Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Security Tool lässt sich nicht entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.08.2010, 13:22   #1
Nikolas22
 
Security Tool lässt sich nicht entfernen - Standard

Security Tool lässt sich nicht entfernen



Hi,

ich habe mir wie diverse andere Leute hier im Forum auch dieses SecurityTool eingefangen.
Jetzt lässt sich keine Anwendung mehr starten. Und es kommen ständig diese "Fake Viren Warnungen".
Ich habe alle Scans die in einem anderen Thema stehen durchgeführt.
Konnte das aber alles nur im Abgesicherten Modus machen da ich wenn ich Windows normal starte ja keine Programme ausführen kann.


mbam log mit Virenfund:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
w.malwarebytes.org

Datenbank Version: 4418

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

14.08.2010 19:05:40
mbam-log-2010-08-14 (19-05-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 322615
Laufzeit: 33 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
         
mbam log nach Virenfund:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
w.malwarebytes.org

Datenbank Version: 4418

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

14.08.2010 20:04:41
mbam-log-2010-08-14 (20-04-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 325077
Laufzeit: 34 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

hijackthis Log:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:07:52, on 14.08.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\***\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "D:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [VC10Player] D:\Programe\Virtual CD v10\System\VC10Play.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [BdeUtvol] rundll32 "C:\Users\***\AppData\Local\Temp\hwrcsass.dll",DllEntryPoint
O4 - HKCU\..\Run: [\\EDE\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Users\***\AppData\Local\Temp\E_S3E38.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [{AA8ACD96-912D-4EA1-15C0-257FDE060C83}] C:\Users\***\AppData\Roaming\Cinya\asmau.exe
O4 - HKCU\..\Run: [{B43C4100-3CD8-7317-A747-864313D88DF2}] C:\Users\***\AppData\Roaming\Abuliw\dedy.exe
O4 - HKCU\..\Run: [{570F1A73-FAE0-56F4-048F-6E8B5F70184A}] C:\Users\***\AppData\Roaming\Igsuw\sofo.exe
O4 - HKCU\..\RunOnce: [1686579041] "C:\Users\***\AppData\Local\1686579041.exe" 9 48 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe
O4 - Global Startup: STIMON.lnk = ?
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: SpyHunter 4 Service - Unknown owner - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - D:\Programe\Virtual CD v10\System\VC10SecS.exe

--
End of file - 7038 bytes
         

gmer Log:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-15 11:36:54
Windows 6.1.7600 
Running: fy6e1c85.exe; Driver: C:\Users\***\AppData\Local\Temp\pwtdyfog.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8202AAF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8202A104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8202A3F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82012634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82012898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8202A1DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8202A958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8202A6F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8202AF2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8202B1A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                     8207C8E9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              8209C3D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\drivers\eqiiv.sys                                                                                          Das System kann den angegebenen Pfad nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004f                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 D:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x80 0xB6 0x44 0x61 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x07 0x0F 0xEC 0x15 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x8A 0xDD 0xDF 0xC6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary                                                       C:\Windows\system32\drivers\VDRV1000.SYS
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group                                                               SCSI Miniport
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath                                                           system32\DRIVERS\vdrv1000.sys
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl                                                        1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start                                                               1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type                                                                1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag                                                                 65
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum                                                                
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0                                                              ROOT\SCSIADAPTER\0000
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count                                                          1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance                                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@INITSTARTFAILED                                                1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters                                                          
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface                                             
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@1                                           1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security                                                            
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     D:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x80 0xB6 0x44 0x61 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x07 0x0F 0xEC 0x15 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x8A 0xDD 0xDF 0xC6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@ServiceBinary                                                           C:\Windows\system32\drivers\VDRV1000.SYS
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@Group                                                                   SCSI Miniport
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@ImagePath                                                               system32\DRIVERS\vdrv1000.sys
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@ErrorControl                                                            1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@Start                                                                   1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@Type                                                                    1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@Tag                                                                     65
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum (not active ControlSet)                                            
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@0                                                                  ROOT\SCSIADAPTER\0000
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@Count                                                              1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@NextInstance                                                       1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@INITSTARTFAILED                                                    1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters (not active ControlSet)                                      
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface (not active ControlSet)                         
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface@1                                               1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\security (not active ControlSet)                                        

---- EOF - GMER 1.0.15 ----
         

Extras Log:
Code:
ATTFilter
OTL Extras logfile created on: 14.08.2010 20:09:10 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 9,00 Gb Free Space | 30,83% Space Free | Partition Type: NTFS
Drive D: | 203,59 Gb Total Space | 67,98 Gb Free Space | 33,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3,60 Gb Total Space | 3,58 Gb Free Space | 99,54% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "D:\Programme\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E7C721D-B008-4269-A1C4-2CE7E9757983}" = BoneTown
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC5CEC91-F421-4D5F-86EA-5D51E815B8EC}" = Steganos Safe 11
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C70C90D2-D197-40E9-B712-6828BDA5F74A}" = PdfMerge
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E5FCCD4A-1619-48AB-AB37-E0A678FD3FF1}" = Motorola Software Update
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = USB2.0 UVC WebCam
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced ZIP Password Recovery" = Advanced ZIP Password Recovery (remove only)
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"FileZilla Client" = FileZilla Client 3.3.2.1
"Free Excel/Xls to Pdf Converter_is1" = Free Excel/Xls to Pdf Converter 5.5
"ImgBurn" = ImgBurn
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Mp3tag" = Mp3tag v2.46a
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"PdaNet_is1" = PdaNet for Android 2.42
"PDF Blender" = PDF Blender
"Recuva" = Recuva
"R-Studio 5.2NSIS" = R-Studio 5.2
"Smart Data Recovery_is1" = Smart Data Recovery v4.3
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2010 18:32:15 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 13.08.2010 04:06:50 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 14.08.2010 06:06:33 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8fe885f1  ID des fehlerhaften
 Prozesses: 0xe10  Startzeit der fehlerhaften Anwendung: 0x01cb3ab4649b73be  Pfad der
 fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 9d2550bf-a78b-11df-8be0-0018f3c54812
 
Error - 14.08.2010 06:22:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x960df19d  ID des fehlerhaften
 Prozesses: 0x8d4  Startzeit der fehlerhaften Anwendung: 0x01cb3b9a809ebe77  Pfad der
 fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 e016db25-a78d-11df-b5dd-0018f3c54812
 
Error - 14.08.2010 06:26:03 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3855 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 134    Startzeit: 
01cb3b9ae3bcdba7    Endzeit: 7    Anwendungspfad: D:\Programme\Mozilla Firefox\firefox.exe

Berichts-ID:
 53104d60-a78e-11df-b5dd-0018f3c54812  
 
Error - 14.08.2010 08:10:18 | Computer Name = ***-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "SpyHunter 4 Service" konnte nicht neu
 gestartet werden.
 
