| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Security Tool lässt sich auch mit der Anleitung nicht löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.08.2010, 11:05
| #1 |
 |  Security Tool lässt sich auch mit der Anleitung nicht löschen Hallo! Als ich Heute meinen Laptop hochgefahren habe, ist Security Tool aufgetaucht. Das Problem hatte ich schon einmal am Anfang des Jahres und damal konnte ich es super nach der hier im Forum beschrieben Anleitung löschen. Das wollte ich auch diesmal wieder probieren, doch leider lässt mich "Security Tool" weder die rkill (auch nicht unbenannt) noch Malwarebytes (exe habe ich auch schon unbenannt) ausführen oder installieren. Malwarebytes lässt sich zwar im abgesicherten Modus ausführen, aber da findet das Programm keinen Trojaner oder sonstige Fehler. Einen Wiederherstellungspunkt lässt mich Security Tool auch nicht auswählen. Und andere Virenprogramme (auch unbenannt) werden auch blockiert ... Habt ihr eine Lösung? Schon mal Danke im Vorraus!!!! |
|
19.08.2010, 19:33
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Security Tool lässt sich auch mit der Anleitung nicht löschen Es gibt eine zufällig benannte Setupdatei von Malwarebytes probier das => http://malwarebytes.org/mbam-download-exe-random.php
__________________Denk ans Update nach dem Installieren!!!!
__________________ |
|
20.08.2010, 00:13
| #3 |
| | Security Tool lässt sich auch mit der Anleitung nicht löschen Danke!
__________________Konnte Security Tool im abgesicherten Modus löschen und danach konnte ich auch Malwarebytes drüber laufe lassen... Sollte alles wieder i.O. sein. *close* |
|
20.08.2010, 08:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Tool lässt sich auch mit der Anleitung nicht löschen Poste das Logfile! Mit Malwarebytes allein ist nicht getan!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.08.2010, 13:15
| #5 |
| | Security Tool lässt sich auch mit der Anleitung nicht löschen Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4450 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 20.08.2010 05:56:47 mbam-log-2010-08-20 (05-56-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 312599 Laufzeit: 3 Stunde(n), 8 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) HiJackthis Logfile: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:41:46, on 20.08.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Symantec AntiVirus\VPTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\mHotkey.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\msconfig.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Update Service (gupdate1c98e4a399e56fd) (gupdate1c98e4a399e56fd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7742 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Ad-Aware Update (Weekly).job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{D3CA66CF-B7AF-4F24-A749-C4D2F52DD632}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-12-11 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}] Burn4Free Toolbar Helper - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2009-11-25 815104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Burn4Free Toolbar - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2009-11-25 815104] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-11-28 134808] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1985-01-01 815104] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-02-06 90191] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-02-06 81920] "CHotkey"=C:\Windows\mHotkey.exe [2005-12-15 547840] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-22 107112] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-19 2403568] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] C:\Program Files\AIM6\aim6.exe [2009-07-09 49968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe [2007-02-03 283136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-19 1089536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe [2006-09-14 157592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlyAway] C:\Users\???\AppData\Local\Temp\ARCA38E\FlyAway.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe [2008-07-22 357376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-01-23 141608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid] C:\Program Files\Logitech\Logitech Vid\Vid.exe [2009-07-16 5458704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2082-02-15 4317184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\showwnd] C:\Windows\showwnd.exe [2003-09-18 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sniffer] C:\Windows\Temp\_ex-08.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-11 198160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2009-04-10 37888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{CA62012F-160F-7A2E-BB1E-5EC812B3192A}] C:\Users\???\AppData\Roaming\Pyda\roelu.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Status Monitor.lnk] C:\PROGRA~1\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-19 1089536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^???^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Medien-Prüfung.lnk] C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2008-11-28 327680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}] shell\AutoRun\command - D:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5b0603f-cf91-11de-8dc1-001167000000}] shell\AutoRun\command - E:\pushinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}] shell\AutoRun\command - G:\setup.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-08-19 13:51:57 ----A---- C:\Windows\system32\lsdelete.exe 2010-08-19 12:47:42 ----HDC---- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-08-19 12:44:23 ----D---- C:\ProgramData\Lavasoft 2010-08-19 12:44:23 ----D---- C:\Program Files\Lavasoft 2010-08-19 12:43:10 ----D---- C:\Users\???\AppData\Roaming\SUPERAntiSpyware.com 2010-08-19 12:43:10 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2010-08-19 12:41:54 ----D---- C:\Program Files\SUPERAntiSpyware 2010-08-19 10:27:47 ----A---- C:\Windows\ntbtlog.txt 2010-08-19 01:39:20 ----A---- C:\Windows\system32\wpcap.dll 2010-08-19 01:39:19 ----A---- C:\Windows\system32\Packet.dll 2010-08-16 12:38:58 ----D---- C:\Windows\Favorites 2010-08-15 13:22:21 ----D---- C:\ProgramData\Soulseek 2010-08-15 13:21:33 ----D---- C:\Program Files\SoulseekNS 2010-08-13 00:22:37 ----A---- C:\Windows\system32\iertutil.dll 2010-08-13 00:22:36 ----A---- C:\Windows\system32\mshtml.dll 2010-08-13 00:22:34 ----A---- C:\Windows\system32\ieframe.dll 2010-08-13 00:22:32 ----A---- C:\Windows\system32\urlmon.dll 2010-08-13 00:22:31 ----A---- C:\Windows\system32\wininet.dll 2010-08-13 00:22:31 ----A---- C:\Windows\system32\msfeeds.dll 2010-08-13 00:22:31 ----A---- C:\Windows\system32\iedkcs32.dll 2010-08-13 00:22:31 ----A---- C:\Windows\system32\ie4uinit.exe 2010-08-13 00:22:30 ----A---- C:\Windows\system32\mstime.dll 2010-08-13 00:22:30 ----A---- C:\Windows\system32\ieui.dll 2010-08-13 00:22:29 ----A---- C:\Windows\system32\occache.dll 2010-08-13 00:22:28 ----A---- C:\Windows\system32\msfeedssync.exe 2010-08-13 00:22:28 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-08-13 00:22:28 ----A---- C:\Windows\system32\jsproxy.dll 2010-08-13 00:22:28 ----A---- C:\Windows\system32\ieUnatt.exe 2010-08-13 00:22:28 ----A---- C:\Windows\system32\iesysprep.dll 2010-08-13 00:22:28 ----A---- C:\Windows\system32\iesetup.dll 2010-08-13 00:22:28 ----A---- C:\Windows\system32\iernonce.dll 2010-08-13 00:22:28 ----A---- C:\Windows\system32\iepeers.dll 2010-08-13 00:22:23 ----A---- C:\Windows\system32\iccvid.dll 2010-08-13 00:22:17 ----A---- C:\Windows\system32\schannel.dll 2010-08-13 00:21:44 ----A---- C:\Windows\system32\rtutils.dll 2010-08-13 00:21:31 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-08-13 00:21:30 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-08-13 00:21:26 ----A---- C:\Windows\system32\msxml3.dll 2010-08-12 23:14:28 ----D---- C:\Users\???\AppData\Roaming\Qahu 2010-08-12 23:14:28 ----D---- C:\Users\???\AppData\Roaming\Pyda 2010-08-02 21:17:34 ----A---- C:\Windows\system32\shell32.dll 2010-07-30 14:36:05 ----D---- C:\Program Files\Hercules ======List of files/folders modified in the last 1 months====== 2085-12-23 10:42:24 ----R---- C:\Windows\RtlExUpd.dll 2082-02-15 14:30:56 ----A---- C:\Windows\system32\Uci32112.dll 2082-02-15 14:30:56 ----A---- C:\Windows\system32\SRSWOW.dll 2082-02-15 14:30:56 ----A---- C:\Windows\system32\SRSTSXT.dll 2082-02-15 14:30:56 ----A---- C:\Windows\system32\RtkPgExt.dll 2082-02-15 14:30:56 ----A---- C:\Windows\system32\RtkCoInst.dll 2082-02-15 14:30:56 ----A---- C:\Windows\system32\RtkAPO.dll 2082-02-15 14:30:56 ----A---- C:\Windows\system32\mdmxsdk.dll 2082-02-15 14:30:56 ----A---- C:\Windows\RtlUpd.exe 2082-02-15 14:30:56 ----A---- C:\Windows\RtHDVCpl.exe 2010-08-20 14:14:22 ----D---- C:\Windows\Prefetch 2010-08-20 14:14:16 ----D---- C:\Windows\Temp 2010-08-20 13:51:48 ----D---- C:\Users\???\AppData\Roaming\vlc 2010-08-20 13:41:42 ----D---- C:\Windows\System32 2010-08-20 13:41:42 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-08-20 13:41:41 ----D---- C:\Windows\inf 2010-08-20 13:39:03 ----D---- C:\Windows\Tasks 2010-08-20 08:23:34 ----D---- C:\Windows\system32\Tasks 2010-08-20 08:11:08 ----SHD---- C:\System Volume Information 2010-08-20 02:32:41 ----D---- C:\Program Files\trend micro 2010-08-20 01:07:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-20 01:07:29 ----D---- C:\Windows\system32\drivers 2010-08-20 01:04:20 ----D---- C:\Program Files\Trillian 2010-08-19 13:41:21 ----D---- C:\Windows\ModemLogs 2010-08-19 13:19:40 ----D---- C:\Windows\system32\catroot 2010-08-19 13:19:39 ----DC---- C:\Windows\system32\DRVSTORE 2010-08-19 12:50:28 ----D---- C:\Program Files\Google 2010-08-19 12:47:42 ----SHD---- C:\Windows\Installer 2010-08-19 12:47:42 ----HD---- C:\ProgramData 2010-08-19 12:44:23 ----RD---- C:\Program Files 2010-08-19 12:44:14 ----D---- C:\Windows\winsxs 2010-08-19 10:27:47 ----D---- C:\Windows 2010-08-16 12:46:34 ----D---- C:\Users\???\AppData\Roaming\Skype 2010-08-16 12:38:53 ----D---- C:\Program Files\Windows Media Player 2010-08-16 12:38:12 ----RD---- C:\Users 2010-08-13 13:05:44 ----D---- C:\Windows\Microsoft.NET 2010-08-13 13:05:09 ----RSD---- C:\Windows\assembly 2010-08-13 11:15:44 ----D---- C:\Program Files\Internet Explorer 2010-08-13 11:15:42 ----D---- C:\Windows\system32\migration 2010-08-13 11:15:34 ----D---- C:\Program Files\Movie Maker 2010-08-13 11:04:18 ----D---- C:\Program Files\Windows Mail 2010-08-13 00:20:42 ----D---- C:\Windows\system32\catroot2 2010-08-12 23:15:28 ----SD---- C:\Users\???\AppData\Roaming\Microsoft 2010-08-08 16:39:53 ----D---- C:\Program Files\ICQ6.5 2010-08-08 16:35:57 ----D---- C:\Users\???\AppData\Roaming\skypePM 2010-08-06 09:51:25 ----D---- C:\Program Files\Mozilla Firefox 2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe 2010-07-30 14:36:05 ----HD---- C:\Program Files\InstallShield Installation Information 2010-07-26 20:51:48 ----D---- C:\ProgramData\Microsoft Help ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-27 371248] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672] R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-22 247144] R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-22 25448] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-26 185744] R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1997-12-23 23936] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816] R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624] R2 irda;IrDA-Protokoll; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2082-02-15 12672] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2082-02-15 8192] R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2006-02-25 19200] R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2006-11-22 34576] R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2006-11-22 27792] R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2006-11-22 18320] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392] R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2005-04-12 4608] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2082-02-15 986624] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2082-02-15 206848] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2082-02-15 1668456] R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2009-10-07 25752] R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVENG.SYS [2010-02-16 84912] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVEX15.SYS [2010-02-16 1324720] R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2082-02-15 1786880] R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-02-06 4456320] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192] R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-01 109744] R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-26 26384] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [1985-01-01 179256] R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [1985-01-01 290304] R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2006-11-22 34448] R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2006-11-22 