partners.mozilla.com [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [MsgCenterExe] C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe File not found O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [TOSCDSPD] File not found O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab (Java Plug-in 1.5.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.02.02 14:04:45 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O33 - MountPoints2\{25506515-fbc5-11de-a7b9-001b38a9b985}\Shell\AutoRun\command - "" = H:\installer.exe -- File not found O33 - MountPoints2\{3609da7f-2617-11de-8c02-001b38a9b985}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 09:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{3609da8b-2617-11de-8c02-001b38a9b985}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 09:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{8d107e3f-2e9c-11df-a91e-001b38a9b985}\Shell\AutoRun\command - "" = D:\installer.exe -- File not found O33 - MountPoints2\{b216d59c-91de-11dc-9ba7-001b38a9b985}\Shell - "" = AutoRun O33 - MountPoints2\{b216d59c-91de-11dc-9ba7-001b38a9b985}\Shell\AutoRun\command - "" = G:\wubi.exe -- File not found O33 - MountPoints2\{dde4562f-fd98-11dd-9037-806e6f6e6963}\Shell\AutoRun\command - "" = n68mqcra.exe O33 - MountPoints2\{dde4562f-fd98-11dd-9037-806e6f6e6963}\Shell\open\Command - "" = n68mqcra.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.20 21:35:28 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\Malwarebytes [2010.07.20 21:35:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.20 21:35:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.20 21:35:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.20 21:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.20 18:08:29 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\Uniblue [2010.07.20 18:08:24 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.07.20 17:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.07.20 17:48:02 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2010.07.20 15:06:51 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\Avira [2010.07.20 14:55:18 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.07.20 14:55:18 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.07.20 14:55:18 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.07.20 14:55:17 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.07.20 14:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2010.07.20 14:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010.07.20 14:03:10 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan [2010.07.19 10:33:47 | 000,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\Infotafeln [2010.07.10 21:56:30 | 000,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\Yuma Ausflug [2010.07.10 11:47:09 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.07.10 11:46:55 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.07.09 17:49:36 | 000,000,000 | ---D | C] -- C:\Programme\mdr [2010.07.09 16:01:02 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.07.09 16:01:01 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.07.09 16:01:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.07.09 16:01:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.07.09 16:01:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.07.09 16:00:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.07.09 16:00:58 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.07.09 16:00:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.07.09 16:00:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.07.09 16:00:57 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.07.09 16:00:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.07.09 16:00:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.07.09 16:00:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.07.09 16:00:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.07.09 16:00:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.07.09 15:59:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2010.07.09 15:59:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2010.07.09 15:59:12 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2010.07.09 15:59:12 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2010.07.09 15:59:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2010.07.09 15:59:11 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2010.07.09 15:59:11 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2010.07.09 15:59:11 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2010.07.09 15:59:10 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.07.09 15:59:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2010.07.09 15:59:10 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2010.07.09 15:59:10 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.07.09 15:59:09 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2010.07.09 15:59:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2010.07.09 15:59:09 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2010.07.09 15:59:08 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.07.09 15:59:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2010.07.09 15:59:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2010.07.09 15:59:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.07.09 15:59:04 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2010.07.09 15:59:04 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2010.07.09 15:59:04 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2010.07.09 15:59:04 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2010.07.09 15:59:04 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2010.07.09 15:59:04 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe [2010.07.04 19:58:04 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\Xenocode [2010.07.02 18:20:53 | 000,014,604 | ---- | C] (Padus, Inc.) -- C:\Windows\System32\drivers\pfc.sys [2010.07.02 18:20:44 | 000,344,064 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll [2010.07.01 17:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010.07.01 17:13:16 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\No Company Name [2010.07.01 17:12:53 | 000,000,000 | ---D | C] -- C:\Users\Rachel\Documents\Adobe [2010.07.01 13:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc [2010.07.01 13:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate [2010.07.01 13:43:32 | 000,000,000 | ---D | C] -- C:\Programme\SmartSound Software [2010.07.01 13:41:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared [2010.07.01 03:02:33 | 000,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\Download Manager [2010.06.30 22:13:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Akamai [2010.06.25 16:26:37 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.25 16:26:37 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.25 16:26:37 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.23 21:09:02 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.06.23 21:09:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Rachel\Desktop\*.tmp files -> C:\Users\Rachel\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.20 22:05:00 | 003,145,728 | -HS- | M] () -- C:\Users\Rachel\ntuser.dat [2010.07.20 22:04:07 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\djrcidl.sys [2010.07.20 21:35:20 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.20 21:34:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.20 21:34:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.20 21:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.20 20:15:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.20 18:15:09 | 000,085,504 | ---- | M] () -- C:\Users\Rachel\Desktop\Interviewauswertung.xls [2010.07.20 18:08:38 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2010.07.20 17:41:00 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.20 17:41:00 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.20 17:41:00 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.20 17:41:00 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.20 17:40:59 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.20 17:34:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.20 17:34:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.20 17:34:35 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2010.07.20 17:32:50 | 000,524,288 | -HS- | M] () -- C:\Users\Rachel\ntuser.dat{5b129cd6-a5c6-11dd-b778-001b38a9b985}.TMContainer00000000000000000001.regtrans-ms [2010.07.20 17:32:50 | 000,065,536 | -HS- | M] () -- C:\Users\Rachel\ntuser.dat{5b129cd6-a5c6-11dd-b778-001b38a9b985}.TM.blf [2010.07.20 14:55:31 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.07.20 14:03:11 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.07.20 14:03:11 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.07.19 10:12:15 | 000,015,872 | ---- | M] () -- C:\Users\Rachel\Desktop\Projektblatt Ferienprogramm.xls [2010.07.19 10:08:55 | 000,015,872 | ---- | M] () -- C:\Users\Rachel\Desktop\Projektblatt Infotafeln.xls [2010.07.17 00:04:28 | 000,037,888 | ---- | M] () -- C:\Users\Rachel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.16 14:07:00 | 000,051,747 | ---- | M] () -- C:\Users\Rachel\Desktop\kulturweit_StuHi_Eval-Daten_08072010.pdf [2010.07.12 20:06:30 | 000,077,824 | ---- | M] () -- C:\Users\Rachel\Desktop\Auswertung+Interview.xls [2010.07.05 21:00:55 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.07.03 13:08:01 | 000,000,701 | ---- | M] () -- C:\Users\Rachel\Desktop\Adobe Premiere Pro.lnk [2010.07.02 18:50:31 | 000,098,040 | ---- | M] () -- C:\Users\Rachel\AppData\Local\GDIPFONTCACHEV1.DAT [2010.07.02 18:46:56 | 000,358,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.01 18:33:40 | 041,218,352 | ---- | M] () -- C:\Users\Rachel\Documents\Unbenannt.avi [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Rachel\Desktop\*.tmp files -> C:\Users\Rachel\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.20 22:04:07 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\djrcidl.sys [2010.07.20 21:35:20 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.20 18:08:32 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2010.07.20 17:34:35 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys [2010.07.20 14:55:31 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.07.20 14:03:11 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.07.20 14:03:11 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.07.19 10:12:15 | 000,015,872 | ---- | C] () -- C:\Users\Rachel\Desktop\Projektblatt Ferienprogramm.xls [2010.07.19 10:08:55 | 000,015,872 | ---- | C] () -- C:\Users\Rachel\Desktop\Projektblatt Infotafeln.xls [2010.07.16 14:06:57 | 000,051,747 | ---- | C] () -- C:\Users\Rachel\Desktop\kulturweit_StuHi_Eval-Daten_08072010.pdf [2010.07.12 20:22:21 | 000,085,504 | ---- | C] () -- C:\Users\Rachel\Desktop\Interviewauswertung.xls [2010.07.12 20:06:27 | 000,077,824 | ---- | C] () -- C:\Users\Rachel\Desktop\Auswertung+Interview.xls [2010.07.09 16:00:57 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.07.05 14:42:32 | 003,261,899 | ---- | C] () -- C:\Users\Rachel\Desktop\Jan2010 367.JPG [2010.07.05 14:41:57 | 003,074,395 | ---- | C] () -- C:\Users\Rachel\Desktop\Jan2010 368.JPG [2010.07.05 14:40:23 | 003,493,290 | ---- | C] () -- C:\Users\Rachel\Desktop\Jan2010 375.JPG [2010.07.05 14:40:12 | 003,124,962 | ---- | C] () -- C:\Users\Rachel\Desktop\Jan2010 359.JPG [2010.07.03 13:08:01 | 000,000,701 | ---- | C] () -- C:\Users\Rachel\Desktop\Adobe Premiere Pro.lnk [2010.07.01 18:33:27 | 041,218,352 | ---- | C] () -- C:\Users\Rachel\Documents\Unbenannt.avi [2009.11.17 12:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.08.08 12:50:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.12.20 19:12:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.10.21 22:13:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2008.10.15 01:53:42 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.10.15 01:53:42 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2008.10.15 01:53:39 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.10.15 01:53:39 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.10.15 01:53:37 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.10.15 01:53:37 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007.12.07 21:58:50 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2007.11.13 14:23:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.10.15 20:54:51 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2007.10.15 20:54:50 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.10.15 20:54:50 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.10.15 20:54:48 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.10.15 20:51:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007.10.15 20:51:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007.10.15 20:51:56 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007.10.15 20:51:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007.07.12 10:45:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007.07.12 10:45:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007.07.12 10:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007.07.12 10:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007.07.12 10:45:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007.07.12 10:45:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.07.12 10:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2007.04.16 08:35:21 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.04.16 08:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007.04.16 06:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll [2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.07.2010 22:05:27 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Rachel\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 21,38 Gb Free Space | 28,69% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 321,67 Gb Free Space | 69,06% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 69,67 Gb Free Space | 95,36% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RACHELS-POMPUTA
Current User Name: Rachel
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- FirefoxURL
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{186CE129-3F11-4141-88A4-B3825F2848CE}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C7371F2-32BD-4084-A16B-6746137B10AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{3DA06432-CC75-43EE-BB70-9E20990DF098}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B033D09-9B1F-4898-B57E-F9434CD92C3D}" = lport=139 | protocol=6 | dir=in | app=system |
"{61DE11D5-5D01-4F63-B48E-8D8B851BC8BC}" = rport=139 | protocol=6 | dir=out | app=system |
"{983A4C3C-343B-4817-8581-45ED109B8D00}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{986D8184-07C2-429B-911F-F4DD72919894}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{AA5D8776-2595-4A7A-B90C-4B5B67006F85}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8E5BFE5-8B81-4F97-83E0-4231B37C396B}" = rport=137 | protocol=17 | dir=out | app=system |
"{BC58343B-8B4A-4A9E-BA7A-1CE6D63FB5BC}" = lport=137 | protocol=17 | dir=in | app=system |
"{CC3F0037-EE0C-4098-A55C-4BF3293EB77E}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7230655-E3E8-4712-B945-B7F501C0699A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DADC631-0F51-467C-B846-A1B47609BF71}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3A5F5E83-0DCE-431D-B40E-0F2780C25181}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64C58AD7-B902-431E-9C7B-5BF243003EDA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{70E80F09-52EB-4191-976F-A176C6EDF36F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{71A3CA5A-FDF9-408E-A1E2-42E4EAC26DD1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8ADF7623-3BE5-4C9D-B27A-CA6B77C8B879}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{94500E1F-2C5F-494A-A184-4DB9C67CB1A5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{95DCB290-1A4A-4C8A-8765-D403CA3D5371}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9BE823A8-98AD-4AD2-898B-F50A45A96C63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C0FB0B64-5FEB-49BC-9D3F-3AA47B5DD82D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FEC5022C-AF69-49E4-B2D1-D6B979B84C00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1B90655D-59DC-47D1-BD12-DA2CE355ADE5}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{3B9DA5DE-7269-4328-AD10-A5E8014F1C94}C:\users\rachel\appdata\local\temp\java_ee_sdk-5_07-windows[1].exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\rachel\appdata\local\temp\java_ee_sdk-5_07-windows[1].exe2\package\jre\bin\javaw.exe |
"TCP Query User{3D16C61D-AC48-4801-A72E-998AFD4790E8}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{51CFB6D1-E6C3-4590-AAA1-14EFE3EB1D20}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{590CE16B-0323-4E87-8E3F-A2E4B7A3EE5D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{7CECB2F5-1DF5-4F80-A5AB-450A7C21649E}C:\users\rachel\appdata\local\xenocode\sandbox\adobe premiere pro cs3\3, 0, 0, 0\2010.01.28t18.06\native\stubexe\8.0.1112\@programfiles@\bonjour\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\users\rachel\appdata\local\xenocode\sandbox\adobe premiere pro cs3\3, 0, 0, 0\2010.01.28t18.06\native\stubexe\8.0.1112\@programfiles@\bonjour\mdnsresponder.exe |
"TCP Query User{89A6A73C-AA43-4E00-B2CA-B6245C693D6D}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{9901A010-9071-4E33-A922-53C8E776A9DC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C342BE45-6351-4F04-9F0C-D1FD1A7C0A71}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{D7DE1988-9CE9-4706-A828-1514197E1CA6}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{E74CCC2A-8203-4330-9DBA-19222BEF98B2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F46D3E56-3E60-47F7-936D-14ACD001F936}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F58EC4E0-1564-4078-A59C-8C3BB225F2AF}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{10B397B9-D5A9-4152-9A0C-C72F11C57837}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{13840683-4180-4642-8CF0-5346337B4A3E}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{250D914A-A2F2-4495-AA71-10561125F103}C:\users\rachel\appdata\local\temp\java_ee_sdk-5_07-windows[1].exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\rachel\appdata\local\temp\java_ee_sdk-5_07-windows[1].exe2\package\jre\bin\javaw.exe |
"UDP Query User{2AE77EC9-05D4-4C88-943A-915237BEFEFC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3E86CB12-19C5-4E55-9B70-9FE493F4D64A}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{54D852AD-C22F-4273-997D-350CF34B4801}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{6154B0CC-B962-4AD6-9B33-2B2DC3CD40F1}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{96D5F807-FBE1-45DA-89BB-0E03ACD9B5C2}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{AA6250CC-69F7-4ADE-BB03-E76C20495175}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{BB3ACF93-15B7-44EC-8054-464DEDB5CE66}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{BE314B92-C058-4BF0-B1EB-7CA0A9CB11FC}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{CAC900DF-1DAB-49E1-88E4-06CC3F2449BF}C:\users\rachel\appdata\local\xenocode\sandbox\adobe premiere pro cs3\3, 0, 0, 0\2010.01.28t18.06\native\stubexe\8.0.1112\@programfiles@\bonjour\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\users\rachel\appdata\local\xenocode\sandbox\adobe premiere pro cs3\3, 0, 0, 0\2010.01.28t18.06\native\stubexe\8.0.1112\@programfiles@\bonjour\mdnsresponder.exe |
"UDP Query User{DFAB0C5E-10FC-43E5-8B6A-F2A859727576}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2E41963B-151C-4D8B-BE5D-15A4F161719F}" = GoGear Spark Device Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150190}" = J2SE Runtime Environment 5.0 Update 19
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Axel Juncker Wortschatztrainer" = Axel Juncker Wortschatztrainer
"Azureus" = Azureus
"Bde_is1" = BdeAdmin 5.01
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ElsterFormular 11.2.0.4074" = ElsterFormular