Error - 14.08.2010 08:15:32 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 14.08.2010 10:49:42 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 14.08.2010 10:51:27 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc0f9  Name des fehlerhaften Moduls: SETUPAPI.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdafe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000a3835  ID des fehlerhaften
 Prozesses: 0x874  Startzeit der fehlerhaften Anwendung: 0x01cb3bc02435b00d  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\SETUPAPI.dll  Berichtskennung: 69dbcf59-a7b3-11df-b774-0018f3c54812
 
Error - 14.08.2010 11:07:17 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
 Zeitstempel: 0x4c48d5ce  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdac7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f2c2  ID des fehlerhaften
 Prozesses: 0x858  Startzeit der fehlerhaften Anwendung: 0x01cb3bc03bb8eaaf  Pfad der
 fehlerhaften Anwendung: D:\Programme\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\ole32.dll  Berichtskennung: a0355768-a7b5-11df-b774-0018f3c54812
 
[ Media Center Events ]
Error - 11.07.2010 03:46:50 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:46:49 - Fehler beim Herstellen der Internetverbindung.  09:46:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.07.2010 03:47:22 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:47:19 - Fehler beim Herstellen der Internetverbindung.  09:47:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.07.2010 15:33:35 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:33:32 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 14.07.2010 15:26:19 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:26:19 - Fehler beim Herstellen der Internetverbindung.  21:26:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2010 15:26:27 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:26:24 - Fehler beim Herstellen der Internetverbindung.  21:26:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2010 16:26:34 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 22:26:34 - Fehler beim Herstellen der Internetverbindung.  22:26:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2010 16:26:40 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 22:26:39 - Fehler beim Herstellen der Internetverbindung.  22:26:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2010 17:26:47 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 23:26:47 - Fehler beim Herstellen der Internetverbindung.  23:26:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2010 17:26:53 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 23:26:52 - Fehler beim Herstellen der Internetverbindung.  23:26:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 14.08.2010 13:29:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2010 13:29:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2010 13:29:54 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.08.2010 13:29:54 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         

OTL Log:
Code:
ATTFilter
OTL logfile created on: 14.08.2010 20:09:10 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 9,00 Gb Free Space | 30,83% Space Free | Partition Type: NTFS
Drive D: | 203,59 Gb Total Space | 67,98 Gb Free Space | 33,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3,60 Gb Total Space | 3,58 Gb Free Space | 99,54% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SpyHunter 4 Service) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TuneUp.Defrag) -- D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (MotoConnect Service) -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (VC10SecS) -- D:\Programe\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation                           )
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (vdrv1000) -- C:\Windows\System32\drivers\vdrv1000.sys (H+H Software GmbH)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (HH10Help.sys) -- C:\Windows\System32\drivers\HH10Help.sys (H+H Software GmbH)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (pnetmdm) -- C:\Windows\System32\drivers\pnetmdm.sys (June Fabrics Technology)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 EA 6F 7E B7 03 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.05.19 21:06:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.08.14 17:08:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.07.25 02:14:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.07.21 17:52:21 | 000,000,000 | ---D | M]
 
[2010.05.31 10:24:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.05.31 10:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.13 19:09:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iw51esi8.default\extensions
[2010.07.26 21:11:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iw51esi8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.13 17:25:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iw51esi8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.08 22:09:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iw51esi8.default\extensions\elemhidehelper@adblockplus.org
 