44304] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2082-02-15 659968] S3 amp64n2z;amp64n2z; C:\Windows\system32\drivers\amp64n2z.sys [] S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2007-01-26 4352] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2006-12-28 33936] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008] S3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2009-10-07 114712] S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-10-07 266008] S3 LVUVC;Logitech Webcam 250(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-09-15 17664] S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-22 274328] S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS [2082-02-15 6909] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 usbser;Nokia USB Serial Port; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 AppMgmt;Anwendungsverwaltung; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624] R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-28 30872] R2 Irmon;Infrarotüberwachungsdienst; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1355416] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136] R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008] R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-28 1962136] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate1c98e4a399e56fd;Google Update Service (gupdate1c98e4a399e56fd); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-14 133104] S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-29 144672] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] S3 CscService;Offlinedateien; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 Fax;Fax; C:\Windows\system32\fxssvc.exe [2008-01-21 523776] S3 FontCache;Windows-Dienst für Schriftartencache; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-01-23 545576] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 UmRdpService;Anschlussumleitung für Terminaldienst im Benutzermodus; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 wbengine;Blockebenen-Sicherungsmodul; C:\Windows\system32\wbengine.exe [2009-04-11 918528] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S3 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2082-02-15 386560] S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-02-16 66872] S4 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-02-16 107832] S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544] S4 vvdsvc;VJVodServices; C:\Windows\System32\svchost.exe [2008-01-21 21504] -----------------EOF----------------- Wenn ich allerdings unter msconfig, Systemstart aufrufe finde ich dort: "sniffer Windows/Temp/_ex-08.exe" habe es unter Google gesucht und es soll eine gefährliche Datei sein. Allerdings haben Malwarebytes und SUPERAntiSpyware nichts gefunden... Auch finde ich unter Systemstart: {CA602012F-160F...5EC812B3192A} User/Benutzer/Name/AppData/Roaming/Pyda/roelu.exe Da weiß ich auch nicht was dies sein könnte und die Datei in dem angegebenen Ordner ist auch nicht zu sehen. Ist das an Logfiles ok??? |
|
21.08.2010, 14:03
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Tool lässt sich auch mit der Anleitung nicht löschen Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> Security Tool lässt sich auch mit der Anleitung nicht löschen |
|
21.08.2010, 15:03
| #7 |
| | Security Tool lässt sich auch mit der Anleitung nicht löschen OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.08.2010 15:16:21 - Run 3 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Philip\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 1,31 Gb Free Space | 0,88% Space Free | Partition Type: NTFS Drive D: | 293,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PHILIP-LAPTOP Current User Name: Philip Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Philip\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Trillian\trillian.exe (Cerulean Studios) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\SoulseekNS\slsk.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation) PRC - C:\Programme\Symantec AntiVirus\SavRoam.exe (symantec) PRC - C:\Programme\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) PRC - C:\Programme\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Windows\mHotkey.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Philip\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (vvdsvc) -- C:\Windows\System32\Nagasoft\vjocx.dll (南京纳加软件有限公司) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (UIUSys) -- C:\Windows\System32\drivers\UIUSYS.SYS (Conexant Systems, Inc) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100329.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100329.002\NAVENG.SYS (Symantec Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (LVUVC) Logitech Webcam 250(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder\SysInfo.sys () DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (BT) -- C:\Windows\System32\drivers\BtNetDrv.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\System32\drivers\VcommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (Aspi32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: support@burn4free-toolbar.com:1.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.9 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.04.05 21:50:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.19 01:56:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.06 09:51:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.22 14:57:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.01 11:57:37 | 000,000,000 | ---D | M] [2009.02.14 02:41:55 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\mozilla\Extensions [2010.08.21 13:51:13 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions [2010.06.05 07:37:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.05 07:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4} [2010.04.20 06:44:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.06.05 07:37:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.11.20 03:15:37 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\02mqam55.default\extensions\firefox@tvunetworks.com [2010.08.21 13:51:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.18 10:27:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2007.04.16 19:07:12 | 000,180,293 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npViewpoint.dll [2010.08.06 09:51:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.06 09:51:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.06 09:51:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.06 09:51:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.06 09:51:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Programme\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll () O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Programme\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Programme\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CHotkey] C:\Windows\mHotkey.exe () O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Philip\Desktop\STUFF\VFL\VfL_Screen_1280x1024.jpg O24 - Desktop BackupWallPaper: C:\Users\Philip\Desktop\STUFF\VFL\VfL_Screen_1280x1024.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.07.12 19:23:44 | 000,587,142 | R--- | M] () - D:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2007.08.14 11:29:14 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2007.03.07 15:54:52 | 000,136,744 | R--- | M] (Macrovision Corporation) O33 - MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\Shell - "" = AutoRun O33 - MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found O33 - MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\Shell - "" = AutoRun O33 - MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.21 15:12:40 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Philip\Desktop\OTL.exe [2010.08.20 01:07:14 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\Unity [2010.08.19 13:19:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.08.19 13:19:34 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.08.19 12:54:42 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\Sunbelt Software [2010.08.19 12:47:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2010.08.19 12:44:23 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.08.19 12:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.08.19 12:43:10 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\SUPERAntiSpyware.com [2010.08.19 12:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.08.19 12:41:54 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.08.19 09:58:14 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Philip\Desktop\OTH.scr [2010.08.19 09:48:14 | 000,000,000 | ---D | C] -- C:\Users\Philip\Desktop\X [2010.08.19 01:39:21 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\drivers\npf.sys [2010.08.19 01:39:20 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll [2010.08.19 01:39:19 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll [2010.08.16 12:38:58 | 000,000,000 | ---D | C] -- C:\Windows\Favorites [2010.08.15 13:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Soulseek [2010.08.15 13:21:33 | 000,000,000 | ---D | C] -- C:\Programme\SoulseekNS [2010.08.15 11:30:03 | 000,000,000 | ---D | C] -- C:\Users\Philip\Desktop\Marek_Hemmann-Left__Right_EP [2010.08.13 00:22:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.13 00:22:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.13 00:22:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.13 00:22:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.13 00:22:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.13 00:22:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.13 00:22:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.13 00:22:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.13 00:22:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.13 00:22:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.13 00:22:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.13 00:22:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.13 00:22:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.13 00:22:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.13 00:22:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.13 00:22:23 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.13 00:21:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.13 00:21:40 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.13 00:21:31 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.13 00:21:30 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.12 23:14:28 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\Qahu [2010.08.12 23:14:28 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\Pyda [2010.07.30 18:15:52 | 000,000,000 | ---D | C] -- C:\Users\Philip\Desktop\Desire [2010.07.30 14:36:05 | 000,000,000 | ---D | C] -- C:\Programme\Hercules [1 C:\Users\Philip\*.tmp files -> C:\Users\Philip\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2085.12.23 10:42:24 | 000,499,712 | R--- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2082.02.15 14:30:56 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe [2082.02.15 14:30:56 | 001,814,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2082.02.15 14:30:56 | 001,786,880 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys [2082.02.15 14:30:56 | 001,668,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys [2082.02.15 14:30:56 | 001,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe [2082.02.15 14:30:56 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys [2082.02.15 14:30:56 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys [2082.02.15 14:30:56 | 000,532,480 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2082.02.15 14:30:56 | 000,489,472 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2082.02.15 14:30:56 | 000,339,968 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2082.02.15 14:30:56 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys [2082.02.15 14:30:56 | 000,159,744 | ---- | M] (Conexant Systems, Inc) -- C:\Windows\System32\Uci32112.dll [2082.02.15 14:30:56 | 000,144,201 | ---- | M] () -- C:\Windows\System32\drivers\HSFProf.cty [2082.02.15 14:30:56 | 000,135,168 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2082.02.15 14:30:56 | 000,094,208 | ---- | M] (Conexant) -- C:\Windows\System32\mdmxsdk.dll [2082.02.15 14:30:56 | 000,017,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll [2082.02.15 14:30:56 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys [2082.02.15 14:30:56 | 000,006,909 | R--- | M] (Conexant Systems, Inc) -- C:\Windows\System32\drivers\UIUSYS.SYS [2010.08.21 15:23:17 | 003,670,016 | -HS- | M] () -- C:\Users\Philip\ntuser.dat [2010.08.21 15:12:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Philip\Desktop\OTL.exe [2010.08.21 15:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.21 14:58:08 | 000,013,072 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\nvModes.dat [2010.08.21 14:58:08 | 000,013,072 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\nvModes.001 [2010.08.21 14:57:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.21 13:45:27 | 