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Multi Data Rescue_is1" = Multi Data Rescue 2.1
"PC-Bibliothek Express" = PC-Bibliothek Express
"PDFCreator Toolbar" = PDFCreator Toolbar
"Pixum ePrint" = Pixum ePrint 1.2
"ratDVD" = ratDVD 0.78.1444
"Security Task Manager" = Security Task Manager 1.7h
"SoepLit_is1" = SoepLit 2.1
"SopCast" = SopCast 3.2.9
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TVAnts 1.0" = TVAnts 1.0
"Veetle TV" = Veetle TV 0.9.17
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.4
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.02.2010 12:25:50 | Computer Name = Rachels-Pomputa | Source = Avira AntiVir | ID = 4122
Description = Die Datei AVPREF.DLL konnte nicht geladen werden. Fehlercode: 1114
Error - 21.02.2010 14:14:50 | Computer Name = Rachels-Pomputa | Source = Avira AntiVir | ID = 4122
Description = Die Datei AVPREF.DLL konnte nicht geladen werden. Fehlercode: 1114
Error - 21.02.2010 17:46:31 | Computer Name = Rachels-Pomputa | Source = Avira AntiVir | ID = 4122
Description = Die Datei AVPREF.DLL konnte nicht geladen werden. Fehlercode: 1114
Error - 22.02.2010 04:43:44 | Computer Name = Rachels-Pomputa | Source = Avira AntiVir | ID = 4122
Description = Die Datei AVPREF.DLL konnte nicht geladen werden. Fehlercode: 1114
Error - 22.02.2010 04:50:30 | Computer Name = Rachels-Pomputa | Source = Avira AntiVir | ID = 4122
Description = Die Datei AVPREF.DLL konnte nicht geladen werden. Fehlercode: 1114
Error - 22.02.2010 05:01:34 | Computer Name = Rachels-Pomputa | Source = Avira AntiVir | ID = 4122
Description = Die Datei AVPREF.DLL konnte nicht geladen werden. Fehlercode: 1114
Error - 23.02.2010 12:12:06 | Computer Name = Rachels-Pomputa | Source = Avira AntiVir | ID = 4122
Description = Die Datei AVPREF.DLL konnte nicht geladen werden. Fehlercode: 1114
Error - 24.02.2010 04:21:56 | Computer Name = Rachels-Pomputa | Source = Avira AntiVir | ID = 4122
Description = Die Datei AVPREF.DLL konnte nicht geladen werden. Fehlercode: 1114
Error - 25.02.2010 07:20:35 | Computer Name = Rachels-Pomputa | Source = Avira AntiVir | ID = 4122
Description = Die Datei AVPREF.DLL konnte nicht geladen werden. Fehlercode: 1114
Error - 25.02.2010 15:38:03 | Computer Name = Rachels-Pomputa | Source = Avira AntiVir | ID = 4122
Description = Die Datei AVPREF.DLL konnte nicht geladen werden. Fehlercode: 1114
[ System Events ]
Error - 20.07.2010 11:27:53 | Computer Name = Rachels-Pomputa | Source = Service Control Manager | ID = 7001
Description =
Error - 20.07.2010 11:28:08 | Computer Name = Rachels-Pomputa | Source = DCOM | ID = 10005
Description =
Error - 20.07.2010 11:28:09 | Computer Name = Rachels-Pomputa | Source = Service Control Manager | ID = 7001
Description =
Error - 20.07.2010 11:35:22 | Computer Name = Rachels-Pomputa | Source = Service Control Manager | ID = 7000
Description =
Error - 20.07.2010 11:35:22 | Computer Name = Rachels-Pomputa | Source = Service Control Manager | ID = 7000
Description =
Error - 20.07.2010 11:36:18 | Computer Name = Rachels-Pomputa | Source = Service Control Manager | ID = 7022
Description =
Error - 20.07.2010 15:13:57 | Computer Name = Rachels-Pomputa | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR3.
Error - 20.07.2010 15:14:00 | Computer Name = Rachels-Pomputa | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR3.
Error - 20.07.2010 16:03:36 | Computer Name = Rachels-Pomputa | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR5.
Error - 20.07.2010 16:03:39 | Computer Name = Rachels-Pomputa | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR5.
< End of report >
Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4332 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 20.07.2010 22:01:56 mbam-log-2010-07-20 (22-01-56).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 146866 Laufzeit: 15 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop sms (Worm.P2P) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\PDFCreator_Toolbar_Uninstaller_1181.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Vielen lieben Dank für die Unterstützung und Euer Engagement! Rachel |
|
21.07.2010, 18:40
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira Antivir entdeckt autorun.inf und verweigert Zugriff Hallo,
__________________steck die ext. Platte mal an und führe den FlashDisinfector aus => Flash Disinfector – free autorun.inf trojans removal tool | My Anti Spyware
__________________ |
|
21.07.2010, 19:51
| #3 |
| | Avira Antivir entdeckt autorun.inf und verweigert Zugriff Lieber Arne,
__________________erstmal Danke für die schnelle Antwort! Ich habe den Spyware Doctor ausgeführt. Ergebnis: - 1 Worm P2P-Agent - 63 Application Tracking Cookies - 19 Adware Advertising - 3 Spyware.Know_Bad_Sites Hier noch detailliertere Informationen zum Wurm: Name: Worm.P2PAgent Risko: Medium Beschreibung: Worm.P2PAgent is a worm that attempts to replicate across the existing network(s) by using established connections. Typ: TT_Worm Auch bekannt als: WORM_SOCKS.CQ [TrendMicro] Entfernung: Diese Infektion kann mit Spyware Doctor entfernt werden. Meinst Du ich soll die 40 Euro in die Software investieren oder fällt Dir vielleicht noch eine andere Möglichkeit ein wie man das Problem lösen könnte? Schöne Grüße! Rachel |
|
22.07.2010, 13:46
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir entdeckt autorun.inf und verweigert ZugriffZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.07.2010, 14:57
| #5 |
| | Avira Antivir entdeckt autorun.inf und verweigert Zugriff Hallo Arne, achso, ich hatte gestern versehentlich den Spyware Doctor runtergeladen... Flash Disinfector habe ich gerade runtergeladen, lässt sich aber leider (auch als Administrator) nicht starten. Was nun? Danke & Grüße! Rachel |
|
22.07.2010, 15:27
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir entdeckt autorun.inf und verweigert Zugriff Dann zuerst mal die automatische Wiedergabe komplett deaktivieren, so kann eine noch existente autorun.inf sich nicht starten => Einstellungen für automatische Wiedergabe ändern Beende danach alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - AutoRun File - [2010.02.02 14:04:45 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{25506515-fbc5-11de-a7b9-001b38a9b985}\Shell\AutoRun\command - "" = H:\installer.exe -- File not found
O33 - MountPoints2\{3609da7f-2617-11de-8c02-001b38a9b985}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 09:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{3609da8b-2617-11de-8c02-001b38a9b985}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 09:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{8d107e3f-2e9c-11df-a91e-001b38a9b985}\Shell\AutoRun\command - "" = D:\installer.exe -- File not found
O33 - MountPoints2\{b216d59c-91de-11dc-9ba7-001b38a9b985}\Shell - "" = AutoRun
O33 - MountPoints2\{b216d59c-91de-11dc-9ba7-001b38a9b985}\Shell\AutoRun\command - "" = G:\wubi.exe -- File not found
O33 - MountPoints2\{dde4562f-fd98-11dd-9037-806e6f6e6963}\Shell\AutoRun\command - "" = n68mqcra.exe
O33 - MountPoints2\{dde4562f-fd98-11dd-9037-806e6f6e6963}\Shell\open\Command - "" = n68mqcra.exe
[2010.07.20 22:04:07 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\djrcidl.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Avira Antivir entdeckt autorun.inf und verweigert Zugriff |
|
22.07.2010, 16:00
| #7 |
| | Avira Antivir entdeckt autorun.inf und verweigert Zugriff Okay, ich hab das mal gemacht. hier das Logfile: All processes killed ========== OTL ========== File not found. File not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25506515-fbc5-11de-a7b9-001b38a9b985}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25506515-fbc5-11de-a7b9-001b38a9b985}\ not found. File H:\installer.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3609da7f-2617-11de-8c02-001b38a9b985}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3609da7f-2617-11de-8c02-001b38a9b985}\ not found. File move failed. C:\Windows\System32\setupSNK.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3609da8b-2617-11de-8c02-001b38a9b985}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3609da8b-2617-11de-8c02-001b38a9b985}\ not found. File move failed. C:\Windows\System32\setupSNK.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d107e3f-2e9c-11df-a91e-001b38a9b985}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d107e3f-2e9c-11df-a91e-001b38a9b985}\ not found. File D:\installer.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b216d59c-91de-11dc-9ba7-001b38a9b985}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b216d59c-91de-11dc-9ba7-001b38a9b985}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b216d59c-91de-11dc-9ba7-001b38a9b985}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b216d59c-91de-11dc-9ba7-001b38a9b985}\ not found. File G:\wubi.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dde4562f-fd98-11dd-9037-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dde4562f-fd98-11dd-9037-806e6f6e6963}\ not found. File n68mqcra.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dde4562f-fd98-11dd-9037-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dde4562f-fd98-11dd-9037-806e6f6e6963}\ not found. File n68mqcra.exe not found. File C:\Windows\System32\drivers\djrcidl.sys not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 304521 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: Public User: Rachel ->Temp folder emptied: 2020 bytes ->Temporary Internet Files folder emptied: 130281246 bytes ->Java cache emptied: 46908149 bytes ->FireFox cache emptied: 68316085 bytes ->Apple Safari cache emptied: 562176 bytes ->Flash cache emptied: 67846 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 15754 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 158423710 bytes RecycleBin emptied: 8299463839 bytes Total Files Cleaned = 8.301,00 mb Error: Unable to interpret <O32 - AutoRun File - [2010.02.02 14:04:45 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]> in the current context! Error: Unable to interpret <O32 - Unable to obtain root file information for disk D:\> in the current context! Error: Unable to interpret <O33 - MountPoints2\{25506515-fbc5-11de-a7b9-001b38a9b985}\Shell\AutoRun\command - "" = H:\installer.