O1 HOSTS File: ([2010.08.14 13:47:04 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VC10Player] D:\Programe\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [\\EDE\EPSON Stylus DX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [{570F1A73-FAE0-56F4-048F-6E8B5F70184A}] C:\Users\***\AppData\Roaming\Igsuw\sofo.exe File not found
O4 - HKCU..\Run: [{AA8ACD96-912D-4EA1-15C0-257FDE060C83}] C:\Users\***\AppData\Roaming\Cinya\asmau.exe ()
O4 - HKCU..\Run: [{B43C4100-3CD8-7317-A747-864313D88DF2}] C:\Users\***\AppData\Roaming\Abuliw\dedy.exe (tlfum)
O4 - HKCU..\Run: [BdeUtvol] C:\Users\***\AppData\Local\Temp\hwrcsass.DLL File not found
O4 - HKCU..\RunOnce: [1686579041] C:\Users\***\AppData\Local\1686579041.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Programme\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fb4fb53d-6370-11df-b2d5-0018f3c54812}\Shell - "" = AutoRun
O33 - MountPoints2\{fb4fb53d-6370-11df-b2d5-0018f3c54812}\Shell\AutoRun\command - "" = G:\autorun.exe {5E7C721D-B008-4269-A1C4-2CE7E9757983} Setup.msi -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.14 20:07:27 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.08.14 20:06:28 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.08.14 20:06:28 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.14 18:16:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.14 17:00:58 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.08.14 14:10:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.08.14 14:10:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.14 12:28:05 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.08.14 12:27:37 | 000,000,000 | ---D | C] -- C:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010.08.14 12:21:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.11 12:44:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 12:44:33 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.11 12:44:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 12:44:28 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 12:44:28 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.11 12:44:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 12:44:25 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 12:44:25 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 12:44:25 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 12:44:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 12:44:25 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 12:44:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 12:44:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 12:44:16 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.10 18:05:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Igsuw
[2010.07.31 09:23:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\*** Jacke
[2010.07.31 09:11:55 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\[Originaldateien]
[2010.07.30 22:11:57 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010.07.30 22:11:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2010.07.28 15:45:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrafficMonitor
[2010.07.28 15:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TrafficMonitor
[2010.07.28 15:22:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RouterControl
[2010.07.28 11:20:43 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.07.25 13:30:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MTB Touren
[2010.07.24 09:02:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ohxawa
[2010.07.20 14:26:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mobile Atlas Creator
[2010.07.20 03:39:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\BoneTown
[2010.07.20 03:33:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Gyefyh
[2010.07.18 19:27:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yszi
[2010.07.16 17:40:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Boilsoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.14 20:08:28 | 003,932,160 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.14 20:07:06 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.14 20:07:06 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.14 20:07:06 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.14 20:07:06 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.14 20:07:05 | 001,498,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.14 19:23:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.14 19:23:10 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.14 18:34:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.08.14 18:22:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.14 18:01:06 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2010.08.14 17:37:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.14 17:17:30 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.14 17:17:30 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.14 17:17:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.14 17:10:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.14 13:20:32 | 000,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys
[2010.08.14 12:06:39 | 000,961,536 | ---- | M] () -- C:\Users\***\AppData\Local\1686579041.exe
[2010.08.11 17:27:15 | 003,782,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.11 16:26:18 | 000,464,257 | ---- | M] () -- C:\Users\***\Desktop\Zeugnisvorlage.pdf
[2010.08.11 16:25:35 | 001,488,743 | ---- | M] () -- C:\Users\***\Desktop\Anlage 1.pdf
[2010.08.11 11:18:38 | 000,000,662 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.07.29 08:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.07.28 11:21:00 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.22 12:32:55 | 000,438,862 | ---- | M] () -- C:\Users\***\Desktop\Zeugnis315.jpg
[2010.07.22 12:16:48 | 000,000,301 | ---- | M] () -- C:\Users\***\Desktop\redir.asp.htm
[2010.07.16 18:20:17 | 000,001,589 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk
[2010.07.16 18:19:56 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.16 18:19:52 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.14 20:06:52 | 000,781,909 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.14 18:03:39 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2010.08.14 12:06:39 | 000,961,536 | ---- | C] () -- C:\Users\***\AppData\Local\1686579041.exe
[2010.08.11 16:26:17 | 000,464,257 | ---- | C] () -- C:\Users\***\Desktop\Zeugnisvorlage.pdf
[2010.08.11 16:25:33 | 001,488,743 | ---- | C] () -- C:\Users\***\Desktop\Anlage 1.pdf
[2010.07.30 22:12:26 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.30 22:12:05 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.28 11:21:00 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.22 12:45:29 | 000,438,862 | ---- | C] () -- C:\Users\***\Desktop\Zeugnis315.jpg
[2010.07.22 12:16:48 | 000,000,301 | ---- | C] () -- C:\Users\***\Desktop\redir.asp.htm
[2010.07.16 18:20:17 | 000,001,589 | ---- | C] () -- C:\Users\***\Desktop\DivX Movies.lnk
[2010.07.16 18:19:56 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.16 18:19:52 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.06.21 16:52:38 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.06.21 16:52:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.06.21 16:52:36 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.06.21 16:52:36 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.06.21 16:52:36 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.06.21 16:52:36 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010.06.21 10:56:16 | 000,001,111 | ---- | C] () -- C:\Windows\AZPR3.INI
[2010.06.15 23:07:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.05.08 20:57:19 | 000,000,491 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.02.11 07:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2004.04.27 17:26:48 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2010.05.14 06:50:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Abuliw
[2010.05.20 09:56:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ACD Systems
[2010.07.16 17:40:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Boilsoft
[2010.07.20 05:02:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BoneTown
[2010.06.25 08:17:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cinya
[2010.05.19 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.06.10 16:41:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.06.30 20:07:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.08.14 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gyefyh
[2010.08.14 13:44:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Igsuw
[2010.08.11 11:13:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iwik
[2010.05.09 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2010.07.20 14:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Atlas Creator
[2010.06.03 11:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.14 01:03:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MSA
[2010.08.14 12:07:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ohxawa
[2010.06.15 18:29:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.08.11 12:12:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oxnuim
[2010.07.28 15:22:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl
[2010.08.14 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seekx
[2010.05.09 11:36:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos
[2010.06.02 16:48:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.05.31 10:24:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.07.28 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrafficMonitor
[2010.05.08 23:38:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.06.15 22:56:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UDC Profiles
[2010.07.03 11:42:58 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Virtual CD v10
[2010.07.31 09:10:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VSO
[2010.06.21 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft
[2010.08.11 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yszi
[2010.07.04 04:05:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zaoxa
[2009.07.14 06:53:46 | 000,029,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         

Vielen Dank schonmal für eure Mühe =)

Alt 15.08.2010, 19:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Tool lässt sich nicht entfernen - Standard

Security Tool lässt sich nicht entfernen



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Außerdem musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
SRV - (SpyHunter 4 Service) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE File not found
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
O4 - HKCU..\Run: [{570F1A73-FAE0-56F4-048F-6E8B5F70184A}] C:\Users\***\AppData\Roaming\Igsuw\sofo.exe File not found
O4 - HKCU..\Run: [{AA8ACD96-912D-4EA1-15C0-257FDE060C83}] C:\Users\***\AppData\Roaming\Cinya\asmau.exe ()
O4 - HKCU..\Run: [{B43C4100-3CD8-7317-A747-864313D88DF2}] C:\Users\***\AppData\Roaming\Abuliw\dedy.exe (tlfum)
O4 - HKCU..\Run: [BdeUtvol] C:\Users\***\AppData\Local\Temp\hwrcsass.DLL File not found
O4 - HKCU..\RunOnce: [1686579041] C:\Users\***\AppData\Local\1686579041.exe ()
O33 - MountPoints2\{fb4fb53d-6370-11df-b2d5-0018f3c54812}\Shell - "" = AutoRun
O33 - MountPoints2\{fb4fb53d-6370-11df-b2d5-0018f3c54812}\Shell\AutoRun\command - "" = G:\autorun.exe {5E7C721D-B008-4269-A1C4-2CE7E9757983} Setup.msi -- File not found
[2010.08.14 12:27:37 | 000,000,000 | ---D | C] -- C:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010.08.10 18:05:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Igsuw
[2010.07.24 09:02:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ohxawa
[2010.07.20 03:39:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\BoneTown
[2010.07.20 03:33:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Gyefyh
[2010.07.18 19:27:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yszi
[2010.07.16 17:40:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Boilsoft
[2010.08.11 11:13:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iwik
[2010.08.11 12:12:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oxnuim
[2010.08.14 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seekx
[2010.07.04 04:05:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zaoxa
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________

