|
Log-Analyse und Auswertung: Antimalware Doctor noch immer auf meinem PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.08.2010, 11:54 | #1 |
| Antimalware Doctor noch immer auf meinem PC Hallo, Ich habe mir gestern auf irgend so einer Seite den Virus "Antimalware Doctor" gefangen. Ich bin bereits den Anweisungen zur Entfernung dieses Programms gefolgt (Malwarebytes Scan, CCleaner), jedoch bekomme ich immer noch Meldungen und das Programm zwingt mich zum Scannen auf. Ich habe hier die Logs von Malwarebytes' Anti-Malware und von HiJackThis. Ich hoffe, Ihr könnt damit etwas anfangen. Danke Logfile von Malwarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4450 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 20/08/2010 02:31:19 mbam-log-2010-08-20 (02-31-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 354390 Laufzeit: 1 Stunde(n), 28 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 8 Infizierte Dateien: 37 Infizierte Speicherprozesse: C:\Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> Unloaded process successfully. Infizierte Speichermodule: C:\Program Files\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDns) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gabpath (Adware.GabPath) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://home.tangotoolbar.com/) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\GabPath (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome (Adware.ResultDns) -> Delete on reboot. C:\Program Files\ResultDns (Adware.ResultDns) -> Delete on reboot. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences (Adware.ResultDns) -> Quarantined and deleted successfully. C:\ProgramData\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} (Adware.ResultDns) -> Delete on reboot. Infizierte Dateien: C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\GabPath\config.cfg (Adware.Agent) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\GabPath\GPUninstall.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\hwkip.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPPM84SB\mqupjickr[2].htm (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UJK292\mqupjickr[1].htm (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\wtpvaae.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Windows\System32\lwkip.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\GabPath\gabpath.exe (Adware.GabPath) -> Quarantined and deleted successfully. C:\Windows\System32\aa78.dll (Adware.Mirar) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\install.rdf (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome.manifest (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\ResultDns\uninstall.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome\resultdns.jar (Adware.ResultDns) -> Delete on reboot. C:\ProgramData\ResultDns\resultdns112.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences\prefs.js (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UJK292\newsecureapp70700[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\***\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\E487.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\E689.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Windows\System32\ywkip.exe (Trojan.Adware) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\unqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\Microsoft\Windows\jnipmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UJK292\nezgb[2].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\lqrog.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPPM84SB\qhysq[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UJK292\qhysq[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UJK292\nezgb[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\xcmosnerwa.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\mkcxhunr.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\byinmycbf\qaifplqshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPPM84SB\cgbvd[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DADBLAH3\cgbvd[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-08-20 12:29:45 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 6 GB (10%) free of 53 GB Total RAM: 2045 MB (51% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:29:59, on 20/08/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\WhatPulse\WhatPulse.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\System32\mobsync.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\***\Downloads\RSIT.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\trend micro\***.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://en.us.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.us.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [esnmocaxwr.exe] "C:\Users\***\AppData\Local\Temp\esnmocaxwr.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Antimalware Doctor.lnk = C:\Users\***\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7\newsecureapp70700.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 10643 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000UA.job C:\Windows\tasks\User_Feed_Synchronization-{E5145A7A-AF08-4E7E-AAB9-74C047D56293}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2006-11-16 299008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-21 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2006-11-16 151552] {AD6E6555-FB2C-47D4-8339-3E2965509877} - TerraTec Home Cinema - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL [2008-11-04 526336] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704] "Acer Tour"= [] "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-11-17 453120] "eRecoveryService"= [] "LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-10-31 304664] "WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2007-12-31 86960] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-11-23 7757824] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-11-23 81920] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104] "esnmocaxwr.exe"=C:\Users\***\AppData\Local\Temp\esnmocaxwr.exe [2010-08-20 42496] " Malwarebytes Anti-Malware (reboot)"=D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "WhatPulse"=C:\Program Files\WhatPulse\WhatPulse.exe [2009-04-08 2814976] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-06-24 247144] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon] C:\Program Files\Acer\OrbiCam10\OrbiCam.exe [2006-11-20 754712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 133104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-12-31 218032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2007-12-31 218032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe [2005-07-25 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] C:\Program Files\Launch Manager\HotkeyApp.exe [2006-12-22 204800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe [2006-08-29 241664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-28 244512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE [2007-12-31 3072000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] C:\Windows\system32\nvsvc.dll [2006-11-23 90191] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] c:\Program Files\Norton Internet Security\osCheck.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey] C:\Program Files\Launch Manager\PowerKey.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [2008-11-04 1105920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TerraTec Remote Control] C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe [2008-11-04 1105920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-06-24 247144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton] C:\Program Files\Launch Manager\Wbutton.exe [2006-11-09 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk] C:\Program Files\Last.fm\LastFMHelper.