000,672,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.21 13:45:27 | 000,632,628 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.21 13:45:27 | 000,119,932 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.21 13:45:26 | 001,564,404 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.21 13:45:26 | 000,146,176 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.21 13:41:37 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.08.21 13:39:48 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D3CA66CF-B7AF-4F24-A749-C4D2F52DD632}.job [2010.08.21 13:37:19 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.21 13:37:11 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.21 13:37:11 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.21 13:37:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.21 13:36:38 | 2143,440,896 | -HS- | M] () -- C:\hiberfil.sys [2010.08.20 15:26:38 | 000,524,288 | -HS- | M] () -- C:\Users\Philip\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms [2010.08.20 15:26:38 | 000,065,536 | -HS- | M] () -- C:\Users\Philip\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf [2010.08.20 15:26:21 | 003,207,688 | -H-- | M] () -- C:\Users\Philip\AppData\Local\IconCache.db [2010.08.20 09:36:33 | 000,809,218 | ---- | M] () -- C:\Users\Philip\Desktop\BA_Vorlage_Vers_1.2.docx [2010.08.20 02:32:42 | 000,001,874 | ---- | M] () -- C:\Users\Philip\Desktop\HijackThis.lnk [2010.08.19 13:19:34 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.08.19 12:47:37 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.08.19 12:42:13 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.19 09:58:16 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Philip\Desktop\OTH.scr [2010.08.19 01:39:22 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\drivers\npf.sys [2010.08.19 01:39:20 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll [2010.08.19 01:39:20 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll [2010.08.13 11:19:43 | 000,374,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.08.12 14:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2010.08.06 01:02:11 | 000,184,320 | ---- | M] () -- C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.02 21:31:55 | 000,056,894 | ---- | M] () -- C:\Users\Philip\Desktop\BA_Vorlage_Vers_1.1.docx [2010.08.02 21:17:50 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.07.30 14:36:11 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Hercules QuickAccess für modem Router.lnk [2010.07.30 00:08:53 | 000,309,415 | ---- | M] () -- C:\Users\Philip\Desktop\Namor_pre1.jpg [2010.07.29 23:42:39 | 000,299,395 | ---- | M] () -- C:\Users\Philip\Desktop\Retro_pre5.jpg [1 C:\Users\Philip\*.tmp files -> C:\Users\Philip\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.20 13:39:03 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.08.20 02:32:42 | 000,001,874 | ---- | C] () -- C:\Users\Philip\Desktop\HijackThis.lnk [2010.08.19 13:51:57 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.08.19 12:47:37 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.08.19 12:42:12 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.19 12:35:02 | 2143,440,896 | -HS- | C] () -- C:\hiberfil.sys [2010.08.16 13:20:34 | 000,809,218 | ---- | C] () -- C:\Users\Philip\Desktop\BA_Vorlage_Vers_1.2.docx [2010.08.02 21:31:41 | 000,056,894 | ---- | C] () -- C:\Users\Philip\Desktop\BA_Vorlage_Vers_1.1.docx [2010.07.30 14:36:11 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Hercules QuickAccess für modem Router.lnk [2010.07.30 00:08:41 | 000,309,415 | ---- | C] () -- C:\Users\Philip\Desktop\Namor_pre1.jpg [2010.07.29 23:42:34 | 000,299,395 | ---- | C] () -- C:\Users\Philip\Desktop\Retro_pre5.jpg [2010.06.13 13:39:33 | 000,017,408 | ---- | C] () -- C:\Users\Philip\AppData\Local\WebpageIcons.db [2010.02.20 19:41:07 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini [2009.11.03 03:53:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.10.07 07:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 07:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.09.11 04:10:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.29 22:45:06 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.08.20 17:51:02 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.08.20 17:51:02 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.07.23 09:58:20 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.06.20 14:17:33 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2009.06.20 14:12:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.06.13 13:10:50 | 000,000,079 | ---- | C] () -- C:\Windows\ricdb.ini [2009.05.05 13:52:38 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [2009.05.05 13:52:36 | 000,000,149 | ---- | C] () -- C:\Windows\KPCMS.INI [2009.04.05 22:39:53 | 001,627,176 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\NMM-MetaData.db [2009.04.03 01:10:15 | 000,000,389 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.02.17 15:28:13 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini [2009.02.16 19:52:45 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.02.16 19:52:44 | 000,022,328 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\PnkBstrK.sys [2009.02.16 00:40:17 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.02.14 12:28:34 | 000,000,094 | ---- | C] () -- C:\Users\Philip\AppData\Local\fusioncache.dat [2009.02.14 04:48:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.02.14 02:49:52 | 000,013,072 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\nvModes.001 [2009.02.14 02:27:45 | 000,013,072 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\nvModes.dat [2009.02.13 19:57:45 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll [2009.02.13 19:57:45 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll [2009.02.13 19:57:45 | 000,011,776 | ---- | C] () -- C:\Windows\HIDMNT.dll [2009.02.13 19:54:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.02.13 19:17:09 | 000,184,320 | ---- | C] () -- C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.13 18:47:12 | 000,000,680 | ---- | C] () -- C:\Users\Philip\AppData\Local\d3d9caps.dat [2007.10.13 00:20:06 | 000,151,417 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2007.05.15 20:06:58 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.03.29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.08.2010 15:16:21 - Run 3
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Philip\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 1,31 Gb Free Space | 0,88% Space Free | Partition Type: NTFS
Drive D: | 293,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PHILIP-LAPTOP
Current User Name: Philip
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3F22726A-484B-4A4B-9258-51520BAB7EF6}" = rport=139 | protocol=6 | dir=out | app=system |
"{49902F38-39B3-4A78-A31D-7D76441451EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E178C3E-AC14-4952-BDB2-85606297B611}" = rport=137 | protocol=17 | dir=out | app=system |
"{740EAC45-F484-4430-B14A-8B435E72D101}" = rport=138 | protocol=17 | dir=out | app=system |
"{99F95496-446C-4082-ACFC-74F18EC03226}" = lport=445 | protocol=6 | dir=in | app=system |
"{B8CA5268-67FC-416D-8E37-E96176B1B08F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BC7F7B1D-390D-43B4-99A0-9D7EDC1462E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C6F92363-403B-4C16-84AC-D69EF9F6A9DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{CCE7947B-2925-486A-AE4C-E6A1C5C634E0}" = lport=137 | protocol=17 | dir=in | app=system |
"{D5CF8A38-F3E1-4760-A241-2DAEE49C11EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{F5B1A0BA-99E2-4AAA-BB0E-9B027443EEE4}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EA8BE2-8CB1-4F78-90DF-1683BDABBFCD}" = protocol=17 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{03EA90DE-CE53-4DD7-87CE-862FFD059D17}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{04DDEA50-DD47-47C0-BE9E-D1A0E7A5316B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C17730D-4EF1-4F9F-BD70-EA5A03046725}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0F8E77B3-5CD8-4D07-AB2B-DF530499369E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0FDF7416-1B36-4E43-8A0C-E63CC6364185}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{16212E48-05AA-45AA-BC21-54CFE6325FBD}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{196C3466-66D6-4B44-8853-5E0EB2997622}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1D0A0791-0F7B-4B2B-B9C4-93FD4E851ED3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1FEA4BDF-3512-4DD1-A7EC-7078DD714FCD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{261E3391-B91A-4750-A2A4-C242DFDB43B9}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{2AF0E11C-8BD1-4F99-B616-39FE8F9CF0DC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{2F2DA772-6F05-4BDA-BF50-9F9C79F16AF7}" = protocol=6 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{327D3EE0-7348-49CA-95AD-62D5D87C4BE5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3502D2EE-A65C-4C83-90F8-28F9090F683D}" = protocol=17 | dir=in | app=e:\program files\eidos\kane and lynch dead men\kaneandlynch.exe |
"{37D727CF-1707-40EA-929D-27868BC8C1EA}" = protocol=6 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
"{3CCF004E-E991-42CA-B6AD-A9FF5489CE1C}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{410ACD87-8ACC-4920-B450-499E415F18ED}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{433815A3-32A5-4F55-B3C4-CF563F969F5C}" = protocol=6 | dir=in | app=e:\program files\eidos\kane and lynch dead men\kaneandlynch.exe |
"{4610D013-D514-431F-9FC1-A909762E1652}" = protocol=6 | dir=in | app=c:\users\philip\desktop\treiber vista\03bluetooth\bluesoleil.exe |
"{47EB37B2-9866-428F-87D8-C0931CB1CDB7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{4889E2F8-4A29-4A86-8EA0-C9BFEE839C03}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{49B95979-141E-4436-9782-49BF127B237D}" = protocol=6 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{546B0B54-85CC-4CAB-B477-0CA742A74653}" = protocol=17 | dir=in | app=c:\users\philip\desktop\treiber vista\03bluetooth\bluesoleil.exe |
"{578F196F-771D-44AD-8912-8CB4E31555C4}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"{65E2389F-CFE1-415D-BDCD-2F5F64BB77AE}" = protocol=17 | dir=in | app=e:\program files\sierra\fear\fear.exe |
"{6D1FDE9E-9D25-4226-8F4B-C6C9D0725ABD}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{70404507-42A8-483B-87CA-663E3471CA4F}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{76541A50-4159-4587-A730-07757EE03F1F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{77A304C7-BC8C-4E2E-91D0-6FEE195A5D6D}" = protocol=17 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
"{7F1AF9F1-2E14-4475-AF1D-6AA176B52475}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{8130C9E9-6B28-4525-8B4C-C63E74379693}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{92B5E71F-A29C-4D45-9F61-F930FBF87F04}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{9378DEE4-AF65-43B6-9F35-A0B679F0BFB4}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{941DCA47-8B1E-46B4-87DD-83235BE614F3}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{94C5043D-8821-4704-8AC9-E4FB2AC277BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E7EC9EF-DB48-4791-8AEC-FD774741FC77}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{9FB30BB5-F150-43F1-828F-244074A4E561}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2E1896C-2382-495D-A506-04D39542E929}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C615C37F-8180-426C-B50C-69328DC7AAF1}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"{C7D01CCB-590C-4E76-98FD-7E047AEE09BD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CB4B7473-3ADE-408D-BF0C-C626C05AEC7D}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{CDA0B96F-4A0E-4993-ABAC-FC794BB5E5B7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CF2C6583-5D9E-4A83-B318-7BB20B3686FB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CF5801FC-E761-4E00-B72B-83033198903C}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{D1EA8466-AA5D-415A-8921-CFA4D625397B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D81FF843-2D88-4981-8F27-0A5481FB9527}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{DBCC6A5B-2500-41F8-A920-EFAE5C6DAAD1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{E2B01B96-BC21-493F-9EA7-F2845ADFED39}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{E5E77079-AC2A-4134-89D3-9871246F7C8D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EB5CF598-E3D9-4CDB-BF16-98669A929427}" = protocol=6 | dir=in | app=e:\program files\sierra\fear\fear.exe |