__________________

Alt 15.08.2010, 22:33   #3
Nikolas22
 
Security Tool lässt sich nicht entfernen - Standard

Security Tool lässt sich nicht entfernen



Hi,

hier ist das neue Logfile von OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
Service SpyHunter 4 Service stopped successfully!
Service SpyHunter 4 Service deleted successfully!
File  C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE File not found not found.
Service KMService stopped successfully!
Service KMService deleted successfully!
C:\Windows\System32\srvany.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{570F1A73-FAE0-56F4-048F-6E8B5F70184A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{570F1A73-FAE0-56F4-048F-6E8B5F70184A}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{AA8ACD96-912D-4EA1-15C0-257FDE060C83} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA8ACD96-912D-4EA1-15C0-257FDE060C83}\ not found.
C:\Users\***\AppData\Roaming\Cinya\asmau.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{B43C4100-3CD8-7317-A747-864313D88DF2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B43C4100-3CD8-7317-A747-864313D88DF2}\ not found.
C:\Users\***\AppData\Roaming\Abuliw\dedy.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BdeUtvol deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\1686579041 deleted successfully.
C:\Users\***\AppData\Local\1686579041.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb4fb53d-6370-11df-b2d5-0018f3c54812}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb4fb53d-6370-11df-b2d5-0018f3c54812}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb4fb53d-6370-11df-b2d5-0018f3c54812}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb4fb53d-6370-11df-b2d5-0018f3c54812}\ not found.
File G:\autorun.exe {5E7C721D-B008-4269-A1C4-2CE7E9757983} Setup.msi not found.
C:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP folder moved successfully.
C:\Users\***\AppData\Roaming\Igsuw folder moved successfully.
C:\Users\***\AppData\Roaming\Ohxawa folder moved successfully.
C:\Users\***\AppData\Roaming\BoneTown\savegames folder moved successfully.
C:\Users\***\AppData\Roaming\BoneTown\game\server folder moved successfully.
C:\Users\***\AppData\Roaming\BoneTown\game\client folder moved successfully.
C:\Users\***\AppData\Roaming\BoneTown\game\actionMaps folder moved successfully.
C:\Users\***\AppData\Roaming\BoneTown\game folder moved successfully.
C:\Users\***\AppData\Roaming\BoneTown folder moved successfully.
C:\Users\***\AppData\Roaming\Gyefyh folder moved successfully.
C:\Users\***\AppData\Roaming\Yszi folder moved successfully.
C:\Users\***\AppData\Roaming\Boilsoft\Boilsoft Video Splitter\profiles folder moved successfully.
C:\Users\***\AppData\Roaming\Boilsoft\Boilsoft Video Splitter folder moved successfully.
C:\Users\***\AppData\Roaming\Boilsoft folder moved successfully.
C:\Users\***\AppData\Roaming\Iwik folder moved successfully.
C:\Users\***\AppData\Roaming\Oxnuim folder moved successfully.
C:\Users\***\AppData\Roaming\Seekx folder moved successfully.
C:\Users\***\AppData\Roaming\Zaoxa folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 34477666 bytes
->Temporary Internet Files folder emptied: 314087 bytes
->Java cache emptied: 12145254 bytes
->FireFox cache emptied: 38061925 bytes
->Flash cache emptied: 3925 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68394 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 81,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08152010_232446

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Was hat das Programm jetzt gemacht? =)
__________________

Alt 15.08.2010, 22:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Tool lässt sich nicht entfernen - Standard

Security Tool lässt sich nicht entfernen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.08.2010, 22:46   #5
Nikolas22
 
Security Tool lässt sich nicht entfernen - Standard

Security Tool lässt sich nicht entfernen



Hi,

hier ist das Logfile von Combofix:
Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-15.01 - *** 15.08.2010  23:52:11.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2047.1301 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk
c:\users\***\AppData\Roaming\MSA
D:\install.exe

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_osppsvc


(((((((((((((((((((((((   Dateien erstellt von 2010-07-15 bis 2010-08-15  ))))))))))))))))))))))))))))))
.