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{3609da7f-2617-11de-8c02-001b38a9b985}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 09:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation)> in the current context! Error: Unable to interpret <O33 - MountPoints2\{3609da8b-2617-11de-8c02-001b38a9b985}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 09:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation)> in the current context! Error: Unable to interpret <O33 - MountPoints2\{8d107e3f-2e9c-11df-a91e-001b38a9b985}\Shell\AutoRun\command - "" = D:\installer.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{b216d59c-91de-11dc-9ba7-001b38a9b985}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{b216d59c-91de-11dc-9ba7-001b38a9b985}\Shell\AutoRun\command - "" = G:\wubi.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{dde4562f-fd98-11dd-9037-806e6f6e6963}\Shell\AutoRun\command - "" = n68mqcra.exe> in the current context! Error: Unable to interpret <O33 - MountPoints2\{dde4562f-fd98-11dd-9037-806e6f6e6963}\Shell\open\Command - "" = n68mqcra.exe> in the current context! Error: Unable to interpret <[2010.07.20 22:04:07 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\djrcidl.sys> in the current context! ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Rachel ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.9.1 log created on 07222010_164725 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\setupSNK.exe scheduled to be moved on reboot. Registry entries deleted on Reboot... Wenn ich jetzt auf die externe Festplatte zugreifen möchte, kommt immer: "Sie müssen den Datenträger auf Laufwerk D:\ formatieren, bevor Sie ihn verwenden können." Das hatte ich schon öfter in der letzten Zeit, habe dann immer "chkdsk D:\ f " in der Eingabeaufforderung als Administrator ausgeführt, das hatte dann kurzeitig Wirkung, aber eben nur kurz...Naja, und, dass einige Autostartprogramme geblockt werden kommt hier auch immer wieder. Danke & Gruß! Rachel Geändert von rachel (22.07.2010 um 16:07 Uhr) |
|
22.07.2010, 16:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir entdeckt autorun.inf und verweigert Zugriff Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2010, 17:26
| #9 |
| | Avira Antivir entdeckt autorun.inf und verweigert Zugriff Hallo Arne, hier die von Combo Fix erstellte Log. Irgendwie konnte ich nicht alle Antivirenprogramme ausschalten, wollte den Prozess dann abbrechen (durch Betätigen des X-Schließen-Fensters), Combo Fix hat dann aber trotzdem gestartet. Hoffentlich ist das kein Problem. Combofix Logfile: Code:
ATTFilter ComboFix 10-07-21.04 - Rachel 22.07.2010 17:51:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.1013 [GMT 2:00]
ausgeführt von:: c:\users\Rachel\Desktop\cofi.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Rachel\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-22 bis 2010-07-22 ))))))))))))))))))))))))))))))
.
2010-07-22 16:05 . 2010-07-22 16:06 -------- d-----w- c:\users\Rachel\AppData\Local\temp
2010-07-22 16:05 . 2010-07-22 16:05 -------- d-----w- c:\users\Gast\AppData\Local\temp
2010-07-22 16:05 . 2010-07-22 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-22 15:29 . 2010-07-22 15:29 -------- d-----w- c:\program files\CCleaner
2010-07-22 14:47 . 2010-07-22 14:47 -------- d-----w- C:\_OTL
2010-07-21 18:38 . 2010-07-21 19:08 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-21 18:38 . 2010-01-22 06:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-21 18:38 . 2008-11-26 09:08 131 ----a-w- c:\windows\IDB.zip
2010-07-21 18:38 . 2010-01-22 06:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-21 18:38 . 2010-01-22 06:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-21 18:38 . 2009-10-27 22:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-21 18:37 . 2010-02-05 07:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-07-21 18:37 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-21 18:37 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-21 18:37 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-21 18:37 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-21 18:36 . 2010-07-22 16:03 -------- d-----w- c:\program files\Spyware Doctor
2010-07-21 18:36 . 2010-07-21 18:39 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-21 18:36 . 2010-07-21 18:36 -------- d-----w- c:\users\Rachel\AppData\Roaming\PC Tools
2010-07-21 18:36 . 2010-07-21 18:36 -------- d-----w- c:\programdata\PC Tools
2010-07-20 22:19 . 2010-07-20 22:19 -------- d-----w- c:\program files\MSECache
2010-07-20 19:35 . 2010-07-20 19:35 -------- d-----w- c:\users\Rachel\AppData\Roaming\Malwarebytes
2010-07-20 19:35 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 19:35 . 2010-07-20 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 19:35 . 2010-07-20 19:35 -------- d-----w- c:\programdata\Malwarebytes
2010-07-20 19:35 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 16:08 . 2010-07-20 16:08 -------- d-----w- c:\users\Rachel\AppData\Roaming\Uniblue
2010-07-20 16:08 . 2010-07-20 16:08 -------- d-----w- c:\program files\Uniblue
2010-07-20 13:06 . 2010-07-20 13:06 -------- d-----w- c:\users\Rachel\AppData\Roaming\Avira
2010-07-20 12:55 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-20 12:55 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-20 12:55 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-20 12:55 . 2010-07-20 12:55 -------- d-----w- c:\program files\Avira
2010-07-20 12:03 . 2010-07-20 12:03 -------- d-----w- c:\programdata\McAfee Security Scan
2010-07-20 12:03 . 2010-07-20 12:03 -------- d-----w- c:\programdata\McAfee
2010-07-20 12:03 . 2010-07-20 12:03 -------- d-----w- c:\program files\McAfee Security Scan
2010-07-10 09:47 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-07-09 15:49 . 2010-07-09 15:49 -------- d-----w- c:\program files\mdr
2010-07-09 13:59 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-07-04 17:58 . 2010-07-04 17:58 -------- d-----w- c:\users\Rachel\AppData\Local\Xenocode
2010-07-02 16:20 . 2003-08-11 08:07 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-07-02 16:20 . 2003-08-11 08:13 344064 ----a-r- c:\windows\system32\msvcr70.dll
2010-07-01 15:13 . 2010-07-01 15:13 -------- d-----w- c:\programdata\FLEXnet
2010-07-01 15:13 . 2010-07-01 15:13 -------- d-----w- c:\users\Rachel\AppData\Roaming\No Company Name
2010-07-01 11:43 . 2010-07-01 11:45 -------- d-----w- c:\programdata\SmartSound Software Inc
2010-07-01 11:43 . 2010-07-01 11:43 -------- d-----w- c:\programdata\eSellerate
2010-07-01 11:43 . 2010-07-01 11:43 -------- d-----w- c:\program files\SmartSound Software
2010-07-01 11:41 . 2010-07-01 11:41 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-01 01:02 . 2010-07-01 03:16 -------- d-----w- c:\users\Rachel\AppData\Roaming\Download Manager
2010-06-30 20:13 . 2010-07-22 15:51 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-25 14:26 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 14:26 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 14:26 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 14:26 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 14:26 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 19:09 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 19:09 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 18:12 . 2010-06-23 18:12 2944904 ----a-w- c:\users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\syeqpirf.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 14:56 . 2006-11-02 15:33 628742 ----a-w- c:\windows\system32\perfh007.dat
2010-07-22 14:56 . 2006-11-02 15:33 126260 ----a-w- c:\windows\system32\perfc007.dat
2010-07-22 08:08 . 2009-08-09 18:30 -------- d-----w- c:\users\Rachel\AppData\Roaming\HP
2010-07-20 15:58 . 2010-07-20 15:48 -------- d-----w- c:\programdata\SecTaskMan
2010-07-20 12:55 . 2009-05-03 20:36 -------- d-----w- c:\programdata\Avira
2010-07-15 10:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-09 13:15 . 2007-12-07 19:50 -------- d-----w- c:\program files\Microsoft.NET
2010-07-02 16:50 . 2007-11-07 13:09 98040 ----a-w- c:\users\Rachel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-02 16:38 . 2007-04-16 06:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-02 16:37 . 2008-10-14 23:57 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-02 16:20 . 2007-04-16 05:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-01 21:51 . 2008-10-02 10:11 -------- d-----w- c:\users\Rachel\AppData\Roaming\Skype
2010-07-01 20:51 . 2008-10-02 10:12 -------- d-----w- c:\users\Rachel\AppData\Roaming\skypePM
2010-06-25 15:05 . 2010-04-28 18:36 -------- d-----w- c:\program files\Ask.com
2010-06-04 12:13 . 2008-10-14 19:44 -------- d-----w- c:\users\Rachel\AppData\Roaming\dvdcss
2010-05-26 17:06 . 2010-06-09 08:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 08:12 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-04 14:03 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-07-09 14:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-07-09 14:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-07-09 14:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-07-09 14:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 08:09 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-26 21:15 . 2010-03-10 08:50 439816 ----a-w- c:\users\Rachel\AppData\Roaming\Real\Update\setup3.10\setup.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-23 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-07-13 67448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-7 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Philips GoGear Spark Gere-Manager.lnk - c:\program files\Philips\GoGear Spark Device Manager\main.exe [2010-3-13 7974455]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-12-20 40960]
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-4-4 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):38,ee,cf,78,e6,18,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - PCTSDInjDriver32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 22:33]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 22:33]