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk] C:\PROGRA~1\OPENOF~1.1\program\QUICKS~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Antimalware Doctor.lnk - C:\Users\***\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7\newsecureapp70700.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "AllowLegacyWebView"=1 "AllowUnhashedWebView"=1 "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-08-20 12:29:45 ----D---- C:\rsit 2010-08-20 12:29:45 ----D---- C:\Program Files\trend micro 2010-08-20 12:21:18 ----A---- C:\Windows\system32\drivers\xvqa.sys 2010-08-20 02:35:20 ----D---- C:\Users\***\AppData\Roaming\933452C29F284D9020EB484626E20D3A 2010-08-20 00:58:27 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-08-20 00:58:18 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-08-20 00:58:17 ----D---- C:\ProgramData\Malwarebytes 2010-08-20 00:58:17 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-08-20 00:38:05 ----D---- C:\Users\***\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7 2010-08-18 13:35:23 ----D---- C:\Program Files\OWON 2010-08-18 13:33:53 ----D---- C:\Windows\system32\OWONInstruments 2010-08-13 15:26:09 ----A---- C:\Windows\system32\iertutil.dll 2010-08-13 15:26:08 ----A---- C:\Windows\system32\mshtml.dll 2010-08-13 15:26:07 ----A---- C:\Windows\system32\ieframe.dll 2010-08-13 15:26:05 ----A---- C:\Windows\system32\urlmon.dll 2010-08-13 15:26:05 ----A---- C:\Windows\system32\msfeeds.dll 2010-08-13 15:26:05 ----A---- C:\Windows\system32\ie4uinit.exe 2010-08-13 15:26:04 ----A---- C:\Windows\system32\wininet.dll 2010-08-13 15:26:04 ----A---- C:\Windows\system32\occache.dll 2010-08-13 15:26:04 ----A---- C:\Windows\system32\mstime.dll 2010-08-13 15:26:04 ----A---- C:\Windows\system32\ieui.dll 2010-08-13 15:26:04 ----A---- C:\Windows\system32\iesysprep.dll 2010-08-13 15:26:04 ----A---- C:\Windows\system32\iepeers.dll 2010-08-13 15:26:04 ----A---- C:\Windows\system32\iedkcs32.dll 2010-08-13 15:26:03 ----A---- C:\Windows\system32\msfeedssync.exe 2010-08-13 15:26:03 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-08-13 15:26:03 ----A---- C:\Windows\system32\jsproxy.dll 2010-08-13 15:26:03 ----A---- C:\Windows\system32\ieUnatt.exe 2010-08-13 15:26:03 ----A---- C:\Windows\system32\iesetup.dll 2010-08-13 15:26:03 ----A---- C:\Windows\system32\iernonce.dll 2010-08-13 15:25:59 ----A---- C:\Windows\system32\iccvid.dll 2010-08-13 15:25:55 ----A---- C:\Windows\system32\schannel.dll 2010-08-13 15:25:46 ----A---- C:\Windows\system32\win32k.sys 2010-08-13 15:25:41 ----A---- C:\Windows\system32\rtutils.dll 2010-08-13 15:25:23 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-08-13 15:25:22 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-08-13 15:25:17 ----A---- C:\Windows\system32\msxml3.dll 2010-08-13 15:25:15 ----A---- C:\Windows\system32\drivers\srv.sys 2010-08-13 15:25:14 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-08-13 15:25:13 ----A---- C:\Windows\system32\drivers\tcpip.sys 2010-08-03 15:20:57 ----A---- C:\Windows\system32\shell32.dll ======List of files/folders modified in the last 1 months====== 2010-08-20 12:29:55 ----D---- C:\Windows\Temp 2010-08-20 12:29:45 ----RD---- C:\Program Files 2010-08-20 12:23:45 ----D---- C:\Windows\Minidump 2010-08-20 12:23:45 ----D---- C:\Windows\Debug 2010-08-20 12:23:45 ----AD---- C:\Windows 2010-08-20 12:21:18 ----D---- C:\Windows\system 2010-08-20 12:21:18 ----AD---- C:\Windows\system32\drivers 2010-08-20 11:59:39 ----AD---- C:\Windows\System32 2010-08-20 11:59:39 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-08-20 11:57:24 ----D---- C:\Windows\Tasks 2010-08-20 02:31:18 ----HD---- C:\ProgramData 2010-08-20 02:14:29 ----SHD---- C:\System Volume Information 2010-08-20 00:38:05 ----D---- C:\Windows\Prefetch 2010-08-18 13:44:43 ----D---- C:\Windows\WindowsMobile 2010-08-18 13:35:43 ----SHD---- C:\Windows\Installer 2010-08-18 13:35:40 ----D---- C:\Windows\inf 2010-08-18 13:35:13 ----D---- C:\Windows\system32\catroot2 2010-08-17 13:59:38 ----D---- C:\Program Files\Mozilla Firefox 2010-08-15 15:29:27 ----D---- C:\Windows\Microsoft.NET 2010-08-15 15:28:44 ----RSD---- C:\Windows\assembly 2010-08-15 14:13:10 ----D---- C:\Windows\winsxs 2010-08-15 13:57:48 ----D---- C:\Windows\system32\migration 2010-08-15 13:57:48 ----D---- C:\Program Files\Movie Maker 2010-08-15 13:57:48 ----D---- C:\Program Files\Internet Explorer 2010-08-15 13:52:21 ----D---- C:\ProgramData\Microsoft Help 2010-08-15 13:51:57 ----D---- C:\Windows\system32\catroot 2010-08-15 13:51:17 ----D---- C:\Program Files\Windows Mail 2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe 2010-07-21 17:46:50 ----D---- C:\Users\***\AppData\Roaming\vlc 2010-07-21 17:17:51 ----D---- C:\Program Files\VideoLAN ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2007-01-02 20264] R0 PSDNServ;PSDNSERVER; C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 7936] R0 psdvdisk;psdvdisk; C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 53760] R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2006-07-05 59256] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680] R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\Windows\System32\drivers\sfsync02.sys [2006-07-10 27032] R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-05-24 717296] R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 13952] R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867] R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2006-11-13 69632] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-10-05 1161152] R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792] R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-09 1647976] R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtport.sys [2009-06-11 12032] R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys [2009-06-11 10496] R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmodem.sys [2009-06-11 12928] R3 lv321av;Logitech USB PC Camera (VC0321); C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392] R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2006-11-28 1962784] R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-05 6144] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-11-23 4455264] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896] R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2006-06-06 11136] R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2006-06-06 46208] S0 gjmk;gjmk; C:\Windows\System32\drivers\xvqa.sys [2010-08-20 54016] S1 mailKmd;mailKmd; C:\Windows\system32\drivers\mailKmd.sys [] S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456] S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2007-01-26 4352] S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904] S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696] S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128] S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176] S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560] S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384] S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-19 10752] S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 FlashUSB;FlashUSB; C:\Windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896] S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088] S3 fwlanusbn;FRITZ!WLAN N; C:\Windows\system32\DRIVERS\fwlanusbn.sys [2007-12-19 401920] S3 GTF32BUS;GT F32 BUS; C:\Windows\system32\DRIVERS\gtf32bus.sys [2006-09-01 32640] S3 GTPTSER;GT PT SER; C:\Windows\system32\DRIVERS\gtptser.sys [2006-11-16 8064] S3 GTSCSER;GT SC SER; C:\Windows\system32\DRIVERS\gtscser.sys [2006-11-16 19328] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-07-11 101376] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864] S3 mod7700;Cinergy DT USB XS Diversity Capture Service; C:\Windows\system32\DRIVERS\mod7700.sys [2007-12-20 554240] S3 MODRC;Cinergy DT USB XS Diversity IR Service; C:\Windows\system32\DRIVERS\modrc.sys [2007-07-11 13824] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 o1394bul;o1394bul; \??