2010-08-15 21:56 . 2010-08-15 22:03	--------	d-----w-	c:\users\***\AppData\Local\temp
2010-08-15 21:24 . 2010-08-15 21:24	--------	d-----w-	C:\_OTL
2010-08-14 18:06 . 2010-08-14 18:06	--------	d-----w-	C:\rsit
2010-08-14 18:06 . 2010-08-14 18:06	--------	d-----w-	c:\program files\trend micro
2010-08-14 15:00 . 2010-08-14 15:00	--------	d-----w-	c:\program files\Panda Security
2010-08-14 10:28 . 2010-08-14 10:28	--------	d-----w-	c:\program files\Enigma Software Group
2010-07-30 20:11 . 2010-07-30 20:13	--------	d-----w-	c:\program files\Google
2010-07-30 20:11 . 2010-07-30 20:11	--------	d-----w-	c:\users\***\AppData\Local\Google
2010-07-28 13:45 . 2010-07-28 13:46	--------	d-----w-	c:\users\***\AppData\Roaming\TrafficMonitor
2010-07-28 13:45 . 2010-07-28 13:45	--------	d-----w-	c:\programdata\TrafficMonitor
2010-07-28 13:22 . 2010-07-28 13:22	--------	d-----w-	c:\users\***\AppData\Roaming\RouterControl
2010-07-28 09:20 . 2010-07-28 09:20	--------	d-----w-	c:\program files\iPod
2010-07-28 09:16 . 2010-07-28 09:16	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-20 12:26 . 2010-07-20 12:26	--------	d-----w-	c:\users\***\AppData\Roaming\Mobile Atlas Creator
2010-07-20 01:32 . 2010-07-20 01:32	3774	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{5E7C721D-B008-4269-A1C4-2CE7E9757983}\controlPanelIcon.exe
2010-07-20 01:32 . 2010-07-20 01:32	3774	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{5E7C721D-B008-4269-A1C4-2CE7E9757983}\BoneTown.exe
2010-07-20 01:32 . 2010-07-20 01:32	10134	----a-r-	c:\users***\AppData\Roaming\Microsoft\Installer\{5E7C721D-B008-4269-A1C4-2CE7E9757983}\SystemFolder_msiexec.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 21:54 . 2009-07-14 08:47	653928	----a-w-	c:\windows\system32\perfh007.dat
2010-08-15 21:54 . 2009-07-14 08:47	129800	----a-w-	c:\windows\system32\perfc007.dat
2010-08-15 21:24 . 2010-06-25 06:17	--------	d-----w-	c:\users\***\AppData\Roaming\Cinya
2010-08-15 21:24 . 2010-05-14 04:50	--------	d-----w-	c:\users\***\AppData\Roaming\Abuliw
2010-08-14 11:20 . 2009-07-13 23:11	13904	----a-w-	c:\windows\system32\drivers\hwpolicy.sys
2010-08-14 10:27 . 2010-07-02 21:41	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-08-11 14:59 . 2010-05-19 18:17	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-11 09:18 . 2010-06-21 14:52	--------	d-----w-	c:\users\***\AppData\Roaming\Media Player Classic
2010-07-31 07:10 . 2010-06-06 20:02	--------	d-----w-	c:\users\***\AppData\Roaming\VSO
2010-07-30 11:39 . 2010-05-09 18:02	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2010-07-29 06:30 . 2010-08-11 10:44	197632	----a-w-	c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 10:44	82944	----a-w-	c:\windows\system32\iccvid.dll
2010-07-28 09:20 . 2010-07-15 10:13	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-25 16:14 . 2010-06-15 16:29	1	----a-w-	c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-16 16:20 . 2010-05-08 20:35	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-16 16:20 . 2010-05-08 20:23	--------	d-----w-	c:\programdata\DivX
2010-07-16 16:20 . 2010-07-16 16:20	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-16 16:20 . 2010-07-16 16:20	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-16 16:20 . 2010-05-08 20:27	--------	d-----w-	c:\program files\DivX
2010-07-16 16:20 . 2010-07-16 16:20	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-07-16 16:20 . 2010-07-16 16:20	57715	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-07-16 16:19 . 2010-07-16 16:19	54153	----a-w-	c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-16 16:19 . 2010-07-16 16:19	54128	----a-w-	c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-16 16:19 . 2010-07-16 16:19	54644	----a-w-	c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-16 16:19 . 2010-07-16 16:19	54101	----a-w-	c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-16 16:18 . 2010-05-08 20:30	895256	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-16 16:18 . 2010-05-08 20:30	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-07-15 10:45 . 2010-07-15 10:15	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2010-07-15 10:15 . 2010-07-15 10:15	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-15 10:15 . 2010-07-15 10:14	--------	d-----w-	c:\programdata\Apple Computer
2010-07-15 10:14 . 2010-07-15 10:14	--------	d-----w-	c:\program files\QuickTime
2010-07-15 10:14 . 2010-07-15 10:14	--------	d-----w-	c:\program files\Apple Software Update
2010-07-15 10:13 . 2010-07-15 10:13	--------	d-----w-	c:\program files\Bonjour
2010-07-15 10:13 . 2010-07-15 10:13	--------	d-----w-	c:\programdata\Apple
2010-07-14 22:27 . 2010-06-03 08:29	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-07-14 22:27 . 2010-06-03 08:29	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-07-14 14:38 . 2010-07-14 14:38	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_WinUsb_01007.Wdf
2010-07-14 14:36 . 2010-07-14 14:36	--------	d-----w-	c:\program files\PdaNet for Android
2010-07-14 08:03 . 2010-07-14 08:03	--------	d-----w-	c:\programdata\EPSON
2010-07-11 20:34 . 2010-06-01 21:40	1127240	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-11 08:47 . 2010-05-27 07:43	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-07-11 08:47 . 2010-05-27 07:43	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-07-03 09:42 . 2010-07-03 09:42	--------	d-s---w-	c:\users\***\AppData\Roaming\Virtual CD v10
2010-07-03 09:42 . 2010-05-08 20:48	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-03 09:40 . 2010-07-03 09:40	--------	d-----w-	c:\users\***\AppData\Roaming\InstallShield
2010-07-02 21:42 . 2010-07-02 21:42	--------	d-----w-	c:\program files\AGEIA Technologies
2010-07-02 21:41 . 2010-07-02 21:41	--------	d-----w-	c:\programdata\Divinity 2
2010-07-02 18:21 . 2010-06-26 09:59	--------	d-----w-	c:\programdata\Ubisoft
2010-06-30 18:07 . 2010-06-30 18:06	--------	d-----w-	c:\users\***\AppData\Roaming\gtk-2.0
2010-06-30 18:04 . 2010-06-30 18:04	--------	d-----w-	c:\program files\GIMP-2.0
2010-06-30 06:25 . 2010-08-11 10:44	978432	----a-w-	c:\windows\system32\wininet.dll
2010-06-29 10:53 . 2010-06-29 10:53	--------	d-----w-	c:\program files\directx
2010-06-26 09:57 . 2010-06-26 09:57	--------	d-----w-	c:\program files\Ubisoft
2010-06-26 01:01 . 2010-05-08 21:03	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-22 02:47 . 2010-08-11 10:44	310784	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 10:44	307200	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 10:44	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-06-21 15:00 . 2010-06-21 15:00	--------	d-----w-	c:\users\***\AppData\Roaming\Xilisoft
2010-06-19 06:33 . 2010-08-11 10:44	3955080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 10:44	3899784	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 10:44	37376	----a-w-	c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 10:44	2326016	----a-w-	c:\windows\system32\win32k.sys
2010-06-16 19:51 . 2010-05-27 07:43	1127240	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-16 05:48 . 2010-08-11 10:44	224256	----a-w-	c:\windows\system32\schannel.dll
2010-06-15 20:50 . 2010-05-08 20:51	114784	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-14 06:12 . 2010-08-11 10:44	1286016	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-06-08 06:02 . 2010-08-11 10:44	1233920	----a-w-	c:\windows\system32\msxml3.dll
2010-06-02 08:00 . 2010-06-21 14:52	108032	----a-w-	c:\windows\system32\ff_vfw.dll
2010-06-02 02:55 . 2010-06-28 17:56	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-28 17:56	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-28 17:56	239960	----a-w-	c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-11 07:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 07:13	293888	----a-w-	c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-06-28 17:56	470880	----a-w-	c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-28 17:56	248672	----a-w-	c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-28 17:56	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-28 17:56	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2010-05-26 09:41 . 2010-06-28 17:56	1868128	----a-w-	c:\windows\system32\d3dcsx_43.dll
2010-05-21 12:14 . 2010-05-08 18:46	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-19 18:50 . 2010-05-19 18:50	10134	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
2010-05-19 18:01 . 2010-05-19 18:01	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35	197920	----a-w-	c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 00:20	561552	----a-w-	c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\***\EPSON Stylus DX5000 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]
" Malwarebytes Anti-Malware  (reboot)"="d:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"VC10Player"="d:\programe\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-7-14 447952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
STIMON.lnk - c:\program files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe [2010-5-21 933888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"DAEMON Tools Lite"="d:\programme\DAEMON Tools Lite\DTLite.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"NBAgent"="d:\programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"StartCCC"="d:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SAFE2009 HotKeys"="d:\programme\Steganos Safe 11\SteganosHotKeyService.exe"
"SAFE2009 File Redirection Starter"="d:\programme\Steganos Safe 11\fredirstarter.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
" Malwarebytes Anti-Malware  (reboot)"="d:\programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"mumservice"=c:\program files\Motorola\Software Update\mumservice.exe
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe"

R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\Sleen16.sys [2007-10-11 10:24 79104]
R1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2009-08-24 183320]
R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-04-02 91456]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
R2 VC10SecS;Virtual CD v10 Management Service;d:\programe\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2008-11-06 18432]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 9472]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-19 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 20:11]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 20:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\iw51esi8.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programme\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npContribute.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
d:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-RunOnce-<NO NAME> - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.abr"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ani"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.apd"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bmp"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cr2"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.crw"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cur"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcr"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcx"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dib"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djvu"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dng"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.emf"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.eps"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.erf"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fpx"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.gif"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.hdr"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icl"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iff"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2k"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jfif"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jp2"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpc"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpe"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpeg"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-84129775-3603458491-3997632418-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpg"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.lbm"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mos"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mrw"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nef"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.orf"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbm"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcd"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcx"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pef"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pgm"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.png"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ppm"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psd"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psp"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raf"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ras"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raw"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgb"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rle"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sgi"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.srf"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tga"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tif"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tiff"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttc"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttf"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30po"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30pp"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30ppf"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbmp"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wmf"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xbm"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xmp"