2010-07-22 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-07-20 05:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15003&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/
FF - ProfilePath - c:\users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\syeqpirf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_DE&apn_uid=38BAC10B-A8E4-48F7-B6C0-711F57FE9E5A&apn_ptnrs=PV&apn_sauid=3023A355-263E-4577-8D2E-1AC80F0B9BBD&apn_dtid=&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-22 18:05
Windows 6.0.6002 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-07-22 18:12:55
ComboFix-quarantined-files.txt 2010-07-22 16:12
Vor Suchlauf: 12 Verzeichnis(se), 29.133.074.432 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 31.472.091.136 Bytes frei
- - End Of File - - 2672EDC37782EEACE9E375019AE31BA1
Danke & Grüße! Rachel |
|
22.07.2010, 19:08
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir entdeckt autorun.inf und verweigert ZugriffZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2010, 19:26
| #11 |
| | Avira Antivir entdeckt autorun.inf und verweigert Zugriff Nee, eigentlich nicht. Wurde aber von Combo Fix angezeigt. Weiß auch nicht warum... Hab ja Avira als Virenschutz. Auch confused...hmm. Grüße, Rachel |
|
22.07.2010, 19:46
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir entdeckt autorun.inf und verweigert Zugriff Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.09.2010, 08:29
| #13 |
| | Avira Antivir entdeckt autorun.inf und verweigert Zugriff Hallo Arne, konnte die empfohlenen Anwendungen leider erst jetzt ausführen, da ich die letzten Wochen auf Reisen war. Hier jedenfalls die Ergebnisse: GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-01 08:58:17
Windows 6.0.6002 Service Pack 2
Running: zug4cuhv.exe; Driver: C:\Users\Rachel\AppData\Local\Temp\fxrdqpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88356000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8839F000, 0x510, 0x40000040]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72FC7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7301A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72FCBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72FBF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72FC75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72FBE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [72FF8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [72FCDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72FBFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72FBFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72FB71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7304CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [72FEC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72FBD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72FB6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72FB687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72FC2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 09:22:04 on 01.09.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "TOSCDSPD.cpl" - ? - C:\Windows\system32\TOSCDSPD.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Rachel\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyDelay.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\Windows\System32\drivers\pfc.sys "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Tosrfcom" (Tosrfcom) - ? - C:\Windows\system32\drivers\Tosrfcom.sys (File not found) "Touch Pad Detection Filter driver" (TpChoice) - ? - C:\Windows\System32\DRIVERS\TpChoice.sys (File not found) "VClone" (VClone) - "Elaborate Bytes AG" - C:\Windows\System32\DRIVERS\VClone.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Adobe.Acrobat.ContextMenu" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Programme\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "PDFCreator Toolbar" - ? - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll <binary data> "Sopcast Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} "Java Plug-in 1.5.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Amazon.de" - ? - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (HTTP value) "eBay" - ? - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (HTTP value) "eBay - Der weltweite Online Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (HTTP value) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll <binary data> "Sopcast Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {D4027C7F-154A-4066-A1AD-4243D8127440} "Sopcast Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma Loader.exe.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "McAfee Security Scan Plus.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk (Shortcut exists | File not found) "Philips GoGear Spark Gere-Manager.lnk" - "KeenHigh Tech." - C:\Program Files\Philips\GoGear Spark Device Manager\main.exe (Shortcut exists | File exists) "PHOTOfunSTUDIO -viewer-.lnk" - "Matsushita Electric Industrial Co., Ltd." - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Shortcut exists | File exists) "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "RegistryBooster" - ? - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 (File not found) "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "HSON" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TBS\HSON.exe "HWSetup" - ? - \HWSetup.exe hwSetUP (File not found) "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "KeNotify" - ? - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "NDSTray.exe" - ? - NDSTray.exe (File not found) "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SmoothView" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "SVPWUTIL" - "TOSHIBA" - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL "topi" - "TOSHIBA" - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup "Toshiba Registration" - "Toshiba" - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe "TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - ? - C:\Windows\system32\AdobePDF.dll (File not found) "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\rswin_3745.dll (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - ? - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (File not found) "TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe "TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru BOOTKIT REMOVER: .\debug.cpp(238) : Debug log started at 01.09.2010 - 07:26:00 .\boot_cleaner.cpp(675) : Bootkit Remover .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab .\boot_cleaner.cpp(677) : www.esagelab.com .\boot_cleaner.cpp(681) : Program version: 1.1.0.0 .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x82202000 0x003b9000 "\SystemRoot\system32\ntkrnlpa.exe" .\debug.cpp(256) : 0x825bb000 0x00033000 "\SystemRoot\system32\hal.dll" .\debug.cpp(256) : 0x80405000 0x00007000 "\SystemRoot\system32\kdcom.dll" .\debug.cpp(256) : 0x8040c000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll" .\debug.cpp(256) : 0x8047c000 0x00011000 "\SystemRoot\system32\PSHED.dll" .\debug.cpp(256) : 0x8048d000 0x00008000 "\SystemRoot\system32\BOOTVID.dll" .\debug.cpp(256) : 0x80495000 0x00041000 "\SystemRoot\system32\CLFS.SYS" .\debug.cpp(256) : 0x804d6000 0x000e0000 "\SystemRoot\system32\CI.dll" .\debug.cpp(256) : 0x8060a000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys" .\debug.cpp(256) : 0x80686000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS" .\debug.cpp(256) : 0x80693000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys" .\debug.cpp(256) : 0x806d9000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS" .\debug.cpp(256) : 0x806e2000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys" .\debug.cpp(256) : 0x806ea000 0x00027000 "\SystemRoot\system32\drivers\pci.sys" .\debug.cpp(256) : 0x80711000 0x0000a000 "\SystemRoot\system32\DRIVERS\LPCFilter.sys" .\debug.cpp(256) : 0x8071b000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys" .\debug.cpp(256) : 0x8072a000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys" .\debug.cpp(256) : 0x8072d000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0x80737000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys" .\debug.cpp(256) : 0x80746000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys" .\debug.cpp(256) : 0x80790000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys" .\debug.cpp(256) : 0x80797000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS" .\debug.cpp(256) : 0x807a5000 0x0002d000 "\SystemRoot\system32\DRIVERS\pcmcia.sys" .\debug.cpp(256) : 0x807d2000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys" .\debug.cpp(256) : 0x807e2000 0x00006000 "\SystemRoot\system32\DRIVERS\VClone.sys" .\debug.cpp(256) : 0x805b6000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS" .\debug.cpp(256) : 0x82c0a000 0x000be000 "\SystemRoot\system32\DRIVERS\iaStor.sys" .\debug.cpp(256) : 0x82cc8000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys" .\debug.cpp(256) : 0x82cd0000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS" .\debug.cpp(256) : 0x82cee000 0x00009000 "\SystemRoot\system32\drivers\msahci.sys" .\debug.cpp(256) : 0x82cf7000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys" .\debug.cpp(256) : 0x82d29000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys" .\debug.cpp(256) : 0x82d39000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys" .\debug.cpp(256) : 0x82e0e000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys" .\debug.cpp(256) : 0x82f19000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys" .\debug.cpp(256) : 0x82f44000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS" .\debug.cpp(256) : 0x88003000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys" .\debug.cpp(256) : 0x880ed000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys" .\debug.cpp(256) : 0x88200000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys" .