"{F06BC9FF-5D40-4311-9C7D-F3B912497B27}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1B74A97-2BB2-4A2A-AD13-884BC7A8C038}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{F222FD03-C6AC-4600-8193-57BDF8FC9E84}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{F2E09DC6-FC6D-426F-BD17-9D6874FE9E3E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F6C7E1AB-6A72-41C4-BBF6-B1D6C713FD50}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F78A5C07-CBB4-47C9-92AE-B58A40233C60}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{F9422CBC-569B-4F1A-BFA3-039EE906C2B9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FCA7A458-0460-4A2F-9CF8-11AA6A83A20C}" = protocol=17 | dir=in | app=e:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{FF48185F-9AD5-4D95-9EE2-1CBBFC89BF00}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"TCP Query User{2D179BBD-2B29-4385-8B4B-BEF48741137E}E:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe" = protocol=6 | dir=in | app=e:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"TCP Query User{3365311F-865A-4385-ACF4-B74764ADEBF9}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{47ED15B6-FA71-4CB2-8F2B-C9A1CC576329}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{4CB3F23F-BA12-415F-B224-256B34EFC3B8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4E206B53-1A5F-4EE8-A150-7FCC5264D36E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{59A7AE6F-AB58-4F3F-B841-3E7CE7F95691}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{63CF61F2-292A-4245-B528-1AFD16448FCA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{66C46E6C-0C9E-4FAE-831B-7608A13CE6F4}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{69321B8A-8138-4782-8D04-9005E967BB2A}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{6CEC4B4D-69A4-400B-9187-08F67C239300}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{73500EA5-9973-422F-907D-9D90AA44714D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{736D7AC1-5CB4-4E09-BEE4-ECBBA820D6B8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{7CC3BBFD-9BBA-42CE-8A97-E37D7279CDA1}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{865F9A29-6772-4F99-A191-BD4DA971438A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{88219CC4-B53D-41C8-9BA8-2F54384B8AF7}C:\program files\mytunes redux\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\program files\mytunes redux\mdnsresponder.exe |
"TCP Query User{9242A77A-F79C-4E24-B505-989FE60C64A9}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9D56EDDC-FFF4-4657-87A0-F762E13BD35D}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B21253F2-0742-4B4B-B7F3-BB836979D875}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{B5CAE42B-F20A-4B48-A8AE-A9F029578854}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{E276B503-DD75-4951-9C3B-61C0B7CFC3E9}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{FB423E92-FAE6-4D3D-A3CC-DBD0509626BD}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{FB5D3BB3-FD74-426E-8161-7E3BA461C0BD}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{11E21A06-FEAC-4625-A85C-540FC763F344}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{14CCD3D7-2B32-4E68-A920-E2E392B79B9F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{1C3A900D-8A3F-4284-9746-9D09B080E167}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{1E330617-18DC-4434-B9F2-2B737D40D84E}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{275911B3-7E30-45DF-B4C5-A13E44780B34}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{38799B66-420D-47E2-A8C0-017FDDDC7876}E:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe" = protocol=17 | dir=in | app=e:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"UDP Query User{44B98803-12DC-4EC7-8543-D00496B02D53}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{5DD20AF8-71C5-436F-BDCA-44907A6D05AE}C:\program files\mytunes redux\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\program files\mytunes redux\mdnsresponder.exe |
"UDP Query User{5FA8F20F-5AB9-4274-B7EB-6078DD2A0EF7}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{699764EA-0DEC-4BF6-A3B6-38F983BDD873}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6F09A7CB-880F-4327-9527-556234AC16AA}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{7BEB0B4F-4087-4A2E-AC91-247E19EBAD54}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{81C7A81A-31CC-423D-A43D-1B152FD7B935}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{84EFEE83-89BB-496B-A51E-1A7F63775ABC}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{8AA0E2D7-9715-4814-9008-A3E6CE98412E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8ADABF8E-AADD-41E0-8416-5D05845D8444}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9DE068F8-5CAA-4AB4-8026-08BB91F78497}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{9FD4CD04-5CD6-47A8-BAD8-40DB400880FF}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{A5D2210C-2AE5-48E9-9C92-47BB3F83D089}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{CC891B87-694B-4A5C-BA57-C2060EB4AED9}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{DBB50151-63C0-4FE3-98BD-3399CE291F56}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{F0A97609-3526-47A6-861F-B892334CA509}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.204.00
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5de3ab6c-60a6-4ca1-9593-3781164fe188}" = Nero 9 Essentials
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{785F267D-DC33-4404-83ED-7B0CD5E63474}" = Bluesoleil3.1.0.2 Release 070119
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7FEFAD2B-CD9B-478F-8AD4-4A9B54FB786D}" = Prish Image Resizer
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.7
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9844EC6-BCB2-4603-9241-E0A5F46499AF}" = Hercules QuickAccess
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F385F486-C1BC-4350-8837-6F17761134B5}" = Multimedia Keyboard Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9)
"841F246A60607D129BAE7F771CB55E7B3EF8BCF8" = Windows Driver Package - Intel (NETw2v32) net (11/01/2006 9.1.0.111)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"AIM_6" = AIM 6
"AnyDVD" = AnyDVD
"AudioCon" = AudioCon
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"C805F03D733C5C658A973935646FBB5296D72B14" = Windows Driver Package - Intel (NETw3v32) net (10/30/2006 10.6.0.29)
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"FLV Player" = FLV Player 2.0 (build 25)
"Free FLV to AVI MP4 3GP WMV MP3 Converter_is1" = Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2
"FreePDF_XP" = FreePDF XP (Remove only)
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"Governor of Poker1.0" = Governor of Poker
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.0.4380
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"myTunes Redux_is1" = myTunes Redux 1.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Open Video Converter_is1" = Open Video Converter version 3.3
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"S.A.D. - FreeMusic_is1" = S.A.D. - FreeMusic
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"ShotOnline" = ShotOnline
"Smart PC Professional_is1" = Smart PC Professional v5.4
"SopCast" = SopCast 3.0.3
"Soulseek2" = SoulSeek 157 NS 13e
"SPVOD Player1.8" = SPVOD Player1.8
"ST5UNST #2" = Kaminfeuer Titanium Edition II
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Sweet Home 3D_is1" = Sweet Home 3D version 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.6.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"VueScan" = VueScan
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.08.2010 09:10:06 | Computer Name = Philip-Laptop | Source = Google Update | ID = 20
Description =
Error - 20.08.2010 01:10:40 | Computer Name = Philip-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 20.08.2010 01:11:07 | Computer Name = Philip-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\VideoConverter\VideoConverterX64.exe".
Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.08.2010 02:12:19 | Computer Name = Philip-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 20.08.2010 02:14:54 | Computer Name = Philip-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\VideoConverter\VideoConverterX64.exe".
Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.08.2010 02:14:54 | Computer Name = Philip-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\VideoConverter\VideoConverterX64.exe".
Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.08.2010 07:35:28 | Computer Name = Philip-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 20.08.2010 07:45:29 | Computer Name = Philip-Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 20.08.2010 07:45:29 | Computer Name = Philip-Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 21.08.2010 07:37:49 | Computer Name = Philip-Laptop | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 19.08.2010 05:37:03 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10005
Description =
Error - 19.08.2010 05:37:12 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10005
Description =
Error - 19.08.2010 05:37:22 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10005
Description =
Error - 19.08.2010 05:37:47 | Computer Name = Philip-Laptop | Source = Service Control Manager | ID = 7001
Description =
Error - 19.08.2010 05:37:47 | Computer Name = Philip-Laptop | Source = Service Control Manager | ID = 7026
Description =
Error - 19.08.2010 05:56:57 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10005
Description =
Error - 19.08.2010 06:31:02 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10005
Description =
Error - 19.08.2010 06:54:30 | Computer Name = Philip-Laptop | Source = Service Control Manager | ID = 7030
Description =
Error - 19.08.2010 08:14:07 | Computer Name = Philip-Laptop | Source = DCOM | ID = 10010
Description =
Error - 21.08.2010 07:42:29 | Computer Name = Philip-Laptop | Source = Service Control Manager | ID = 7022
Description =
< End of report >
Danke für die Hilfe! Gruß, Philip |
|
22.08.2010, 18:33
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Tool lässt sich auch mit der Anleitung nicht löschen Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.07.12 19:23:44 | 000,587,142 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007.08.14 11:29:14 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2007.03.07 15:54:52 | 000,136,744 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\Shell - "" = AutoRun
O33 - MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found
O33 - MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\Shell - "" = AutoRun
O33 - MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
[2010.08.19 12:47:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.08.2010, 23:48
| #9 |
| | Security Tool lässt sich auch mit der Anleitung nicht löschen Hat ales geklappt und Rechner wurde neu gestartet... Hier das Logfile: All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! C:\autoexec.bat moved successfully. File move failed. D:\autorun.ico scheduled to be moved on reboot. File move failed. D:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}\ not found. File move failed. D:\Setup.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b0603f-cf91-11de-8dc1-001167000000}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5b0603f-cf91-11de-8dc1-001167000000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b0603f-cf91-11de-8dc1-001167000000}\ not found. File E:\pushinst.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed923e0f-fbbf-11dd-b7e8-00030d000001}\ not found. File G:\setup.exe not found. C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Philip ->Temp folder emptied: 1949464 bytes ->Temporary Internet Files folder emptied: 23526573 bytes ->Java cache emptied: 70877643 bytes ->FireFox cache emptied: 64831651 bytes ->Flash cache emptied: 8991 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 109080 bytes RecycleBin emptied: 154626 bytes Total Files Cleaned = 154,00 mb OTL by OldTimer - Version 3.2.10.0 log created on 08232010_003545 Files\Folders moved on Reboot... File move failed. D:\autorun.ico scheduled to be moved on reboot. File move failed. D:\autorun.inf scheduled to be moved on reboot. File move failed. D:\Setup.exe scheduled to be moved on reboot. File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. Registry entries deleted on Reboot... Vielen Dank für die Hilfe!!! Ich hoffe nun ist alles wieder gut. Gruß, Philip |
|
22.08.2010, 23:52
| #10 |
| | Security Tool lässt sich auch mit der Anleitung nicht löschen Allerdings sind: "sniffer Windows/Temp/_ex-08.exe" und {CA602012F-160F...5EC812B3192A} User/Benutzer/Name/AppData/Roaming/Pyda/roelu.exe immer noch unter Systemstart bei msconfig zu finden. Ich weiß nicht was was die machen, bze wie ich diese löschen kann... |
|
23.08.2010, 12:44
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Tool lässt sich auch mit der Anleitung nicht löschen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.08.2010, 15:50
| #12 |
| | Security Tool lässt sich auch mit der Anleitung nicht löschen Habe alles nach Anleitung durchgeführt und die beschriebenen Programme sind aus dem Systemstart verschwunden. =) Vielen Dank noch mal für die kompetente Hilfe!!! Gruß, Philip Hier das Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 10-08-22.05 - Philip 23.08.2010 16:04:57.1.2 - x86
ausgeführt von:: c:\users\Philip\Desktop\cofi.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Symantec AntiVirus *disabled* (Outdated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Philip\AppData\Local\TempDIR
c:\users\Philip\AppData\Roaming\AD ON Multimedia
c:\users\Philip\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\config.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\ui
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-23 bis 2010-08-23 ))))))))))))))))))))))))))))))
.