\C:\Users\***\AppData\Local\Temp\o1394bul.sys [] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-10-03 99840] S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\Windows\System32\Drivers\SilvrLnk.sys [2004-01-28 21456] S3 TIEHDUSB;TIEHDUSB; C:\Windows\system32\drivers\tiehdusb.sys [2004-02-04 49536] S3 tt;owonhdsusb.sys, Owon Hds1000 usb Driver; C:\Windows\System32\Drivers\owonhdsusb.sys [2006-04-21 59168] S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872] S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2009-08-21 13056] S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2009-08-21 20864] S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2009-08-21 24960] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WINUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-04-11 31616] S3 WisINT15;WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [] S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2006-06-06 21632] S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2006-06-06 20864] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2006-06-06 6400] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S4 RsFx0102;RsFx0102 Driver; C:\Windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592] R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576] R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 118784] R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-11-16 45056] R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 24576] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 131072] S2 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [2010-01-28 130384] S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 190448] S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-11-28 101152] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30128\aspnet_state.exe [2010-01-28 35160] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] S3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2006-11-17 118784] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [2010-01-28 738656] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe [2010-01-28 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe [2010-01-28 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe [2010-01-28 124240] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688] S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072] -----------------EOF----------------- |
23.08.2010, 14:12 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor noch immer auf meinem PC Systemscan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
24.08.2010, 13:47 | #3 |
| Antimalware Doctor noch immer auf meinem PC Hallo,
__________________Ich habe noch ein paar mal mit Malwarebytes gescannt, es wurden immer weniger Viren, jedoch war zuletzt AntimalwareDoctor noch drauf. Hier sind die Logs von OTL: OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 24/08/2010 14:37:35 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Joseph\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 0000046E | Country: Luxembourg | Language: LBX | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 51,99 Gb Total Space | 1,56 Gb Free Space | 3,00% Space Free | Partition Type: NTFS Drive D: | 51,98 Gb Total Space | 34,64 Gb Free Space | 66,65% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Joseph\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org) PRC - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (SafeList) ========== MOD - C:\Users\Joseph\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\odbc32.dll (Microsoft Corporation) MOD - C:\Windows\System32\mfc42.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\System32\odbcint.dll (Microsoft Corporation) MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll () ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30128_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (WisINT15) -- C:\Elements\1stboot\WisINT15.SYS File not found DRV - (o1394bul) -- C:\Users\Joseph\AppData\Local\Temp\o1394bul.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.) DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.) DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.) DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUsb.sys (Danish Wireless Design A/S) DRV - (atapi) -- C:\Windows\system32\drivers\atapi.sys () DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA) DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (MODRC) -- C:\Windows\System32\drivers\modrc.sys (DiBcom S.A.) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\Windows\System32\drivers\lv321av.sys (Logitech Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.) DRV - (GTSCSER) -- C:\Windows\System32\drivers\gtscser.sys (Option N.V.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (GTF32BUS) -- C:\Windows\System32\drivers\gtf32bus.sys (Option N.V.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys () DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (tt) -- C:\Windows\System32\drivers\owonhdsusb.sys (zhangzhou lilliput optoelectronics institute co.,ltd.) DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O) DRV - (TIEHDUSB) -- C:\Windows\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated) DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\Windows\System32\drivers\SilvrLnk.sys (Texas Instruments Incorporated) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://en.us.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.us.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://en.us.acer.yahoo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 13:59:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/17 13:59:24 | 000,000,000 | ---D | M] [2010/08/24 12:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/08/20 15:38:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/08/17 13:59:13 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/08/17 13:59:13 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010/08/17 13:59:13 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/08/17 13:59:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/08/17 13:59:13 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.238.104.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/12/05 07:09:57 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\Shell - "" = AutoRun O33 - MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O33 - MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\Shell - "" = AutoRun O33 - MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\Shell - "" = AutoRun O33 - MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe -- File not found O33 - MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\Shell - "" = AutoRun O33 - MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found O33 - MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\Shell - "" = AutoRun O33 - MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found O33 - MountPoints2\{cbb16de2-c937-11de-a475-0016d350e09a}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{d7a81d20-d78a-11dd-b609-0016d350e09a}\Shell\AutoRun\command - "" = I:\StartPortableApps.exe -- File not found O33 - MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\Shell - "" = AutoRun O33 - MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\Shell - "" = AutoRun O33 - MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found O33 - MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\Shell - "" = AutoRun O33 - MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/08/22 