\debug.cpp(256) : 0x88310000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys" .\debug.cpp(256) : 0x88349000 0x00005000 "\SystemRoot\system32\DRIVERS\TVALZ_O.SYS" .\debug.cpp(256) : 0x8834e000 0x0004b000 "\SystemRoot\system32\DRIVERS\tos_sps32.sys" .\debug.cpp(256) : 0x88399000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys" .\debug.cpp(256) : 0x883a1000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys" .\debug.cpp(256) : 0x883b0000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys" .\debug.cpp(256) : 0x883d7000 0x00011000 "\SystemRoot\system32\drivers\disk.sys" .\debug.cpp(256) : 0x88108000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS" .\debug.cpp(256) : 0x883e8000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys" .\debug.cpp(256) : 0x881e7000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys" .\debug.cpp(256) : 0x881f2000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys" .\debug.cpp(256) : 0x82f7f000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0x8c00a000 0x00637000 "\SystemRoot\system32\DRIVERS\igdkmd32.sys" .\debug.cpp(256) : 0x8c641000 0x000a1000 "\SystemRoot\System32\drivers\dxgkrnl.sys" .\debug.cpp(256) : 0x8c6e2000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys" .\debug.cpp(256) : 0x8c6ee000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0x8c6f9000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0x8c737000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0x8c746000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys" .\debug.cpp(256) : 0x8c7d3000 0x00018000 "\SystemRoot\system32\DRIVERS\Rtlh86.sys" .\debug.cpp(256) : 0x8c80f000 0x000b9000 "\SystemRoot\system32\DRIVERS\athr.sys" .\debug.cpp(256) : 0x8c8c8000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys" .\debug.cpp(256) : 0x8c8d8000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS" .\debug.cpp(256) : 0x8c8e6000 0x0004c000 "\SystemRoot\system32\drivers\tifm21.sys" .\debug.cpp(256) : 0x8c932000 0x0001a000 "\SystemRoot\system32\DRIVERS\sdbus.sys" .\debug.cpp(256) : 0x8c94c000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0x8c950000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0x8c963000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0x8c96e000 0x00028000 "\SystemRoot\system32\DRIVERS\Apfiltr.sys" .\debug.cpp(256) : 0x8c996000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0x8c9a1000 0x00004000 "\SystemRoot\system32\DRIVERS\tdcmdpst.sys" .\debug.cpp(256) : 0x8c9a5000 0x00003000 "\SystemRoot\system32\drivers\pfc.sys" .\debug.cpp(256) : 0x8c9a8000 0x00008000 "\SystemRoot\system32\drivers\Afc.sys" .\debug.cpp(256) : 0x8c9b0000 0x00001000 "\SystemRoot\System32\Drivers\ElbyDelay.sys" .\debug.cpp(256) : 0x8c9b1000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0x8c9c9000 0x00006000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys" .\debug.cpp(256) : 0x8c9cf000 0x0001f000 "\SystemRoot\system32\DRIVERS\dne2000.sys" .\debug.cpp(256) : 0x82f8e000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys" .\debug.cpp(256) : 0x82fbd000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys" .\debug.cpp(256) : 0x8c9ee000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0x82daa000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0x8c800000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0x82dc1000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0x8c7eb000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0x82de4000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0x807e8000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys" .\debug.cpp(256) : 0x805dc000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0x8c80b000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0x8cc0e000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0x8cc38000 0x0000e000 "\SystemRoot\system32\DRIVERS\circlass.sys" .\debug.cpp(256) : 0x8cc46000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0x8cc50000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys" .\debug.cpp(256) : 0x8cc5d000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0x8cc92000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0x8ce02000 0x001dc000 "\SystemRoot\system32\drivers\RTKVHDA.sys" .\debug.cpp(256) : 0x8cca3000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0x8ccd0000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0x8d205000 0x0011c000 "\SystemRoot\system32\DRIVERS\AGRSM.sys" .\debug.cpp(256) : 0x8d321000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0x8d323000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys" .\debug.cpp(256) : 0x8d330000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0x8d339000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0x8d340000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0x8d347000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0x8d353000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS" .\debug.cpp(256) : 0x8d374000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0x8d37c000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys" .\debug.cpp(256) : 0x8d384000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0x8d38f000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0x8d39d000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0x8d3a6000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys" .\debug.cpp(256) : 0x8d3bc000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys" .\debug.cpp(256) : 0x8ccf5000 0x00048000 "\SystemRoot\system32\drivers\afd.sys" .\debug.cpp(256) : 0x8cd3d000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0x8d3d0000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys" .\debug.cpp(256) : 0x8d3e6000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0x8cfde000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0x8d3f4000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys" .\debug.cpp(256) : 0x8cd6f000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0x8cff1000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys" .\debug.cpp(256) : 0x8cdab000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys" .\debug.cpp(256) : 0x8cdc2000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys" .\debug.cpp(256) : 0x8cde4000 0x00015000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS" .\debug.cpp(256) : 0x8cc00000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys" .\debug.cpp(256) : 0x88129000 0x000be000 "\SystemRoot\System32\Drivers\dump_iaStor.sys" .\debug.cpp(256) : 0x8ee40000 0x00203000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0x8c000000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0x883f1000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys" .\debug.cpp(256) : 0x8f060000 0x00009000 "\SystemRoot\System32\TSDDD.dll" .\debug.cpp(256) : 0x8f080000 0x0000e000 "\SystemRoot\System32\cdd.dll" .\debug.cpp(256) : 0xa7c0d000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys" .\debug.cpp(256) : 0xa7c28000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys" .\debug.cpp(256) : 0xa7c45000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys" .\debug.cpp(256) : 0xa7cf5000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys" .\debug.cpp(256) : 0xa7d05000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys" .\debug.cpp(256) : 0xa7d2f000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0xa7d39000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys" .\debug.cpp(256) : 0xa7d4c000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys" .\debug.cpp(256) : 0xa7db9000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys" .\debug.cpp(256) : 0xa7dd6000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys" .\debug.cpp(256) : 0xaac0b000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys" .\debug.cpp(256) : 0xaac20000 0x00021000 "\SystemRoot\system32\drivers\mrxdav.sys" .\debug.cpp(256) : 0xaac41000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0xaac60000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys" .\debug.cpp(256) : 0xaac99000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys" .\debug.cpp(256) : 0xaacb1000 0x00027000 "\SystemRoot\System32\DRIVERS\srv2.sys" .\debug.cpp(256) : 0xaacd8000 0x0004e000 "\SystemRoot\System32\DRIVERS\srv.sys" .\debug.cpp(256) : 0xaad3e000 0x00090000 "\??\C:\Windows\system32\Drivers\CVPNDRVA.sys" .\debug.cpp(256) : 0xaadce000 0x00003000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys" .\debug.cpp(256) : 0xac400000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys" .\debug.cpp(256) : 0xac4de000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS" .\debug.cpp(256) : 0xac4e8000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys" .\debug.cpp(256) : 0xac4f4000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys" .\debug.cpp(256) : 0x77160000 0x00127000 "\Windows\System32\ntdll.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_FF001179&REV_03#3&33fd14ca&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000003f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination="\Device\Video0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination="\Device\Ndis" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_SCSI&Prod_DVD-ROM&Rev_1.0#1&2afd7d61&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Scsi\VClone1Port0Path0Target0Lun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0002#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000040" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d4d8477&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination="\Device\Video1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS541616J9SA00_________________SB4OC7DP#4&386e1ff7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IAAStorageDevice-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803B&SUBSYS_FF021179&REV_00#4&2811837f&0&22F0#{2c9f2281-eb3c-11d6-80af-0001020c74d4}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0025" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF02&REV_1000#4&214a8d76&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination="\Device\Video2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AUO2574#4&30805c67&0&UID67568640#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}" .