2010-08-23 14:13 . 2010-08-23 14:31 -------- d-----w- c:\users\Philip\AppData\Local\temp
2010-08-23 14:13 . 2010-08-23 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-22 22:35 . 2010-08-22 22:35 -------- d-----w- C:\_OTL
2010-08-19 23:07 . 2010-08-19 23:07 -------- d-----w- c:\users\Philip\AppData\Local\Unity
2010-08-19 11:51 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-19 11:19 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-19 11:19 . 2010-08-19 11:19 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-19 10:54 . 2010-08-19 10:54 -------- d-----w- c:\users\Philip\AppData\Local\Sunbelt Software
2010-08-19 10:45 . 2010-08-20 00:48 63488 ----a-w- c:\users\Philip\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-19 10:45 . 2010-08-19 10:45 52224 ----a-w- c:\users\Philip\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-19 10:45 . 2010-08-20 00:48 117760 ----a-w- c:\users\Philip\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-19 10:44 . 2010-08-19 11:19 -------- d-----w- c:\programdata\Lavasoft
2010-08-19 10:44 . 2010-08-19 10:44 -------- d-----w- c:\program files\Lavasoft
2010-08-19 10:43 . 2010-08-19 10:43 -------- d-----w- c:\users\Philip\AppData\Roaming\SUPERAntiSpyware.com
2010-08-19 10:43 . 2010-08-19 10:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-19 10:41 . 2010-08-19 10:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-16 10:38 . 2010-08-16 10:38 -------- d-----w- c:\windows\Favorites
2010-08-15 11:22 . 2010-08-15 11:22 -------- d-----w- c:\programdata\Soulseek
2010-08-15 11:21 . 2010-08-15 11:21 -------- d-----w- c:\program files\SoulseekNS
2010-08-12 22:21 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 22:21 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 22:21 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 22:21 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 22:21 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 22:21 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 22:21 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 22:21 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 21:14 . 2010-08-19 11:49 -------- d-----w- c:\users\Philip\AppData\Roaming\Pyda
2010-08-12 21:14 . 2010-08-18 23:53 -------- d-----w- c:\users\Philip\AppData\Roaming\Qahu
2010-07-30 12:36 . 2010-07-30 12:36 -------- d-----w- c:\program files\Hercules
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2085-12-23 08:42 . 2009-02-13 17:50 499712 ------r- c:\windows\RtlExUpd.dll
2010-08-23 13:32 . 2009-09-08 20:50 -------- d-----w- c:\program files\Trillian
2010-08-23 09:49 . 2009-08-20 12:52 -------- d-----w- c:\users\Philip\AppData\Roaming\Skype
2010-08-23 09:46 . 2009-02-14 00:27 13072 ----a-w- c:\users\Philip\AppData\Roaming\nvModes.dat
2010-08-22 11:36 . 2008-01-21 08:31 672620 ----a-w- c:\windows\system32\perfh007.dat
2010-08-22 11:36 . 2008-01-21 08:31 146176 ----a-w- c:\windows\system32\perfc007.dat
2010-08-20 11:51 . 2009-09-07 06:29 -------- d-----w- c:\users\Philip\AppData\Roaming\vlc
2010-08-20 00:32 . 2010-04-26 15:31 -------- d-----w- c:\program files\trend micro
2010-08-19 23:07 . 2010-04-26 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-19 10:50 . 2009-02-14 02:12 -------- d-----w- c:\program files\Google
2010-08-13 09:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 14:39 . 2009-02-14 01:39 -------- d-----w- c:\program files\ICQ6.5
2010-08-08 14:35 . 2009-08-20 12:57 -------- d-----w- c:\users\Philip\AppData\Roaming\skypePM
2010-07-30 12:36 . 2009-02-13 17:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-26 18:51 . 2010-06-21 21:19 -------- d-----w- c:\programdata\Microsoft Help
2010-07-18 08:26 . 2010-07-18 08:26 -------- d-----w- c:\program files\Common Files\Skype
2010-07-10 08:58 . 2010-06-28 08:13 -------- d-----w- c:\programdata\DivX
2010-07-10 08:58 . 2010-06-28 08:52 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 08:57 . 2010-07-10 08:57 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 08:57 . 2009-02-14 01:39 -------- d-----w- c:\program files\DivX
2010-07-10 08:57 . 2010-07-10 08:57 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-10 08:47 . 2010-07-10 08:47 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-10 08:46 . 2010-07-10 08:45 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 08:29 . 2010-06-28 08:44 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-10 08:29 . 2010-06-28 08:44 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-09 21:37 . 2009-08-30 00:06 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-30 10:13 . 2009-02-16 20:10 -------- d-----w- c:\users\Philip\AppData\Roaming\DivX
2010-06-28 14:31 . 2010-04-03 14:01 439816 ----a-w- c:\users\Philip\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-28 08:44 . 2009-09-10 01:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-28 08:44 . 2010-06-28 08:44 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-28 08:44 . 2010-06-28 08:44 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-06-28 08:42 . 2010-06-28 08:42 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-06-26 06:05 . 2010-08-12 22:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 22:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 22:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 22:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 22:04 . 2009-02-14 02:45 -------- d-----w- c:\program files\Microsoft.NET
2010-06-25 09:43 . 2009-02-15 19:18 -------- d-----w- c:\program files\EA SPORTS
2010-06-22 22:21 . 2009-02-13 16:47 100432 ----a-w- c:\users\Philip\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 16:16 . 2010-08-12 22:22 274944 ----a-w- c:\windows\system32\schannel.dll
2010-05-27 20:08 . 2010-08-12 22:22 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-11 10:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 10:56 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 17:12 . 2010-05-25 17:12 7680 ----a-w- c:\users\Philip\AppData\Roaming\Trillian\languages\de\talk.dll
2010-05-25 17:12 . 2010-05-25 17:12 7168 ----a-w- c:\users\Philip\AppData\Roaming\Trillian\languages\de\events.dll
2010-05-25 17:12 . 2010-05-25 17:12 2048 ----a-w- c:\users\Philip\AppData\Roaming\Trillian\languages\de\toolkit.dll
2010-05-25 17:12 . 2010-05-25 17:12 10240 ----a-w- c:\users\Philip\AppData\Roaming\Trillian\languages\de\buddy.dll
2006-05-03 09:06 . 2009-11-03 01:51 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-11-03 01:51 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-11-03 01:51 216064 --sh--r- c:\windows\System32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-11-25 09:04 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-11-25 815104]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-11-25 815104]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [1985-01-01 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-06 90191]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-06 81920]
"CHotkey"="mHotkey.exe" [2005-12-15 547840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Philip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Medien-Prüfung.lnk]
path=c:\users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk
backup=c:\windows\pss\PMB Medien-Prüfung.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-07-09 20:07 49968 ----a-w- c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 17:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2007-02-02 22:26 283136 ----a-w- c:\program files\avmwlanstick\FRITZWLANMini.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-02-19 06:22 1089536 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-11-22 21:12 107112 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 15:57 86016 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-09-14 20:09 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2008-07-22 20:44 357376 ----a-w- c:\program files\FreePDF_XP\fpassist.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 19:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 10:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2082-02-15 12:30 4317184 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\showwnd]
2003-09-18 19:09 36864 ----a-w- c:\windows\ShowWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-11 14:12 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2006-11-28 10:34 134808 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f2,8b,43,05,57,35,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c98e4a399e56fd;Google Update Service (gupdate1c98e4a399e56fd);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-26 4352]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-02-16 717296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1355416]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-08-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 02:16]
2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 02:16]
2010-08-23 c:\windows\Tasks\User_Feed_Synchronization-{D3CA66CF-B7AF-4F24-A749-C4D2F52DD632}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\02mqam55.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Philip\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Philip\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\02mqam55.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-FlyAway - c:\users\Philip\AppData\Local\Temp\ARCA38E\FlyAway.exe
MSConfigStartUp-sniffer - c:\windows\Temp\_ex-08.exe
MSConfigStartUp-{CA62012F-160F-7A2E-BB1E-5EC812B3192A} - c:\users\Philip\AppData\Roaming\Pyda\roelu.exe
AddRemove-Ad-Aware - c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
AddRemove-S.T.A.L.K.E.R. - Shadow of Chernobyl_is1 - e:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-23 16:30
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2032161511-3869678311-1123258137-1000\Software\SecuROM\License information*]
"datasecu"=hex:aa,56,ff,6d,30,1a,52,5c,14,d1,fc,b1,63,7d,49,ed,df,08,42,28,6f,
23,9f,c7,df,3d,bb,f9,80,61,76,fb,bf,f2,95,32,3e,bd,53,ad,10,b0,a0,f6,98,3b,\
"rkeysecu"=hex:a8,c8,61,1d,ff,07,1b,c8,b3,0d,de,43,3b,ca,e8,9f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-23 16:41:24
ComboFix-quarantined-files.txt 2010-08-23 14:41
Vor Suchlauf: 1.681.248.256 Bytes frei
Nach Suchlauf: 1.420.222.464 Bytes frei
- - End Of File - - 8850CD46BEC408BAB7C98D90ACE506E9
|
|
23.08.2010, 17:26
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Tool lässt sich auch mit der Anleitung nicht löschen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.08.2010, 23:38
| #14 |
| | Security Tool lässt sich auch mit der Anleitung nicht löschen Wie viele Programme sind es denn noch die durchlaufen müssen?  GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-24 00:19:50
Windows 6.0.6002 Service Pack 2
Running: id7n8l1x.exe; Driver: C:\Users\Philip\AppData\Local\Temp\kxryykob.sys
---- System - GMER 1.0.15 ----
SSDT 86D82598 ZwAlertResumeThread
SSDT 86D82678 ZwAlertThread
SSDT 86D89D58 ZwAllocateVirtualMemory
SSDT 86D7DA30 ZwConnectPort
SSDT 86D97DD0 ZwCreateMutant
SSDT A1E1D3F4 ZwCreateThread
SSDT 86D89BC8 ZwFreeVirtualMemory
SSDT 86D97EB0 ZwImpersonateAnonymousToken
SSDT 86D97F90 ZwImpersonateThread
SSDT 86D7C8B0 ZwMapViewOfSection
SSDT 86D97CF0 ZwOpenEvent
SSDT A1E1D3E0 ZwOpenProcess
SSDT 86D82EC0 ZwOpenProcessToken
SSDT A1E1D3E5 ZwOpenThread
SSDT 86D84EB8 ZwOpenThreadToken
SSDT 86D89048 ZwResumeThread
SSDT 86D84DD8 ZwSetContextThread
SSDT 86D7C710 ZwSetInformationProcess
SSDT 86D82980 ZwSetInformationThread
SSDT 86D97C10 ZwSuspendProcess
SSDT 86D827C0 ZwSuspendThread
SSDT A1E1D3EF ZwTerminateProcess
SSDT 86D828A0 ZwTerminateThread
SSDT 86D7C7F0 ZwUnmapViewOfSection
SSDT 86D89C88 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 822E2880 8 Bytes [98, 25, D8, 86, 78, 26, D8, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 822E2894 4 Bytes [58, 9D, D8, 86]
.text ntkrnlpa.exe!KeSetEvent + 1C1 822E2924 4 Bytes [30, DA, D7, 86]
.text ntkrnlpa.exe!KeSetEvent + 1F5 822E2958 4 Bytes [D0, 7D, D9, 86]
.text ntkrnlpa.exe!KeSetEvent + 222 822E2985 3 Bytes [D3, E1, A1]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BC03340, 0x295097, 0xE8000020]
? C:\Users\Philip\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\Philip\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x78 0xB1 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x44 0xD8 0x97 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x78 0xB1 0x96 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x44 0xD8 0x97 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x02 0x00 ...