22:24:10 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Local\Unity [2010/08/20 21:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\skypePM [2010/08/20 15:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2010/08/20 15:38:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2010/08/20 12:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010/08/20 12:29:45 | 000,000,000 | ---D | C] -- C:\rsit [2010/08/20 12:12:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010/08/20 00:58:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/08/20 00:58:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/08/20 00:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/08/20 00:38:26 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Local\byinmycbf [2010/08/20 00:38:11 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Local\Windows Server [2010/08/18 13:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\OWON [2010/08/18 13:33:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\OWONInstruments [2010/08/13 15:26:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010/08/13 15:26:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010/08/13 15:26:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010/08/13 15:26:04 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010/08/13 15:26:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/08/13 15:26:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/08/13 15:26:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010/08/13 15:26:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010/08/13 15:26:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/08/13 15:26:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010/08/13 15:26:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010/08/13 15:26:03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010/08/13 15:26:03 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/08/13 15:26:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/08/13 15:26:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010/08/13 15:25:59 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010/08/13 15:25:46 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010/08/13 15:25:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010/08/13 15:25:23 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010/08/13 15:25:22 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010/07/29 19:03:21 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Documents\Vacances [2006/12/05 10:51:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/08/24 14:39:13 | 003,932,160 | -HS- | M] () -- C:\Users\Joseph\NTUSER.DAT [2010/08/24 14:34:05 | 002,630,208 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/08/24 14:34:05 | 001,927,788 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/08/24 14:34:05 | 000,007,006 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/08/24 14:31:31 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/08/24 14:28:52 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/08/24 14:28:52 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/08/24 14:28:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/08/24 14:28:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/08/24 14:26:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/08/24 14:26:27 | 000,524,288 | -HS- | M] () -- C:\Users\Joseph\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/08/24 14:26:27 | 000,065,536 | -HS- | M] () -- C:\Users\Joseph\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/08/24 14:26:25 | 006,291,456 | -H-- | M] () -- C:\Users\Joseph\AppData\Local\IconCache.db [2010/08/24 13:50:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000UA.job [2010/08/24 13:50:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000Core.job [2010/08/24 12:49:18 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5145A7A-AF08-4E7E-AAB9-74C047D56293}.job [2010/08/20 21:04:50 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010/08/20 15:38:31 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010/08/20 12:25:59 | 000,294,412 | ---- | M] () -- C:\Users\Joseph\Documents\cc_20100820_122539.reg [2010/08/20 12:22:21 | 000,000,638 | ---- | M] () -- C:\Users\Joseph\Desktop\CCleaner.lnk [2010/08/20 00:58:20 | 000,000,624 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/08/20 00:38:17 | 000,000,005 | ---- | M] () -- C:\zrpt.xml [2010/08/15 14:01:47 | 000,316,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/08/06 18:07:59 | 000,002,255 | ---- | M] () -- C:\Users\Joseph\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/08/20 21:04:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010/08/20 15:38:31 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010/08/20 12:25:45 | 000,294,412 | ---- | C] () -- C:\Users\Joseph\Documents\cc_20100820_122539.reg [2010/08/20 12:22:21 | 000,000,638 | ---- | C] () -- C:\Users\Joseph\Desktop\CCleaner.lnk [2010/08/20 00:58:20 | 000,000,624 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/08/20 00:38:16 | 000,000,005 | ---- | C] () -- C:\zrpt.xml [2010/05/03 18:19:02 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2010/05/03 18:19:02 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010/02/22 17:34:49 | 000,008,398 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2010/02/18 15:57:58 | 000,000,106 | ---- | C] () -- C:\Windows\codelaro.ini [2009/08/17 13:46:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/17 13:45:51 | 000,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/31 15:19:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2009/07/31 15:19:18 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2009/07/31 12:32:33 | 000,000,085 | ---- | C] () -- C:\Windows\Realflight.INI [2009/07/31 12:29:31 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini [2009/07/26 15:08:06 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2008/10/05 19:57:21 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008/08/13 00:07:34 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2008/05/24 16:31:08 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2007/12/02 12:38:36 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI [2007/11/06 00:06:39 | 000,000,680 | ---- | C] () -- C:\Users\Joseph\AppData\Local\d3d9caps.dat [2007/10/11 20:25:45 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2007/10/11 20:21:42 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2007/10/11 20:20:15 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007/04/05 15:46:34 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2007/02/07 12:19:38 | 000,041,472 | ---- | C] () -- C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/02/04 11:18:47 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2007/02/03 03:56:21 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007/02/03 03:56:21 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007/02/03 03:55:03 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007/02/03 03:54:20 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2007/02/03 03:47:51 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini [2007/01/22 20:22:36 | 000,055,034 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2007/01/02 18:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007/01/02 18:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007/01/02 18:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007/01/02 18:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll [2007/01/02 18:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007/01/02 18:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007/01/02 18:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006/12/05 14:15:30 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2006/12/05 13:58:20 | 000,743,424 | R--- | C] () -- C:\Windows\libxml2.dll [2006/12/05 13:56:37 | 000,872,448 | R--- | C] () -- C:\Windows\iconv.dll [2006/12/05 10:51:17 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2006/12/05 07:10:14 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys [2006/12/05 07:09:00 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll [2006/12/02 20:32:24 | 000,000,042 | ---- | C] () -- C:\Windows\PreLaunch.ini [2006/12/02 20:32:23 | 000,204,800 | ---- | C] () -- C:\Windows\Capsule.dll [2006/12/02 20:32:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2002/02/27 18:50:00 | 000,197,120 | ---- | C] () -- C:\Windows\System32\patchw32.dll [2001/12/27 01:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001/09/04 08:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/31 01:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/24 07:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll < End of report > So wie: Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24/08/2010 14:37:35 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Joseph\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 0000046E | Country: Luxembourg | Language: LBX | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 51,99 Gb Total Space | 1,56 Gb Free Space | 3,00% Space Free | Partition Type: NTFS Drive D: | 51,98 Gb Total Space | 34,64 Gb Free Space | 66,65% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09C4276F-160D-4D2D-8213-A0759707E98B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{0A7BCE11-27FC-4324-AC84-605164ACEB07}" = lport=2869 | protocol=6 | dir=in | app=system | "{1250C5FE-EE34-4B01-BE33-C69CA3723E42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1372693F-B636-4929-8AF5-C81B78E74C41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{19AEAA7F-E8AF-43F0-80C2-EE3E11FFBA18}" = rport=137 | protocol=17 | dir=out | app=system | "{1F5AF1A9-F887-41F0-9A17-6AB4B389ACEB}" = lport=445 | protocol=6 | dir=in | app=system | "{1F6FBBA1-B7CA-44B1-AA82-25E57F1C0A8F}" = rport=445 | protocol=6 | dir=out | app=system | "{2825FD28-644C-4178-BABA-E891581C2874}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3915AE0A-E1BF-4176-A28E-41C859B44AC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{3B317CC8-C085-43D9-83BC-5E92CAFF7B7A}" = lport=139 | protocol=6 | dir=in | app=system | "{4E8D9EC0-0885-4C8F-90DE-1FEC701C1CAB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{538B1A06-9051-4955-930F-15FDCEF8A673}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{58605C72-0692-4767-912D-712B8C1E5835}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5DC87C24-FF21-4D96-8947-B3FC7A65E87B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{6284B1D3-6E09-4202-8BBC-8569CAC8A98A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{670B7933-7653-4B37-AE25-5C50E78FF65F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6BD66D0B-BFD8-4752-A3BC-076B49E44D1F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{769F4F47-AF56-4F2C-8A54-66547A68A081}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8405E434-0643-4531-956B-FA1BF2DD4F10}" = lport=2869 | protocol=6 | dir=in | app=system | "{87804F9E-2E25-4757-A038-C9F1F5F15330}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{92F52F82-A746-4018-8CD3-36D5D9AF4FD3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{99BE4BF5-FC3E-4B63-8A01-2A4CD3027D51}" = lport=138 | protocol=17 | dir=in | app=system | "{9C78A943-8ED6-4BBC-B219-5354AC652851}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A6404B2F-E858-4B23-838A-2DF95AEFCC92}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B05567B8-C44A-4231-96EF-90D185FD3E03}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B27D00F1-8108-45BE-A17F-2F43D3C61A1B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{B2CF5380-E5CE-4C7A-9EC7-534DA233F9F2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BC25F39F-B7A3-4AA1-B59F-7276C843106E}" = rport=138 | protocol=17 | dir=out | app=system | "{C07BB437-79E0-431B-B773-BE7556050C4E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C4C45A09-4E4D-4F22-92D4-5FB8DEC42F8C}" = rport=139 | protocol=6 | dir=out | app=system | "{CC335801-70AE-4B27-81D9-0EDDE14FA734}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{DD624100-27BA-4D24-9608-9CFA4C2906EB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DF3F3A8C-7B44-4E21-9076-4C41D5B8557F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DFBF39FD-A1B9-4C3F-9527-896D5C79D485}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{E3A69D1E-1E50-4B42-8699-BC883EABB7E7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E41E513D-6E03-49FF-B005-65D633680E95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E5633B34-EBE6-4F4F-93ED-0F54DED8DC3C}" = lport=2869 | protocol=6 | dir=in | app=system | "{EB767FCF-839A-4C21-8506-09A225C989B3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{EC64E1C4-B5C8-4980-A9D8-16047C2902D9}" = lport=137 | protocol=17 | dir=in | app=system | "{ED9BEAB6-1822-47CE-8CE0-2FBC78CEB427}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F181EC19-C28F-4844-90C5-D8827A4B24F3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{FA7F956A-F9CB-4138-B128-3754B6C63EE7}" = lport=2869 | protocol=6 | dir=in | app=system | "{FCB8ECB1-F528-4C4F-84D3-0F406B46A627}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02E8BBAE-E14F-4975-8148-D32FA50F042F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0A5EF2F5-ECD1-4B4F-8240-8623B0D6DD0B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0FBB531F-1DBE-49C5-9A29-CDF3831779CD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{11662FEA-1555-4549-9901-F2C7F2AC6CE8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{1739D1BD-DE3D-4D3E-BF5E-C3DECC6805CC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{18920867-ECAB-41D4-B4D5-21FB52F58176}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1EE69DFA-CCC7-4464-9369-B93E3A6E94C9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{23A2E8D0-5B84-48B9-8E54-91DC9194DFED}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{29F9CCAA-8D6D-44FA-BC22-C917CDD4E7BC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2BB5AE51-031F-4FA5-BE5F-DBE0E2339811}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2C5C772F-A4B8-48BC-A31A-ABE01E9301C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{31C0F322-59E4-4ADC-A18B-4B9C08A44C1D}" = protocol=17 | dir=in | app=c:\program files\cyanide\radsportmanager pro 2005-2006\cym2005.exe | "{39D78FF7-598A-4ED3-AC7E-7FA0CCF5C0A8}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "{3A1D3130-860E-48C1-A25B-5D83A10ED4FE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{3BAD6A77-C3D3-49BC-933D-1F708A1E67A7}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{3C9AD040-A26F-433E-A884-C1423A3C58A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4058AF9D-356C-4A93-908A-4F414CA1F08E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{481C4CD2-34F2-413A-A88F-A405186A1E6C}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{4AB8B68C-5E27-4979-B92B-C68EFB9C5122}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{53636527-7C75-4C43-B311-9A42882C6230}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe | "{54005500-71F5-426B-8D42-A9FF4DB0A5F7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{575B28A3-9E3E-4DDB-AE1C-BB100AB83FB6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{57B5071C-4DA5-4AE1-A365-AA1EDCFA3EC5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5AD54DFE-3029-4048-AA7F-D4E8DABF50BB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5BA23281-3480-48D5-A305-F61F2B43549E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5CBDE346-16CB-4EED-8561-88383FC984C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{645E776A-B8DD-4AE4-B2C7-ED84DD361222}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{6FA17350-2CE5-4CD9-9149-39F992E37D07}" = protocol=6 | dir=in | app=c:\program files\cyanide\radsportmanager pro 2005-2006\cym2005.exe | "{72E15782-3ACD-44D9-A1C0-54764469D675}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{778702ED-6EB9-4A81-8241-74285B7A390F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{79D699F6-0F97-4E3C-B656-4BF471C84BDE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{7A98E19B-F677-4EF7-B8B6-57242C15CF2E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8131E75F-120D-47A3-8905-95FB36259892}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{839A66A7-48AA-4BF4-81AC-46F838090879}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{8D9BEFF7-CAF5-44C3-A125-82B04838D422}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{963F7B8C-6DF7-4B2A-A8A0-E8E742CA186D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{97E18E7B-AF40-4B75-8ED4-2FECAD8C7F4E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9D822A95-9482-4CA5-BAFC-80444D4991E5}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "{9FCE865E-1CC8-4EE5-AA64-F9EC371EDB85}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{AE72EB08-6E5D-4967-BEF4-E9F30BA443BB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B0B2546F-223C-4710-8352-63E7AEEBF51F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B41AF908-9291-4118-9911-FAC860436E09}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B466DF3E-157F-4AD8-B71B-C4A732856972}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B4B37CE5-54D7-4502-844A-A5BA38A7570A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B9B35BC5-A721-4B0D-AB4B-6345014D37F9}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{C1DD537B-9350-49C1-9889-9348E2CFD2B6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C652FF59-B4AD-4248-B300-EC0C1C6427BD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{C68D5627-1E00-42DC-933C-5F1A379D1BE7}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{CD65B743-AC5A-4C3D-8D6E-BD95598C2B65}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D28E2822-9744-47B5-A5FC-B793DE313B40}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe | "{D75908BF-4898-4A45-8BF9-0C56F80AC29C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DD45D1C1-DE57-4A67-B044-114A23B30095}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EA3B351B-8289-44E6-A034-792682A93011}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F0CB7336-D76B-4845-9D7E-2441789E3D03}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F60C73CC-0FA1-481F-847B-0B53198C9226}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FD177EAA-89D1-49D8-82AC-485EF18A875C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}" = Safari "{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application "{1048B0D2-BAF6-4080-A3C5-2879026FCBF4}" = HdsSetup "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}" = Logitech Gaming Software "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter "{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{223E6BB9-6602-4ee4-A964-1B3EFD3C5B80}" = Canon MP130 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{28D1D5CE-45D6-4208-8B87-C752B5BC1E3B}" = Vodafone Mobile Connect "{2D84D8F3-0499-4CC5-98A2-F9D5F31308DB}" = FIFA 2002 "{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English) "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support "{471A9640-39F8-11D5-A07F-005004F915E3}" = Microsoft Games Pocket Pak for Pocket PC "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6 "{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta) "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F45E76-E897-42CA-A9FE-5F56817D875C}" = Locomotion "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips "{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3 "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager "{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe (inkl. Add-On 1) "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center "{90CA713A-5D86-40DF-9C29-C284497D3B5F}" = MioMap v3 Updater for PDA "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6 "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6 "{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6 "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B8742BE5-6238-3EC0-A9B9-CD562E054A54}" = Microsoft .NET Framework 4 Client Profile "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.1.1.3 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU "{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E0AD8FC1-1860-33CA-9CFE-5962B91DDDEB}" = Microsoft .NET Framework 4 Extended "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe "{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F59A3B93-6C1C-4C3E-BCC4-4897490E2963}" = LG Bluetooth Drivers "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FD71DDAA-EED9-450B-9F91-FADD43DD9CED}_is1" = ALNO AG Küchenplaner 0.96b "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "AcerOrbiCamDrv" = Acer Camera Driver "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "AutoHotkey" = AutoHotkey 1.0.48.03 "CCleaner" = CCleaner "Cheat Engine 5.5_is1" = Cheat Engine 5.5 "EPSON Printer and Utilities" = EPSON Printer Software "Evrsoft First Page 2006_is1" = Evrsoft First Page 2006 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt "Google Updater" = Google Updater "Graffiti Studio 2.0_is1" = Graffiti Studio 2.0 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2 "InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers. "JAP" = JAP "KSE Backgammon 2.0 (Pocket PC)" = KSE Backgammon 2.0 (Pocket PC) "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.2.0.42 (D) "MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D) "MAGIX Music Maker Hip Hop Edition 2 D" = MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D) "MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.54 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "MP Navigator 1.1" = Canon MP Navigator 1.1 "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "OmniGSoft Mini-Aquabike 1.0 for Pocket PC" = OmniGSoft Mini-Aquabike 1.0 for Pocket PC "OmniGSoft Mini-Sportsbike 1.0 for Pocket PC" = OmniGSoft Mini-Sportsbike 1.0 for Pocket PC "OmniGSoft Mini-TransCanada 1.2 for Pocket PC" = OmniGSoft Mini-TransCanada 1.2 for Pocket PC "PacSteamT" = PacSteamT "RealFlightG4Pro" = RealFlight G4 R/C Simulator "SecondLife" = SecondLife (remove only) "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "ST6UNST #1" = Bounty Hunter 2099 Pinball "Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944 "SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008) "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft's License Control" = Syncrosoft's License Control "SynTPDeinstKey" = Synaptics Pointing Device Driver "TmNationsForever_is1" = TmNationsForever Update 2010-03-15 "TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.0 "TomTom HOME" = TomTom HOME 2.7.5.2014 "VLC media player" = VLC media player 1.1.0 "WhatPulse" = WhatPulse 1.6.2.1 "WinGimp-2.0_is1" = GIMP 2.4.6 "WinLiveSuite_Wave3" = Windows Live Essentials "Xfire" = Xfire (remove only) "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar "Zattoo" = Zattoo 3.2.4 Beta ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22/08/2010 16:05:26 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3012 Description = Error - 22/08/2010 16:05:26 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3011 Description = Error - 22/08/2010 16:30:56 | Computer Name = Joseph-PC | Source = Application Error | ID = 1000 Description = Faulting application msnmsgr.exe, version 14.0.8089.726, time stamp 0x4a6ce533, faulting module MsgPlusLive.dll, version 4.70.0.334, time stamp 0x489d9678, exception code 0xc0000005, fault offset 0x000363a8, process id 0x1610, application start time 0x01cb4238d98469c4. Error - 23/08/2010 