\debug.cpp(400) : Destination="\Device\00000074" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{697CDFF2-F089-446D-9E07-34F622137CCB}" .\debug.cpp(400) : Destination="\Device\NDMP14" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CVPNDRVA" .\debug.cpp(400) : Destination="\Device\CVPNDRVA" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice" .\debug.cpp(400) : Destination="\Device\WMIAdminDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tos_sps32" .\debug.cpp(400) : Destination="\Device\tos_sps32" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0016#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9}" .\debug.cpp(400) : Destination="\Device\NDMP22" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination="\Device\Video3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl" .\debug.cpp(400) : Destination="\Device\VolMgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SCSIADAPTER#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000046" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62}" .\debug.cpp(400) : Destination="\Device\NDMP18" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination="\Device\Video4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:" .\debug.cpp(400) : Destination="\Device\RaidPort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0" .\debug.cpp(400) : Destination="\Device\Tun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000050" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_FF001179&REV_03#3&33fd14ca&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01#4&2a4963b&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&262fb087&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination="\Device\CompositeBattery" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FAD57A00-841D-4B4C-8961-D85688411DD2}" .\debug.cpp(400) : Destination="\Device\NDMP1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_1040&SUBSYS_11790001&REV_1002#4&214a8d76&0&0101#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\00000060" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{ACFC0E3E-48EA-489D-8679-62DA51C5BA0B}" .\debug.cpp(400) : Destination="\Device\NDMP8" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01#4&2a4963b&0&00E2#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1964ea33&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000061" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice" .\debug.cpp(400) : Destination="\Device\SpDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination="\Device\WMIDataDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{82e1af7c-8d2f-11dc-8603-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPCFilter" .\debug.cpp(400) : Destination="\Device\LPCFilter" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&3629d280&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B2CB308D-7B7F-46C2-8CEA-60FBE47D2663}" .\debug.cpp(400) : Destination="\Device\NDMP9" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_FF001179&REV_03#3&33fd14ca&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth" .\debug.cpp(400) : Destination="\Device\PEAuth" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt" .\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination="\Device\NamedPipe" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\0000004e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3" .\debug.cpp(400) : Destination="\Device\AgereModem5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TOSHIBA Software Modem" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C306E8EF-D965-4B64-90A4-B1A595AD9706}" .\debug.cpp(400) : Destination="\Device\NDMP12" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice" .\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&193a9d72&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF02&REV_1000#4&214a8d76&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\0000006e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched" .\debug.cpp(400) : Destination="\Device\Psched" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination="\Device\Mup" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1058&PID_1010#57442D575841314332305535363532#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-7" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:" .\debug.cpp(400) : Destination="\Device\CdRom1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvaldx" .\debug.cpp(400) : Destination="\Device\TVALZ" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination="\Device\Tcp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0001#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination="\Device\USBFDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8F37F70C-542B-4B25-8053-ACEB52BE1265}" .\debug.cpp(400) : Destination="\Device\NDMP3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination="\Device\USBFDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination="\Device\00000074" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000054" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#3#{629758ee-986e-4d9e-8e47-de27f8ab054d}" .\debug.cpp(400) : Destination="\Device\00000065" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{75BA2D04-0136-4595-B573-641472380A18}" .\debug.cpp(400) : Destination="\Device\NDMP4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0015#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000008" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination="\Device\USBFDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_FF001179&REV_03#3&33fd14ca&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination="\DosDevices\LPT1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b216d59c-91de-11dc-9ba7-001b38a9b985}" .\debug.cpp(400) : Destination="\Device\CdRom1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3" .\debug.cpp(400) : Destination="\Device\USBFDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination="\Device\FsWrap" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination="\Device\0000004b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1" .\debug.cpp(400) : Destination="\Device\Harddisk1\DR1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1b7ce9ee-6f03-11df-a3ed-001b38a9b985}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF02&REV_1000#4&214a8d76&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF02&REV_1000#4&214a8d76&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}" .\debug.cpp(400) : Destination="\Device\0000006e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_FF001179&REV_01#4&2ea7ffe2&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4" .\debug.cpp(400) : Destination="\Device\USBFDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000041" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4CB9345A-B130-4D1A-8BC1-528462E5ED78}" .\debug.cpp(400) : Destination="\Device\NDMP24" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1" .\debug.cpp(400) : Destination="\Device\CdRom1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature9A18B4B6Offset12FF600000Length1243D00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination="\GLOBAL??" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5" .\debug.cpp(400) : Destination="\Device\USBFDO-5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803A&SUBSYS_FF001179&REV_00#4&2811837f&0&21F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0024" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000012" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000003d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvalz" .\debug.cpp(400) : Destination="\Device\TVALZ" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{82e1af79-8d2f-11dc-8603-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Apfiltr" .\debug.cpp(400) : Destination="\Device\Apfiltr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Paspi0" .\debug.cpp(400) : Destination="\Device\Paspi0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8F743461-142F-46BA-8AF1-8623B1EDC7A5}" .\debug.cpp(400) : Destination="\Device\NDMP7" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6" .\debug.cpp(400) : Destination="\Device\USBFDO-6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0003#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000010" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000042" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:" .\debug.cpp(400) : Destination="\clfs" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________TO04____#5&31e4e654&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0016#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_FF001179&REV_01#4&2ea7ffe2&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_1040&SUBSYS_11790001&REV_1002#4&214a8d76&0&0101#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv" .\debug.cpp(400) : Destination="\Device\Secdrv" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9B8F903E-EB11-4889-BA69-025292E18398}" .\debug.cpp(400) : Destination="\Device\NDMP2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1964ea33&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000061" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E9768AF-284B-4E9F-AF0C-C4BF10E4C06D}" .\debug.cpp(400) : Destination="\Device\NDMP16" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7ffa0f3&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&305be14b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_WD&Prod_5000BEV_External&Rev_1.75#57442D575841314332305535363532&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000073" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6961B119-CDC9-4139-89D7-C06B01BD28AE}" .\debug.cpp(400) : Destination="\Device\NDMP10" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000040" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip" .