---- EOF - GMER 1.0.15 ----
OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:35:43 on 24.08.2010 OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\Windows\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "Ad-Aware Update (Weekly).job" - "Lavasoft " - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys "Aspi32" (Aspi32) - "Adaptec" - C:\Windows\system32\drivers\Aspi32.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\Users\Philip\AppData\Local\Temp\catchme.sys (File not found) "Conexant Setup API" (UIUSys) - "Conexant Systems, Inc" - C:\Windows\System32\DRIVERS\UIUSYS.SYS "CrystalSysInfo" (CrystalSysInfo) - ? - C:\Program Files\MediaCoder\SysInfo.sys (File found, but it contains no detailed information) "EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found) "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyDelay.sys "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kxryykob" (kxryykob) - ? - C:\Users\Philip\AppData\Local\Temp\kxryykob.sys (Hidden registry entry, rootkit activity | File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File found, but it contains no detailed information) "mbr" (mbr) - ? - C:\Users\Philip\AppData\Local\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVEX15.SYS "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys "SRTSP" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSP.SYS "SRTSPL" (SRTSPL) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPL.SYS "SRTSPX" (SRTSPX) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPX.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys "SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS "SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMREDRV.SYS "SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMTDI.SYS [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "Burn4Freecontext menu" - "Ikysasoft s.r.l. uninominale" - C:\Windows\System32\B4FM.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {8BEEE74D-455E-4616-A97A-F6E86C317F32} "VpshellEx Class" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Burn4Free Toolbar" - ? - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} "Burn4Free Toolbar" - ? - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {D187A56B-A33F-4CBE-9D77-459FC0BAE012} "Burn4Free Toolbar Helper" - ? - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "ccApp" - "Symantec Corporation" - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" "CHotkey" - ? - mHotkey.exe "vptray" - "Symantec Corporation" - C:\PROGRA~1\SYMANT~1\VPTray.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) "RICOH Language Monitor2" - "RICOH CO.,Ltd." - C:\Windows\system32\RC4MON.DLL "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Update Service (gupdate1c98e4a399e56fd)" (gupdate1c98e4a399e56fd) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe "LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe "SAVRoam" (SavRoam) - "symantec" - C:\Program Files\Symantec AntiVirus\SavRoam.exe "Symantec AntiVirus" (Symantec AntiVirus) - "Symantec Corporation" - C:\Program Files\Symantec AntiVirus\Rtvscan.exe "Symantec AntiVirus Definition Watcher" (DefWatch) - "Symantec Corporation" - C:\Program Files\Symantec AntiVirus\DefWatch.exe "Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe "Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
24.08.2010, 00:15
| #15 |
| | Security Tool lässt sich auch mit der Anleitung nicht löschen und Bootkit: .\debug.cpp(238) : Debug log started at 23.08.2010 - 22:43:46 .\boot_cleaner.cpp(675) : Bootkit Remover .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab .\boot_cleaner.cpp(677) : www.esagelab.com .\boot_cleaner.cpp(681) : Program version: 1.1.0.0 .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows Vista Business Edition Service Pack 2 (build 6002), 32-bit .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x82236000 0x003b9000 "\SystemRoot\system32\ntkrnlpa.exe" .\debug.cpp(256) : 0x82203000 0x00033000 "\SystemRoot\system32\hal.dll" .\debug.cpp(256) : 0x80403000 0x00007000 "\SystemRoot\system32\kdcom.dll" .\debug.cpp(256) : 0x8040a000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll" .\debug.cpp(256) : 0x8047a000 0x00011000 "\SystemRoot\system32\PSHED.dll" .\debug.cpp(256) : 0x8048b000 0x00008000 "\SystemRoot\system32\BOOTVID.dll" .\debug.cpp(256) : 0x80493000 0x00041000 "\SystemRoot\system32\CLFS.SYS" .\debug.cpp(256) : 0x804d4000 0x000e0000 "\SystemRoot\system32\CI.dll" .\debug.cpp(256) : 0x80606000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys" .\debug.cpp(256) : 0x80682000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS" .\debug.cpp(256) : 0x8068f000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys" .\debug.cpp(256) : 0x806d5000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS" .\debug.cpp(256) : 0x806de000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys" .\debug.cpp(256) : 0x806e6000 0x00027000 "\SystemRoot\system32\drivers\pci.sys" .\debug.cpp(256) : 0x8070d000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys" .\debug.cpp(256) : 0x8071c000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys" .\debug.cpp(256) : 0x8071f000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0x80729000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys" .\debug.cpp(256) : 0x80738000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys" .\debug.cpp(256) : 0x80782000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys" .\debug.cpp(256) : 0x80789000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS" .\debug.cpp(256) : 0x80797000 0x0002d000 "\SystemRoot\system32\DRIVERS\pcmcia.sys" .\debug.cpp(256) : 0x807c4000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys" .\debug.cpp(256) : 0x807d4000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys" .\debug.cpp(256) : 0x807dc000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS" .\debug.cpp(256) : 0x805b4000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys" .\debug.cpp(256) : 0x805e6000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys" .\debug.cpp(256) : 0x87e01000 0x0000f000 "\SystemRoot\system32\DRIVERS\Lbd.sys" .\debug.cpp(256) : 0x87e10000 0x0000a000 "\SystemRoot\System32\Drivers\PxHelp20.sys" .\debug.cpp(256) : 0x87e1a000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys" .\debug.cpp(256) : 0x87e8b000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys" .\debug.cpp(256) : 0x87f96000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys" .\debug.cpp(256) : 0x87fc1000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS" .\debug.cpp(256) : 0x8800d000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys" .\debug.cpp(256) : 0x880f7000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys" .\debug.cpp(256) : 0x88112000 0x00004000 "\SystemRoot\System32\Drivers\vbtenum.sys" .\debug.cpp(256) : 0x88205000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys" .\debug.cpp(256) : 0x88315000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys" .\debug.cpp(256) : 0x8834e000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys" .\debug.cpp(256) : 0x88356000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys" .\debug.cpp(256) : 0x88365000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys" .\debug.cpp(256) : 0x8838c000 0x00011000 "\SystemRoot\system32\drivers\disk.sys" .\debug.cpp(256) : 0x8839d000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS" .\debug.cpp(256) : 0x883be000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys" .\debug.cpp(256) : 0x883c7000 0x00007000 "\SystemRoot\System32\Drivers\BTHidMgr.sys" .\debug.cpp(256) : 0x883ee000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys" .\debug.cpp(256) : 0x88116000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys" .\debug.cpp(256) : 0x8811f000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0x883f9000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0x8bc03000 0x00440000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys" .\debug.cpp(256) : 0x8c043000 0x000a1000 "\SystemRoot\System32\drivers\dxgkrnl.sys" .\debug.cpp(256) : 0x8c0e4000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys" .\debug.cpp(256) : 0x8c0f0000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys" .\debug.cpp(256) : 0x8c400000 0x001c1000 "\SystemRoot\system32\DRIVERS\NETw3v32.sys" .\debug.cpp(256) : 0x8c5c1000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0x8c17d000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0x8c5cc000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0x8c5db000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys" .\debug.cpp(256) : 0x8c5eb000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS" .\debug.cpp(256) : 0x8812e000 0x0004c000 "\SystemRoot\system32\drivers\tifm21.sys" .\debug.cpp(256) : 0x8c1bb000 0x0001a000 "\SystemRoot\system32\DRIVERS\sdbus.sys" .\debug.cpp(256) : 0x8c1d5000 0x0000f000 "\SystemRoot\system32\DRIVERS\Rtlh86.sys" .\debug.cpp(256) : 0x8c1e4000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys" .\debug.cpp(256) : 0x8817a000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys" .\debug.cpp(256) : 0x88184000 0x00008000 "\SystemRoot\system32\DRIVERS\nscirda.sys" .\debug.cpp(256) : 0x8818c000 0x00009000 "\SystemRoot\system32\drivers\irenum.sys" .\debug.cpp(256) : 0x88195000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0x881a8000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0x881b3000 0x0002b000 "\SystemRoot\system32\DRIVERS\SynTP.sys" .\debug.cpp(256) : 0x8c5f9000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0x881de000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0x881e9000 0x00007000 "\SystemRoot\System32\Drivers\ElbyCDFL.sys" .\debug.cpp(256) : 0x8c5fb000 0x00002000 "\SystemRoot\System32\Drivers\ElbyDelay.sys" .\debug.cpp(256) : 0x88200000 0x00005000 "\SystemRoot\System32\Drivers\AnyDVD.sys" .\debug.cpp(256) : 0x8ce0f000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0x8ce27000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys" .\debug.cpp(256) : 0x8ce2d000 0x0000a000 "\SystemRoot\System32\Drivers\VcommMgr.sys" .\debug.cpp(256) : 0x8ce37000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys" .\debug.cpp(256) : 0x8ce66000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys" .\debug.cpp(256) : 0x8cea7000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0x8ceb2000 0x00007000 "\SystemRoot\system32\DRIVERS\blueletaudio.sys" .\debug.cpp(256) : 0x8ceb9000 0x0002d000 "\SystemRoot\system32\DRIVERS\portcls.sys" .\debug.cpp(256) : 0x8cee6000 0x00025000 "\SystemRoot\system32\DRIVERS\drmk.sys" .\debug.cpp(256) : 0x8cf0b000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0x8cf35000 0x00006000 "\SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys" .\debug.cpp(256) : 0x8cf3b000 0x00008000 "\SystemRoot\System32\Drivers\RootMdm.sys" .\debug.cpp(256) : 0x8cf43000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys" .\debug.cpp(256) : 0x8cf50000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0x8cf67000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0x8cf72000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0x8cf95000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0x8cfa4000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0x8cfb8000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys" .\debug.cpp(256) : 0x8cfcd000 0x00003000 "\SystemRoot\system32\DRIVERS\btnetdrv.sys" .\debug.cpp(256) : 0x8cfd0000 0x00007000 "\SystemRoot\system32\DRIVERS\VComm.sys" .\debug.cpp(256) : 0x8da05000 0x00089000 "\SystemRoot\system32\DRIVERS\rdpdr.sys" .\debug.cpp(256) : 0x8da8e000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0x8da9e000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0x8daa0000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0x8daaa000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys" .\debug.cpp(256) : 0x8dab7000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0x8daec000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0x8e603000 0x00196000 "\SystemRoot\system32\drivers\RTKVHDA.sys" .\debug.cpp(256) : 0x8e799000 0x0003d000 "\SystemRoot\system32\DRIVERS\HSXHWAZL.sys" .\debug.cpp(256) : 0x8dafd000 0x00103000 "\SystemRoot\system32\DRIVERS\HSX_DPV.sys" .\debug.cpp(256) : 0x8e805000 0x000b4000 "\SystemRoot\system32\DRIVERS\HSX_CNXT.sys" .\debug.cpp(256) : 0x8e8b9000 0x00049000 "\SystemRoot\System32\Drivers\SRTSP.SYS" .\debug.cpp(256) : 0x8e902000 0x00011000 "\SystemRoot\System32\Drivers\SRTSPX.SYS" .\debug.cpp(256) : 0x8ef43000 0x00022000 "\??\C:\Windows\system32\Drivers\SYMEVENT.SYS" .\debug.cpp(256) : 0x8ef79000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0x8ef82000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys" .\debug.cpp(256) : 0x8ef8b000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0x8ef9b000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0x8efa2000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0x8efa9000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys" .