06:49:49 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3012 Description = Error - 23/08/2010 06:49:49 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3011 Description = Error - 23/08/2010 06:50:01 | Computer Name = Joseph-PC | Source = Google Update | ID = 20 Description = Error - 24/08/2010 06:52:43 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3012 Description = Error - 24/08/2010 06:52:43 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3011 Description = Error - 24/08/2010 08:34:02 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3012 Description = Error - 24/08/2010 08:34:02 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3011 Description = [ Media Center Events ] Error - 13/02/2010 12:24:56 | Computer Name = Joseph-PC | Source = Media Center Guide | ID = 0 Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide [ OSession Events ] Error - 28/12/2007 12:02:05 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5359 seconds with 4140 seconds of active time. This session ended with a crash. Error - 15/12/2009 11:47:11 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 26 seconds with 0 seconds of active time. This session ended with a crash. Error - 12/01/2010 13:14:58 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 12/01/2010 13:21:32 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 379 seconds with 60 seconds of active time. This session ended with a crash. Error - 12/01/2010 13:21:56 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 12/01/2010 13:22:23 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash. Error - 12/01/2010 13:23:09 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 18/01/2010 11:40:34 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55 seconds with 0 seconds of active time. This session ended with a crash. Error - 18/01/2010 11:45:15 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash. Error - 29/07/2010 13:08:29 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 446 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 22/08/2010 17:38:44 | Computer Name = Joseph-PC | Source = cdrom | ID = 262159 Description = The device, \Device\CdRom0, is not ready for access yet. Error - 22/08/2010 17:38:45 | Computer Name = Joseph-PC | Source = cdrom | ID = 262159 Description = The device, \Device\CdRom0, is not ready for access yet. Error - 22/08/2010 17:38:46 | Computer Name = Joseph-PC | Source = cdrom | ID = 262159 Description = The device, \Device\CdRom0, is not ready for access yet. Error - 22/08/2010 17:38:48 | Computer Name = Joseph-PC | Source = PlugPlayManager | ID = 12 Description = The device 'TSSTcorp CD/DVDW TS-L632D ATA Device' (IDE\CdRomTSSTcorp_CD/DVDW_TS-L632D_______________ac00____\5&214dc5be&0&1.1.0) disappeared from the system without first being prepared for removal. Error - 22/08/2010 17:38:47 | Computer Name = Joseph-PC | Source = cdrom | ID = 262159 Description = The device, \Device\CdRom0, is not ready for access yet. Error - 22/08/2010 17:38:48 | Computer Name = Joseph-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort1. Error - 22/08/2010 17:38:48 | Computer Name = Joseph-PC | Source = cdrom | ID = 262159 Description = The device, \Device\CdRom0, is not ready for access yet. Error - 23/08/2010 06:45:52 | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7026 Description = Error - 24/08/2010 06:46:34 | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7026 Description = Error - 24/08/2010 08:29:20 | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > Gruss, SirSpeedy |
24.08.2010, 17:52 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor noch immer auf meinem PC Poste dann auch die neuere Logs von Malwarebytes, da ich wissen muss, was noch gefunden wurde.
__________________ Logfiles bitte immer in CODE-Tags posten |
24.08.2010, 18:15 | #5 |
| Antimalware Doctor noch immer auf meinem PC Hallo, Es wurden 6 Dateien gefunden: Log Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4469 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 24/08/2010 14:26:04 mbam-log-2010-08-24 (14-26-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 348848 Laufzeit: 1 Stunde(n), 21 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Joseph\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Joseph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. |
24.08.2010, 18:45 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor noch immer auf meinem PC Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O33 - MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\Shell - "" = AutoRun O33 - MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O33 - MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\Shell - "" = AutoRun O33 - MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\Shell - "" = AutoRun O33 - MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe -- File not found O33 - MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\Shell - "" = AutoRun O33 - MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found O33 - MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\Shell - "" = AutoRun O33 - MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found O33 - MountPoints2\{cbb16de2-c937-11de-a475-0016d350e09a}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{d7a81d20-d78a-11dd-b609-0016d350e09a}\Shell\AutoRun\command - "" = I:\StartPortableApps.exe -- File not found O33 - MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\Shell - "" = AutoRun O33 - MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\Shell - "" = AutoRun O33 - MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\Shell - "" = AutoRun O33 - MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found O33 - MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\Shell - "" = AutoRun O33 - MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found [2010/08/20 00:38:26 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Local\byinmycbf [2010/08/20 00:38:11 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Local\Windows Server [2010/08/20 00:38:17 | 000,000,005 | ---- | M] () -- C:\zrpt.xml :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Antimalware Doctor noch immer auf meinem PC |
24.08.2010, 20:39 | #7 |
| Antimalware Doctor noch immer auf meinem PC Getan. Log: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\ not found. File F:\pushinst.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b5525c-735b-11dd-becc-0018ded2c45d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b5525c-735b-11dd-becc-0018ded2c45d}\ not found. File F:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b55269-735b-11dd-becc-0018ded2c45d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b55269-735b-11dd-becc-0018ded2c45d}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45406dd4-299e-11dd-8898-0016d350e09a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45406dd4-299e-11dd-8898-0016d350e09a}\ not found. File G:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5396b090-56b7-11df-97bc-0016d350e09a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5396b090-56b7-11df-97bc-0016d350e09a}\ not found. File E:\USBAutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\ not found. File F:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\ not found. File F:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60275abe-d791-11dd-a196-0018ded2c45d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60275abe-d791-11dd-a196-0018ded2c45d}\ not found. File H:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b52639e-1163-11de-8750-0018ded2c45d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b52639e-1163-11de-8750-0018ded2c45d}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b5263b7-1163-11de-8750-0016cfec2a79}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b5263b7-1163-11de-8750-0016cfec2a79}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\ not found. File H:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb7f1025-140d-11df-a763-0016d350e09a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb7f1025-140d-11df-a763-0016d350e09a}\ not found. File E:\pushinst.