[HKEY_USERS\S-1-5-21-84129775-3603458491-3997632418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-16  00:05:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-15 22:05

Vor Suchlauf: 9.222.889.472 Bytes frei
Nach Suchlauf: 8.941.703.168 Bytes frei

- - End Of File - - 114980AF09E7EF1CED5B820B705BC075
         
--- --- ---


Geändert von Nikolas22 (15.08.2010 um 23:13 Uhr)

Alt 16.08.2010, 07:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Tool lässt sich nicht entfernen - Standard

Security Tool lässt sich nicht entfernen



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
--> Security Tool lässt sich nicht entfernen

Alt 16.08.2010, 18:55   #7
Nikolas22
 
Security Tool lässt sich nicht entfernen - Standard

Security Tool lässt sich nicht entfernen



hi,

hier sind die drei neuen logfiles:

gmer:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-16 19:43:03
Windows 6.1.7600 
Running: fy6e1c85.exe; Driver: C:\Users\***\AppData\Local\Temp\pwtdyfog.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8242FAF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8242F104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8242F3F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82417634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82417898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8242F1DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8242F958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8242F6F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8242FF2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            824301A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                     8204A8E9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              8206A3D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000050                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 D:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x80 0xB6 0x44 0x61 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x07 0x0F 0xEC 0x15 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x8A 0xDD 0xDF 0xC6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary                                                       C:\Windows\system32\drivers\VDRV1000.SYS
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group                                                               SCSI Miniport
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath                                                           system32\DRIVERS\vdrv1000.sys
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl                                                        1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start                                                               1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type                                                                1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag                                                                 65
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum                                                                
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0                                                              ROOT\SCSIADAPTER\0000
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count                                                          1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance                                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@INITSTARTFAILED                                                1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters                                                          
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface                                             
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@1                                           1
Reg             HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security                                                            
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     D:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x80 0xB6 0x44 0x61 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x07 0x0F 0xEC 0x15 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x8A 0xDD 0xDF 0xC6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@ServiceBinary                                                           C:\Windows\system32\drivers\VDRV1000.SYS
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@Group                                                                   SCSI Miniport
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@ImagePath                                                               system32\DRIVERS\vdrv1000.sys
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@ErrorControl                                                            1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@Start                                                                   1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@Type                                                                    1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000@Tag                                                                     65
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum (not active ControlSet)                                            
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@0                                                                  ROOT\SCSIADAPTER\0000
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@Count                                                              1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@NextInstance                                                       1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@INITSTARTFAILED                                                    1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters (not active ControlSet)                                      
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface (not active ControlSet)                         
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface@1                                               1
Reg             HKLM\SYSTEM\ControlSet002\services\vdrv1000\security (not active ControlSet)                                        

---- EOF - GMER 1.0.15 ----
         
--- --- ---


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:47:11 on 16.08.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL
"Nero BurnRights 10" - "Nero AG" - D:\Programme\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"esgiguard" (esgiguard) - ? - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys  (File not found)
"HH10Help.sys" (HH10Help.sys) - "H+H Software GmbH" - C:\Windows\system32\drivers\HH10Help.sys
"PdaNet Modem" (pnetmdm) - "June Fabrics Technology" - C:\Windows\System32\DRIVERS\pnetmdm.sys
"pwtdyfog" (pwtdyfog) - ? - C:\Users\***\AppData\Local\Temp\pwtdyfog.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Steganos Live Encryption Engine 16 [Driver]" (SLEE_16_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt " - C:\Windows\system32\drivers\Sleen16.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"vdrv1000" (vdrv1000) - "H+H Software GmbH" - C:\Windows\System32\DRIVERS\vdrv1000.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - D:\Programme\7-Zip\7-zip.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{2BB59FC0-31E8-42DA-9D3C-E9A52953853B} "ImageResizer Shell Extension" - "VSO Software SARL" - D:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Programme\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - D:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{FAE0A3E0-3010-41BA-9DDC-A631394F047F} "SteganosShellExtension" - ? - D:\Programme\Steganos Safe 11\ShellExtension.dll  (File found, but it contains no detailed information)
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - D:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - D:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10g.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Contribute Toolbar" - "Adobe Systems, Inc." - D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems, Inc." - D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"PdaNet Desktop.lnk" - ? - C:\Program Files\PdaNet for Android\PdaNetPC.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"STIMON.lnk" - "Silicon Motion" - C:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"\\***\EPSON Stylus DX5000 Series" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Users\***\AppData\Local\Temp\E_S3E38.tmp" /EF "HKCU"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "D:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"VC10Player" - "H+H Software GmbH" - D:\Programe\Virtual CD v10\System\VC10Play.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"UDC" - ? - udcpm.dll  (File not found)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"@D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"MotoConnect Service" (MotoConnect Service) - ? - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe  (File found, but it contains no detailed information)
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"Virtual CD v10 Management Service" (VC10SecS) - "H+H Software GmbH" - D:\Programe\Virtual CD v10\System\VC10SecS.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---