\debug.cpp(256) : 0x8efb1000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0x8efb8000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0x8efc4000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS" .\debug.cpp(256) : 0x8efe5000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0x8efed000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys" .\debug.cpp(256) : 0x8eff5000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0x8e913000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0x8e921000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0x8e92a000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys" .\debug.cpp(256) : 0x8e940000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys" .\debug.cpp(256) : 0x8e954000 0x00048000 "\SystemRoot\system32\drivers\afd.sys" .\debug.cpp(256) : 0x8e99c000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0x8e9ce000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys" .\debug.cpp(256) : 0x8e9e4000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0x8e7d6000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0x9320e000 0x0002c000 "\SystemRoot\System32\Drivers\SYMTDI.SYS" .\debug.cpp(256) : 0x9323a000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys" .\debug.cpp(256) : 0x932a6000 0x00022000 "\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" .\debug.cpp(256) : 0x932c8000 0x00006000 "\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS" .\debug.cpp(256) : 0x932ce000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0x9330a000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys" .\debug.cpp(256) : 0x93314000 0x0005e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys" .\debug.cpp(256) : 0x93372000 0x0001d000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys" .\debug.cpp(256) : 0x9338f000 0x0005b000 "\SystemRoot\system32\drivers\csc.sys" .\debug.cpp(256) : 0x8e7e9000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys" .\debug.cpp(256) : 0x8cfd7000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys" .\debug.cpp(256) : 0x933ea000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys" .\debug.cpp(256) : 0x883ce000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys" .\debug.cpp(256) : 0x933ec000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys" .\debug.cpp(256) : 0x93200000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys" .\debug.cpp(256) : 0x8e9f2000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys" .\debug.cpp(256) : 0x81690000 0x00203000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0x8cff3000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0x818b0000 0x00009000 "\SystemRoot\System32\TSDDD.dll" .\debug.cpp(256) : 0x818d0000 0x0000e000 "\SystemRoot\System32\cdd.dll" .\debug.cpp(256) : 0x9f40f000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys" .\debug.cpp(256) : 0x9f42a000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys" .\debug.cpp(256) : 0x9f43e000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys" .\debug.cpp(256) : 0x9f4ee000 0x0001e000 "\SystemRoot\system32\DRIVERS\irda.sys" .\debug.cpp(256) : 0x9f50c000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys" .\debug.cpp(256) : 0x9f51c000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys" .\debug.cpp(256) : 0x9f546000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0x9f550000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys" .\debug.cpp(256) : 0x9f563000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys" .\debug.cpp(256) : 0x9f5d0000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys" .\debug.cpp(256) : 0xa3a00000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys" .\debug.cpp(256) : 0xa3a19000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys" .\debug.cpp(256) : 0xa3a2e000 0x00021000 "\SystemRoot\system32\drivers\mrxdav.sys" .\debug.cpp(256) : 0xa3a4f000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0xa3a6e000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys" .\debug.cpp(256) : 0xa3aa7000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys" .\debug.cpp(256) : 0xa3abf000 0x00027000 "\SystemRoot\System32\DRIVERS\srv2.sys" .\debug.cpp(256) : 0xa3ae6000 0x0004e000 "\SystemRoot\System32\DRIVERS\srv.sys" .\debug.cpp(256) : 0xa3b34000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys" .\debug.cpp(256) : 0xa3b3d000 0x00004000 "\SystemRoot\System32\Drivers\Aspi32.SYS" .\debug.cpp(256) : 0xa3b41000 0x00003000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys" .\debug.cpp(256) : 0xa3b44000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys" .\debug.cpp(256) : 0xa6605000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys" .\debug.cpp(256) : 0xa66e3000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS" .\debug.cpp(256) : 0xa66ed000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys" .\debug.cpp(256) : 0xa66f9000 0x00008000 "\SystemRoot\system32\DRIVERS\xaudio.sys" .\debug.cpp(256) : 0xa6701000 0x00005000 "\SystemRoot\system32\Drivers\LVPr2Mon.sys" .\debug.cpp(256) : 0xa6742000 0x00008000 "\??\C:\Users\Philip\AppData\Local\Temp\catchme.sys" .\debug.cpp(256) : 0xa674a000 0x00002000 "\??\C:\Windows\system32\Drivers\PROCEXP113.SYS" .\debug.cpp(256) : 0xa674c000 0x00006000 "\??\C:\Users\Philip\AppData\Local\Temp\mbr.sys" .\debug.cpp(256) : 0xa678f000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS" .\debug.cpp(256) : 0xa6706000 0x00017000 "\??\C:\Users\Philip\AppData\Local\Temp\kxryykob.sys" .\debug.cpp(256) : 0x8ee00000 0x00142000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVEX15.SYS" .\debug.cpp(256) : 0xa677a000 0x00014000 "\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100329.002\NAVENG.SYS" .\debug.cpp(256) : 0x77aa0000 0x00127000 "\Windows\System32\ntdll.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination="\Device\Ndis" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM12" .\debug.cpp(400) : Destination="\Device\Serial11" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000004e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination="\Device\Video0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000006c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000004f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8169&SUBSYS_05711558&REV_10#4&271a6e5&0&58F0#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination="\Device\Video1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination="\Device\0000005f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth DUN Modem" .\debug.cpp(400) : Destination="\Device\0000004a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&3ccce59&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LogiProcMon2" .\debug.cpp(400) : Destination="\Device\LogiProcMon2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination="\Device\Video2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent" .\debug.cpp(400) : Destination="\Device\SymEvent" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_05711558&REV_02#3&21436425&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_05711558&REV_02#3&21436425&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000004d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination="\Device\Video3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio" .\debug.cpp(400) : Destination="\Device\avgio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2E886D71-44A0-45DC-9A6E-72ECE267F788}" .\debug.cpp(400) : Destination="\Device\NDMP16" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice" .\debug.cpp(400) : Destination="\Device\WMIAdminDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{3db0c7f9-f9ec-11dd-8ee8-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0" .\debug.cpp(400) : Destination="\Device\Tun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI9" .\debug.cpp(400) : Destination="\Device\EraserUtilDrv10920" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination="\Device\Video4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#HIDCLASS#0000#{57574d37-c5e9-412d-a115-fa6d779eff08}" .\debug.cpp(400) : Destination="\Device\0000000a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl" .\debug.cpp(400) : Destination="\Device\VolMgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000005f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AA7BA3E4-6E84-4391-AF36-990F521EC667}" .\debug.cpp(400) : Destination="\Device\NDMP3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr" .\debug.cpp(400) : Destination="\Device\RdpDrDvMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\00000069" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&18a2e25&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000007a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\00000053" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHidMgr" .\debug.cpp(400) : Destination="\Device\BTHidMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination="\Device\CompositeBattery" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination="\Device\WMIDataDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice" .\debug.cpp(400) : Destination="\Device\SpDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C01E#6&18a89d3a&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000090" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1" .\debug.cpp(400) : Destination="\Device\Serial0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth Fax Modem" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt" .\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\XAudio" .\debug.cpp(400) : Destination="\Device\XAudio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth" .\debug.cpp(400) : Destination="\Device\PEAuth" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F10001&REV_0900#4&32d912ea&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination="\Device\0000008d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTMgr" .\debug.cpp(400) : Destination="\Device\BTMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803A&SUBSYS_05711558&REV_00#4&271a6e5&0&39F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination="\Device\NamedPipe" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Lbd" .\debug.cpp(400) : Destination="\Device\Lbd" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000008c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3" .\debug.cpp(400) : Destination="\Device\Winachsf0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000064" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0006#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\00000059" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination="\Device\Mup" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15" .\debug.cpp(400) : Destination="\Device\NAVEX15" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched" .\debug.cpp(400) : Destination="\Device\Psched" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000008c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000005f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AC9DA846-C20C-435E-8E00-E5181B79BBA3}" .\debug.cpp(400) : Destination="\Device\NDMP4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM4" .\debug.cpp(400) : Destination="\Device\Serial3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice" .\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000006b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination="\Device\USBFDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0297&SUBSYS_05711558&REV_A1#4&12ac2c4d&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination="\Device\Tcp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F10001&REV_0900#4&32d912ea&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}" .\debug.cpp(400) : Destination="\Device\0000008d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0008#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\0000005b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM5" .\debug.cpp(400) : Destination="\Device\Serial4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8169&SUBSYS_05711558&REV_10#4&271a6e5&0&58F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0003#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\00000056" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination="\Device\USBFDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM6" .\debug.cpp(400) : Destination="\Device\Serial5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv" .\debug.cpp(400) : Destination="\Device\EraserCtrlDrv" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer" .\debug.cpp(400) : Destination="\Device\ConexantDiagnosticsServer" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination="\DosDevices\LPT1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&fb914ef&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000005f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000005f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F26D997E-07E4-4F14-9784-6D2C161038B5}" .