\debug.cpp(400) : Destination="\Device\nativewifip" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0014#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000042" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\0000004f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination="\Device\MountPointManager" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_FF001179&REV_03#3&33fd14ca&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_FF001179&REV_03#3&33fd14ca&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl" .\debug.cpp(400) : Destination="\Device\ssmctl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#2#{629758ee-986e-4d9e-8e47-de27f8ab054d}" .\debug.cpp(400) : Destination="\Device\00000064" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl" .\debug.cpp(400) : Destination="\Device\PartmgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DNI_DNEMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000010" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination="\Device\WANARP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi" .\debug.cpp(400) : Destination="\Device\Nsi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{82e1af78-8d2f-11dc-8603-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F}" .\debug.cpp(400) : Destination="\Device\NDMP23" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF02&REV_1000#4&214a8d76&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice" .\debug.cpp(400) : Destination="\Device\NXTIPSEC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#1#{629758ee-986e-4d9e-8e47-de27f8ab054d}" .\debug.cpp(400) : Destination="\Device\00000063" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination="\Device\NDMP20" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0705#4&1964ea33&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000062" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev" .\debug.cpp(400) : Destination="\Device\WFP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000051" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BF02A3CC-BFF1-4A97-B992-DEB30BE34EC0}" .\debug.cpp(400) : Destination="\Device\NDMP13" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO" .\debug.cpp(400) : Destination="\Device\ElbyCDIO" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6" .\debug.cpp(400) : Destination="\Device\WANARPV6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination="\Device\Scsi\VClone1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________TO04____#5&31e4e654&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature9A18B4B6Offset100000Length5DC00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{82e1af77-8d2f-11dc-8603-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0" .\debug.cpp(400) : Destination="\Device\1394BUS0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DNE" .\debug.cpp(400) : Destination="\Device\DNE" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{183516D9-A30E-4643-B4A0-BB6252715EBB}" .\debug.cpp(400) : Destination="\Device\NDMP6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination="\Device\00000075" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature1E10BBOffset100000Length7470B06000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tdcmdpst" .\debug.cpp(400) : Destination="\Device\tdcmdpst" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0A7D89F4-14AC-4CE4-94F3-22E6B09F3B6B}" .\debug.cpp(400) : Destination="\Device\NDMP5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0005#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000041" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2fc0b885&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A02&SUBSYS_FF001179&REV_0C#3&33fd14ca&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination="\Device\Ide\iaStor0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH" .\debug.cpp(400) : Destination="\Device\NDMP19" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AUO2574#4&30805c67&0&UID67568640#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}" .\debug.cpp(400) : Destination="\Device\00000074" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd" .\debug.cpp(400) : Destination="\Device\AscKmd" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination="\Device\NdisWan" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&3629d280&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0015#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000008" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1a72d501&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice" .\debug.cpp(400) : Destination="\Device\MPS" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvald" .\debug.cpp(400) : Destination="\Device\TVALZ" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination="\Device\VolMgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A02&SUBSYS_FF001179&REV_0C#3&33fd14ca&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D0DACA61-45DF-496A-93A2-362873DBB8BA}" .\debug.cpp(400) : Destination="\Device\NDMP11" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0006#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6" .\debug.cpp(400) : Destination="\Device\NDMP21" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF02&REV_1000#4&214a8d76&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}" .\debug.cpp(400) : Destination="\Device\0000006e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination="\DosDevices\COM1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination="\Device\MailSlot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_SCSI&Prod_DVD-ROM&Rev_1.0#1&2afd7d61&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Scsi\VClone1Port0Path0Target0Lun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvalg" .\debug.cpp(400) : Destination="\Device\TVALZ" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Aaspi0" .\debug.cpp(400) : Destination="\Device\Aaspi0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_FF001179&REV_03#3&33fd14ca&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0014" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{14DA8DCD-4662-43F8-A837-6CA9F307CF63}" .\debug.cpp(400) : Destination="\Device\NDMP15" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination="\Device\Null" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000045" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination="\Device\Ndisuio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AGRSM_xface" .\debug.cpp(400) : Destination="\Device\AGRSM_xface" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv" .\debug.cpp(400) : Destination="\Device\SstpDrv" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination="" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000044" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle" .\debug.cpp(400) : Destination="\Device\WfpAle" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb" .\debug.cpp(400) : Destination="\Device\avipbb" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature9A18B4B6Offset5DD00000Length12A1900000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(451) : ********************************************** .\boot_cleaner.cpp(1077) : System volume is \\.\C: .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 .\boot_cleaner.cpp(424) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826 .\boot_cleaner.cpp(1151) : .\boot_cleaner.cpp(1152) : Size Device Name MBR Status .\boot_cleaner.cpp(1153) : -------------------------------------------- .\boot_cleaner.cpp(1197) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) .\boot_cleaner.cpp(1203) : .\boot_cleaner.cpp(1242) : Done; Vielen lieben Dank & schöne Grüße! Rachel |
|
01.09.2010, 12:09
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir entdeckt autorun.inf und verweigert ZugriffZitat:
Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.09.2010, 19:12
| #15 |
| | Avira Antivir entdeckt autorun.inf und verweigert Zugriff Hallo Arne, okay, ich habe die Vollscans gemacht. Hier die Ergebnisse: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4521 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 01.09.2010 16:22:08 mbam-log-2010-09-01 (16-22-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 307707 Laufzeit: 1 Stunde(n), 35 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Rachel\Downloads\Portable.Adobe.Premiere.Pro.CS3.ROLANTONiO\Portable.Adobe.Premiere.Pro.CS3.ROLANTONiO\Portable.Adobe.Premiere.Pro.CS3.By.wWw .Rolantonio.Blogspot.Com.eXe (Trojan.Agent) -> Quarantined and deleted successfully. D:\Adobe Premiere\Adobe Premiere Pro CS5\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 09/01/2010 at 07:46 PM Application Version : 4.42.1000 Core Rules Database Version : 5440 Trace Rules Database Version: 3252 Scan type : Complete Scan Total Scan Time : 02:52:31 Memory items scanned : 763 Memory threats detected : 0 Registry items scanned : 9121 Registry threats detected : 0 File items scanned : 168488 File threats detected : 4 Adware.Tracking Cookie C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\rachel@adbrite[2].txt cdn.eyewonder.com [ C:\Users\Rachel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KPGKWGWQ ] imagesrv.adition.com [ C:\Users\Rachel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KPGKWGWQ ] Trojan.Agent/Gen-Cryptor[Virut] C:\TOSHIBA\WEBSHOPS\EBAY\ADDTOOLBARBUTTON.EXE D:\autorun.inf (externe Festplatte) wird von Avira Antivir immer noch geblockt. Ich kann auf die Datei nicht zugreifen?! Vielen Dank & schöne Grüße! Rachel Geändert von rachel (01.09.2010 um 19:27 Uhr) |
|
| Themen zu Avira Antivir entdeckt autorun.inf und verweigert Zugriff |
| 0x00000001, 32 bit, agere systems, akamai, antivir, ask toolbar, autorun.inf, avgntflt.sys, avira, bho, bonjour, components, corp./icp, d:\autorun.inf, decrypter, desktop, ebay, error, excel.exe, festplatte, firefox, firefox.exe, flash player, google, home, home premium, iastor.sys, iexplore.exe, install.exe, installation, local\temp, location, logfile, mozilla, nvstor.sys, object, officejet, oldtimer, otl.exe, plug-in, problem, programdata, realtek, rundll, saver, sched.exe, searchplugins, security, security scan, shell32.dll, skype.exe, software, spark, start menu, studio, trojaner, trojaner-board, uleadburninghelper, vista, vlc media player, worm.p2p, wurm |
Linear-Darstellung