bootkit:
Code:
ATTFilter
.\debug.cpp(238) : Debug log started at 16.08.2010 - 17:48:20
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82015000 0x00400000 "\SystemRoot\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x82415000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80b95000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x88834000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x888ac000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x888bd000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x888c5000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x88907000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x889b2000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x88a23000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x88a31000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x88a79000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0x88a82000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x88a8a000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x88a95000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x88abf000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x88ad0000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x88ae0000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x88b2b000 0x00007000 "\SystemRoot\system32\DRIVERS\intelide.sys"
.\debug.cpp(256) : 0x88b32000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x88b40000 0x00007000 "\SystemRoot\system32\DRIVERS\pciide.sys"
.\debug.cpp(256) : 0x88b47000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x88b5d000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x88b66000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x88b89000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x88b92000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x88bc6000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x88bd7000 0x0000a000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
.\debug.cpp(256) : 0x88c3c000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x88d6b000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x88d96000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x88da9000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x88e06000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x88e14000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x88e1d000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x88ed4000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x88f12000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x89013000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8915c000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8918d000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x89196000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x891dd000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8920a000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8921a000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x89222000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x89254000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x89265000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x892bc000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x892c3000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x892ca000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x892d6000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x892f7000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x89304000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8930c000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x89317000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x89325000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8933c000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x89347000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x893a1000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x893d3000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x893da000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x89000000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x88f37000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x88f45000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x88f86000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x88f90000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x88c00000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x88c18000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x88be1000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8e41b000 0x00050000 "\SystemRoot\system32\DRIVERS\yk62x86.sys"
.\debug.cpp(256) : 0x8e46b000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x8e476000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x8e4c1000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8e4d0000 0x0002c000 "\SystemRoot\system32\DRIVERS\1394ohci.sys"
.\debug.cpp(256) : 0x8e4fc000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0x8e507000 0x00002000 "\SystemRoot\system32\DRIVERS\ASACPI.sys"
.\debug.cpp(256) : 0x8e509000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x8e521000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8e52e000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8e54d000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x8e553000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x8e561000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x8e56e000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x8e578000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x8e58a000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x8e5a2000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x8e5ad000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8e5cf000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x8e5e7000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x8e5fe000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x8e615000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x8e61f000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8e62f000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8e66b000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0x8e691000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8e693000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x8e6c7000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x8e6d5000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x8e719000 0x0000a000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0x8e723000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x81440000 0x0024a000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x8e734000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x8e73e000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x8e754000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x81690000 0x00017000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0x8e761000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x8e76c000 0x00009000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x8e775000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x816c0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x8e786000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x8e79d000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x8e79f000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x8e7aa000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x8e7bd000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8e7c4000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x8e7cf000 0x0000c000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x81740000 0x00008000 "\SystemRoot\System32\framebuf.dll"
.\debug.cpp(256) : 0x90806000 0x00065000 "\SystemRoot\system32\DRIVERS\rtl8187.sys"
.\debug.cpp(256) : 0x9086b000 0x0000a000 "\SystemRoot\System32\drivers\vwifibus.sys"
.\debug.cpp(256) : 0x81750000 0x0004d000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x90875000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x9088f000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x908d5000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x908ee000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x90907000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x90919000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x9093c000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x90977000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x90992000 0x00017000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0x909a9000 0x0002a000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x909d3000 0x00017000 "\??\C:\Users\***\AppData\Local\Temp\pwtdyfog.sys"
.\debug.cpp(256) : 0x773e0000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x48140000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77620000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00600000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x76790000 0x00c49000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x77600000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x77520000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(256) : 0x766c0000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x76660000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x76560000 0x000f4000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x764d0000 0x00083000 "\Windows\System32\clbcatq.dll"
.\debug.cpp(256) : 0x76450000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x76310000 0x00135000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x762d0000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x76240000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x76210000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x76160000 0x000a1000 "\Windows\System32\rpcrt4.dll"
.\debug.cpp(256) : 0x76110000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x760c0000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x75f60000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x75f40000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x75f30000 0x00005000 "\Windows\System32\psapi.dll"
.\debug.cpp(256) : 0x75f10000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x75d70000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x75d10000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x75d00000 0x00006000 "\Windows\System32\nsi.dll"
.\debug.cpp(256) : 0x75b00000 0x001f9000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x75a60000 0x000a0000 "\Windows\System32\advapi32.dll"
.\debug.cpp(256) : 0x759b0000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x758e0000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x75840000 0x0009d000 "\Windows\System32\usp10.dll"
.\debug.cpp(256) : 0x75830000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x75810000 0x00012000 "\Windows\System32\devobj.dll"
.\debug.cpp(256) : 0x757e0000 0x00027000 "\Windows\System32\cfgmgr32.dll"
.\debug.cpp(256) : 0x75750000 0x00084000 "\Windows\System32\comctl32.dll"
.\debug.cpp(256) : 0x75720000 0x0002d000 "\Windows\System32\wintrust.dll"
.\debug.cpp(256) : 0x756d0000 0x0004a000 "\Windows\System32\KernelBase.dll"
.\debug.cpp(256) : 0x755b0000 0x0011c000 "\Windows\System32\crypt32.dll"
.\debug.cpp(256) : 0x755a0000 0x0000c000 "\Windows\System32\msasn1.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{4719a839-5acc-11df-bd5d-806e6f6e6963}#0000000753100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :              Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) :              Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1532&PID_0009#5&ff9bdde&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :              Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_0009&MI_01#7&377cfc35&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000072"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :              Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) :              Destination="\Device\AgileVPN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_8187#0015AF0BE562#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&398553ba&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde2Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_81791043&REV_01#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) :              Destination="\Device\ATKACPI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) :              Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) :              Destination="\Device\ProcessManagement"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) :              Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20#4&aaa63f6&0&00E4#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_0009&MI_01#7&377cfc35&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\00000072"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_8187#0015AF0BE562#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0409&PID_005A#5&10ef021e&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pwtdyfog"
.\debug.cpp(400) :              Destination="\Device\pwtdyfog"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :              Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) :              Destination="\Device\TeredoTun"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :              Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) :              Destination="\Device\vwififlt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_0009&MI_00#7&2d7631fb&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\00000071"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A4624ACA-C8F7-4073-8B2B-48EC406A93B7}"
.\debug.cpp(400) :              Destination="\Device\NDMP6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E38DEF8B-82FD-45CD-A6C0-D594EB680AFA}"
.\debug.cpp(400) :              Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&3803e7e3&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde1Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4719a840-5acc-11df-bd5d-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :              Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :              Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) :              Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :              Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) :              Destination="\Device\NDMP15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :              Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&765d3eb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :              Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_81791043&REV_01#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20#4&ca55412&0&00E3#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) :              Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Uni_Bonn&Prod_&Rev_0.00#00000000000453&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :              Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :              Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20#4&ca55412&0&00E3#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0F538466-9157-4DD0-87BF-4E08ABD10A80}"
.\debug.cpp(400) :              Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :              Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) :              Destination="\Device\Harddisk1\DR1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) :              Destination="\Device\IPSECDOSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :              Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :              Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&a663227&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde0Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_SH-S183A_______________SB01____#5&3003bd5e&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP2T1L0-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) :              Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD-ROM_SH-D163A_______________SB00____#5&722a3fc&0&1.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP3T1L0-b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :              Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&e097488&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000055"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) :              Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&2a92a121&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\FloppyPDO0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1307&PID_0165#00000000000453#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&2a92a121&0&0#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\FloppyPDO0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_81791043&REV_01#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4719a841-5acc-11df-bd5d-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_8187#0015AF0BE562#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&34aece3e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{519D8CCA-3C09-4AC5-B839-759B936098F3}"
.\debug.cpp(400) :              Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) :              Destination="\Device\nativewifip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_0009&MI_00#7&2d7631fb&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000071"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) :              Destination="\Device\NDMP16"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8023&SUBSYS_815B1043&REV_00#4&b244743&0&18F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Uni_Bonn&Prod_&Rev_0.00#00000000000453&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000079"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :              Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD2500KS-00MJB0_____________________02.01C03#5&3003bd5e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP2T0L0-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD-ROM_SH-D163A_______________SB00____#5&722a3fc&0&1.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP3T1L0-b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_SH-S183A_______________SB01____#5&3003bd5e&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP2T1L0-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&353844c7&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) :              Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_81791043&REV_01#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) :              Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4719a83c-5acc-11df-bd5d-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk1Partition1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) :              Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1c5b443c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) :              Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20#4&aaa63f6&0&00E4#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{4719a839-5acc-11df-bd5d-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) :              Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) :              Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) :              Destination="\Device\WwanProt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :              Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&a663227&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde0Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4719a83d-5acc-11df-bd5d-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4719a842-5acc-11df-bd5d-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) :              Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_090C&PID_B371#6&1b345132&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_8187#0015AF0BE562#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :              Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) :              Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F85D6E20-8F42-4864-A1E1-87BFD7310C6F}"
.\debug.cpp(400) :              Destination="\Device\NDMP7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{145D1DA6-61F9-40F6-AF9D-805341B1F9A7}"
.\debug.cpp(400) :              Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) :              Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05E3&PID_0606#5&10ef021e&0&7#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2e2b2fdc&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000065"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&398553ba&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde2Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) :              Destination="\Device\NDMP14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) :              Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :              Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :              Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{cc1fbfc5-7cf0-11df-8802-0018f3c54812}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :              Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_81791043&REV_01#3&11583659&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FA682FA0-1284-439C-B6A8-B855ABEA3F3B}"
.\debug.cpp(400) :              Destination="\Device\NDMP3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) :              Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :              Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) :              Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :              Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) :              Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D021F7C8-E652-466A-BB66-FC7B456A55A7}"
.\debug.cpp(400) :              Destination="\Device\NDMP17"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2E8F1642-EE64-48D2-9123-FDC28BD55867}"
.\debug.cpp(400) :              Destination="\Device\NDMP8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&3803e7e3&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde1Channel1"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
.\boot_cleaner.cpp(424) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
.\boot_cleaner.cpp(1151) : 
.\boot_cleaner.cpp(1152) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1153) :  --------------------------------------------
.\boot_cleaner.cpp(1197) :    232 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) : 
.\boot_cleaner.cpp(1242) : Done;
         