\debug.cpp(400) : Destination="\Device\NDMP14" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A9064B0C-9EBC-4C5F-A2F5-CA365FACBE6C}" .\debug.cpp(400) : Destination="\Device\NDMP8" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination="\Device\USBFDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM7" .\debug.cpp(400) : Destination="\Device\Serial6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{3db0c7fc-f9ec-11dd-8ee8-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination="\Device\00000061" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination="\Device\FsWrap" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000005f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0007#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\0000005a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0004#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\00000057" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2F1F689C-4E19-439F-970B-9D3953DD3745}" .\debug.cpp(400) : Destination="\Device\NDMP9" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3" .\debug.cpp(400) : Destination="\Device\USBFDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM8" .\debug.cpp(400) : Destination="\Device\Serial7" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\kxryykob" .\debug.cpp(400) : Destination="\Device\kxryykob" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000050" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbMmDp32" .\debug.cpp(400) : Destination="\Device\MbMmDp32" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&f2a43fe&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4" .\debug.cpp(400) : Destination="\Device\USBFDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FA5FEC4F-2363-4CEF-BF2C-207DFCF6F71B}" .\debug.cpp(400) : Destination="\Device\NDMP6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM9" .\debug.cpp(400) : Destination="\Device\Serial8" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000062" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000048" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0005#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\00000058" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0002#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\00000055" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\0000000b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination="\GLOBAL??" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG" .\debug.cpp(400) : Destination="\Device\NAVENG" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000051" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:" .\debug.cpp(400) : Destination="\clfs" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0001#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination="\Device\0000004a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX" .\debug.cpp(400) : Destination="\Device\SRTSPX" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10018086&REV_02#4&18ca3d5f&0&00E0#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10018086&REV_02#4&18ca3d5f&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv" .\debug.cpp(400) : Destination="\Device\Secdrv" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv10920" .\debug.cpp(400) : Destination="\Device\EraserUtilDrv10920" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\0000007c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\00000068" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000052" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0" .\debug.cpp(400) : Destination="\Device\HSF_MDMDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A3F04F10-FC76-46FC-9E8F-27B734564D1C}" .\debug.cpp(400) : Destination="\Device\NDMP13" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{352C79AB-B68D-4768-8A93-06E1D1AFE8FF}" .\debug.cpp(400) : Destination="\Device\NDMP7" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0AE757D4-6131-4E7D-B60A-3C61B2794A3A}" .\debug.cpp(400) : Destination="\Device\NDMP1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS541616J9SA00_________________SB4OC70P#5&3832fb37&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000004f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\catchme" .\debug.cpp(400) : Destination="\Device\catchme" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip" .\debug.cpp(400) : Destination="\Device\nativewifip" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000048" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1f0bbc4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000048" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{43B21A2A-57C0-4B3B-8A10-B0E3A37170DF}" .\debug.cpp(400) : Destination="\Device\NDMP15" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VcommMgrDevice" .\debug.cpp(400) : Destination="\Device\VcommMgrDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000051" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000065" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination="\Device\MountPointManager" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7540A_________________1.01____#5&25794a92&0&1.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T1L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C01E#6&18a89d3a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000090" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000004b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000004d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl" .\debug.cpp(400) : Destination="\Device\ssmctl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP" .\debug.cpp(400) : Destination="\Device\0000008d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803B&SUBSYS_05711558&REV_00#4&271a6e5&0&3AF0#{2c9f2281-eb3c-11d6-80af-0001020c74d4}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi" .\debug.cpp(400) : Destination="\Device\Nsi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination="\Device\WANARP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl" .\debug.cpp(400) : Destination="\Device\PartmgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice" .\debug.cpp(400) : Destination="\Device\NXTIPSEC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\00000054" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000004b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_05711558&REV_02#3&21436425&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_05711558&REV_02#3&21436425&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}" .\debug.cpp(400) : Destination="\Device\0000008c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#NSC6001#3#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000007d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000005f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev" .\debug.cpp(400) : Destination="\Device\WFP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SASKUTIL" .\debug.cpp(400) : Destination="\Device\SASKUTIL" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination="\Device\NDMP11" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6" .\debug.cpp(400) : Destination="\Device\WANARPV6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO" .\debug.cpp(400) : Destination="\Device\ElbyCDIO" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC" .\debug.cpp(400) : Destination="\Device\ASYNCMAC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#NSC6001#3#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000007d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureE791E791Offset7E00Length2542978200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination="\Device\00000092" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000052" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0" .\debug.cpp(400) : Destination="\Device\1394BUS0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000050" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&35cf9db4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000005f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&3ccce59&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7540A_________________1.01____#5&25794a92&0&1.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T1L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination="\Device\NdisWan" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd" .\debug.cpp(400) : Destination="\Device\AscKmd" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI" .\debug.cpp(400) : Destination="\Device\SymTDI" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1206#4&18a2e25&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000007b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0" .\debug.cpp(400) : Destination="\Device\MICH_AZ0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH" .\debug.cpp(400) : Destination="\Device\NDMP10" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000008c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice" .\debug.cpp(400) : Destination="\Device\MPS" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\0000008c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\0000007c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5B57F689-8F2D-46EF-A146-A183C215B8B7}" .\debug.cpp(400) : Destination="\Device\NDMP5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV" .\debug.cpp(400) : Destination="\Device\SASDIFSV" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_05720000&REV_1000#4&32d912ea&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}" .\debug.cpp(400) : Destination="\Device\0000008c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9910E0F9-32C1-486B-8A25-AE2E168AF504}" .\debug.cpp(400) : Destination="\Device\NDMP2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination="\Device\VolMgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination="\Device\MailSlot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr" .\debug.cpp(400) : Destination="\Device\mbr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP" .\debug.cpp(400) : Destination="\Device\SRTSP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination="\DosDevices\COM1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\00000048" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6" .\debug.cpp(400) : Destination="\Device\NDMP12" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THM0#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000066" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination="" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination="\Device\Null" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv" .\debug.cpp(400) : Destination="\Device\SstpDrv" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination="\Device\Ndisuio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000005e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:" .\debug.cpp(400) : Destination="\Device\RaidPort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2896157a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle" .\debug.cpp(400) : Destination="\Device\WfpAle" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000005d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_05711558&REV_02#3&21436425&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM10" .\debug.cpp(400) : Destination="\Device\Serial9" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP" .\debug.cpp(400) : Destination="\Device\SynTP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0297&SUBSYS_05711558&REV_A1#4&12ac2c4d&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM11" .\debug.cpp(400) : Destination="\Device\Serial10" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb" .\debug.cpp(400) : Destination="\Device\avipbb" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000004e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PROCEXP113" .\debug.cpp(400) : Destination="\Device\PROCEXP113" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv" .\debug.cpp(400) : Destination="\Device\EraserUtilDrv10920" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C01E#5&3a3d845d&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000006a" .\debug.cpp(451) : ********************************************** .\boot_cleaner.cpp(1077) : System volume is \\.\C: .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 .\boot_cleaner.cpp(424) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826 .\boot_cleaner.cpp(1151) : .\boot_cleaner.cpp(1152) : Size Device Name MBR Status .\boot_cleaner.cpp(1153) : -------------------------------------------- .\boot_cleaner.cpp(1197) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) .\boot_cleaner.cpp(1203) : .\boot_cleaner.cpp(1242) : Done; |
|
| Themen zu Security Tool lässt sich auch mit der Anleitung nicht löschen |
| abgesicherte, abgesicherten, andere, anfang, anleitung, ausführen, blockiert, exe, forum, g lösche, heute, jahres, konnte, laptop, löschen, lösung, malwarebytes, modus, nicht löschen, problem, programm, programme, rkill, security, super, tool, troja, trojaner, virenprogramme |
Linear-Darstellung