Gruss Nikolas

Alt 16.08.2010, 18:57   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Tool lässt sich nicht entfernen - Standard

Security Tool lässt sich nicht entfernen



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.08.2010, 21:44   #9
Nikolas22
 
Security Tool lässt sich nicht entfernen - Standard

Security Tool lässt sich nicht entfernen



hi

hier die beiden letzen logs.
bei mbam wurde wider was gefunden....

mbam:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4437

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

16.08.2010 21:10:33
mbam-log-2010-08-16 (21-10-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 326060
Laufzeit: 34 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\_OTL\MovedFiles\08152010_232446\C_Users\***\AppData\Local\1686579041.exe (Rogue.Security.Tool) -> Quarantined and deleted successfully.
         
superantispyware:
Code:
ATTFilter
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 08/16/2010 bei 10:39 PM

Version der Applikation : 4.41.1000

Version der Kern-Datenbank : 5363
Version der Spur-Datenbank : 3175

Scan Art       : kompletter Scann
Totale Scann-Zeit : 01:20:06

Gescannte Speicherelemente  : 430
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 8848
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 198817
Erfasste Datei-Elemente   : 0
         

Gruß


Nikolas

Alt 17.08.2010, 08:53   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Tool lässt sich nicht entfernen - Standard

Security Tool lässt sich nicht entfernen



Was MBAM gefunden ist nicht schlimm. Wir haben mit OTL schädliche Objekte entfernt, aber OTL bewahrt Sicherheitskopien in diesen Ordner auf, dort sind sie isoliert und können so nichts anrichten.

Ich brauch die beiden Quarantäneordner von Combofix und OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Ordner C:\Qoobox in eine Datei zippen
4.) Beide erstellten ZIP-Dateien hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
5.) Wenns erfolgreich war Bescheid sagen
6.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Security Tool lässt sich nicht entfernen
7-zip, anlage, antivir, antivir guard, audiograbber, avgnt, avgntflt.sys, avira, awareness, bho, bonjour, browser, components, controlset002, converter, corp./icp, data recovery, desktop, document, enigma, entfernen, failed, fehler, firefox.exe, flash player, fontcache, google, google earth, install.exe, jdownloader, keine programme, keine programme ausführen, langs, local\temp, location, locker, lässt sich nicht entfernen, media center, microsoft office word, mozilla, mozilla thunderbird, netzwerklistendienst, nvstor.sys, object, oldtimer, otl.exe, plug-in, programdata, realtek, recuva, registry, richtlinie, saver, security, senden, shell32.dll, software, sptd.sys, spyhunter 4, start menu, starten., system, taskhost.exe, usb, viren, vlc media player, webcheck, windows




Ähnliche Themen: Security Tool lässt sich nicht entfernen


  1. .dll-Datei von Sophos als Hacking Tool eingestuft, lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 06.11.2014 (11)
  2. Bitdefender Internet Security 2013 lässt sich trotz Uninstall-Tool nicht entfernen. Suche andere Möglichkeit.
    Antiviren-, Firewall- und andere Schutzprogramme - 13.09.2014 (1)
  3. Live Security Platinum lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  4. Security Tool lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.12.2010 (7)
  5. Kann Security Tool trotz Anleitung nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (34)
  6. Security Tool lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (53)
  7. SECURITY TOOL WARNUNG öffnet sich andauernd! Malwarebytes und HiJackThis lassen sich nicht posten!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2010 (1)
  8. SECURITY TOOL WARNUNG öffnet sich andauernd und lässt sich nicht entfernen!
    Log-Analyse und Auswertung - 03.10.2010 (1)
  9. Security Essentials 2010 lässt sich nicht entfernen, rkill funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 26.09.2010 (11)
  10. Security Tool lässt sich auch mit der Anleitung nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 29.08.2010 (16)
  11. Security Tool, lässt sich einfach nicht entfernen !
    Mülltonne - 14.08.2010 (1)
  12. Security Tool - NICHTS geht mehr! Keine .exe lässt sich mehr öffnen!
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  13. security tool lässt sich nicht vollständig entfernen, ändert browser startseite
    Plagegeister aller Art und deren Bekämpfung - 15.05.2010 (1)
  14. Desktop Security 2010 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (21)
  15. Security Essentials 2010 lässt sich einfach nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (1)
  16. Spybot+Firefox hängen sich auf / Windows Security Alert lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (15)
  17. Hilfe!! Security Toolbar 7.1 lässt sich nicht entfernen (W32.Myzor.FK@yf)
    Mülltonne - 27.05.2007 (1)

Zum Thema Security Tool lässt sich nicht entfernen - Hi, ich habe mir wie diverse andere Leute hier im Forum auch dieses SecurityTool eingefangen. Jetzt lässt sich keine Anwendung mehr starten. Und es kommen ständig diese "Fake Viren Warnungen". - Security Tool lässt sich nicht entfernen...
Archiv
Du betrachtest: Security Tool lässt sich nicht entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.