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbb16de2-c937-11de-a475-0016d350e09a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbb16de2-c937-11de-a475-0016d350e09a}\ not found. File J:\InstallTomTomHOME.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7a81d20-d78a-11dd-b609-0016d350e09a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7a81d20-d78a-11dd-b609-0016d350e09a}\ not found. File I:\StartPortableApps.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\ not found. File F:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\ not found. File H:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\ not found. File G:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\StartVMCLite.exe not found. C:\Users\Joseph\AppData\Local\byinmycbf folder moved successfully. C:\Users\Joseph\AppData\Local\Windows Server folder moved successfully. C:\zrpt.xml moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes User: Joseph ->Temp folder emptied: 32638 bytes ->Java cache emptied: 3997523 bytes ->FireFox cache emptied: 76811970 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes User: Patrick ->Temp folder emptied: 34459 bytes User: Public User: ReleaseEngineer.MACROVISION %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 249797131 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 315,00 mb OTL by OldTimer - Version 3.2.10.0 log created on 08242010_211248 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
24.08.2010, 22:45 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor noch immer auf meinem PC Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.08.2010, 22:57 | #9 |
| Antimalware Doctor noch immer auf meinem PC Hier die Log: Combofix Logfile: Code:
ATTFilter ComboFix 10-08-24.07 - Joseph 25/08/2010 20:47:41.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.352.1033.18.2045.1307 [GMT 2:00] Running from: c:\users\Joseph\Desktop\cofi.exe SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\users\Joseph\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7\enemies-names.txt c:\users\Joseph\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7\local.ini c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk -- Previous Run -- Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe Infected copy of c:\windows\System32\wininit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe -------- c:\windows\system32\wininit.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 ))))))))))))))))))))))))))))))) . 2010-08-25 18:57 . 2010-08-25 21:29 -------- d-----w- c:\users\Joseph\AppData\Local\temp 2010-08-25 18:57 . 2010-08-25 18:57 -------- d-----w- c:\users\Patrick\AppData\Local\temp 2010-08-25 18:57 . 2010-08-25 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-24 19:12 . 2010-08-24 19:12 -------- d-----w- C:\_OTL 2010-08-22 20:27 . 2010-08-22 20:27 -------- d-----w- c:\users\Joseph\AppData\Roaming\Unity 2010-08-22 20:24 . 2010-08-22 20:24 -------- d-----w- c:\users\Joseph\AppData\Local\Unity 2010-08-20 19:04 . 2010-08-20 19:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-08-20 19:04 . 2010-08-20 19:04 -------- d-----w- c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\skypePM 2010-08-20 19:04 . 2010-08-20 19:04 -------- d-----w- c:\users\ReleaseEngineer.MACROVISION 2010-08-20 13:39 . 2010-08-20 19:09 -------- d-----w- c:\users\Joseph\AppData\Roaming\Skype 2010-08-20 13:38 . 2010-08-20 13:38 -------- d-----w- c:\program files\Common Files\Skype 2010-08-20 13:38 . 2010-08-20 13:38 -------- d-----r- c:\program files\Skype 2010-08-20 10:29 . 2010-08-20 10:30 -------- d-----w- C:\rsit 2010-08-20 10:29 . 2010-08-20 10:29 -------- d-----w- c:\program files\trend micro 2010-08-20 00:35 . 2010-08-20 00:35 -------- d-----w- c:\users\Joseph\AppData\Roaming\933452C29F284D9020EB484626E20D3A 2010-08-19 22:58 . 2010-08-19 22:58 -------- d-----w- c:\users\Joseph\AppData\Roaming\Malwarebytes 2010-08-19 22:58 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-19 22:58 . 2010-08-19 22:58 -------- d-----w- c:\programdata\Malwarebytes 2010-08-19 22:58 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-18 11:35 . 2010-08-18 11:35 -------- d-----w- c:\program files\OWON 2010-08-18 11:33 . 2010-08-18 11:33 -------- d-----w- c:\windows\system32\OWONInstruments 2010-08-13 13:25 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-08-13 13:25 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll 2010-08-13 13:25 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-08-13 13:25 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-08-13 13:25 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-13 13:25 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-13 13:25 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-13 13:25 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-13 13:25 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-13 13:25 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-25 10:29 . 2007-02-03 01:48 12 ----a-w- c:\windows\bthservsdp.dat 2010-08-20 13:38 . 2007-04-29 10:37 -------- d-----w- c:\programdata\Skype 2010-08-15 11:52 . 2007-12-19 21:02 -------- d-----w- c:\programdata\Microsoft Help 2010-08-15 11:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-15 11:44 . 2007-02-03 20:10 35416 ----a-w- c:\users\Joseph\AppData\Roaming\nvModes.dat 2010-07-21 15:46 . 2008-03-23 15:26 -------- d-----w- c:\users\Joseph\AppData\Roaming\vlc 2010-07-21 15:17 . 2008-03-23 15:08 -------- d-----w- c:\program files\VideoLAN 2010-06-29 06:01 . 2007-11-05 22:06 680 ----a-w- c:\users\Joseph\AppData\Local\d3d9caps.dat 2010-06-26 06:05 . 2010-08-13 13:26 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-13 13:26 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 06:02 . 2010-08-13 13:26 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 04:25 . 2010-08-13 13:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\12886\AdobeARM.exe 2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\12886\AdobeExtractFiles.dll 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\12886\ReaderUpdater.exe 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\12886\AcrobatUpdater.exe 2006-05-03 09:06 . 2008-10-05 17:57 163328 --sh--r- c:\windows\System32\flvDX.dll 2007-02-21 10:47 . 2008-10-05 17:57 31232 --sh--r- c:\windows\System32\msfDX.dll 2008-03-16 12:30 . 2008-10-05 17:57 216064 --sh--r- c:\windows\System32\nbDX.dll . ------- Sigcheck ------- [-] 2009-04-11 06:32 . 977AD7568C1B6A8D92EDC31ED8EB9B4C . 19944 . . [------] . . c:\windows\System32\drivers\atapi.sys [7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [7] 2008-02-27 . B35CFCEF838382AB6490B321C87EDF17 . 21560 . . [6.0.6000.16632] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [7] 2008-01-19 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120] "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-12-31 86960] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Joseph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk] path=c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk backup=c:\windows\pss\Last.fm Helper.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Joseph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk] path=c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk backup=c:\windows\pss\OpenOffice.org 2.1.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Joseph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] path=c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon] 2006-11-20 17:09 754712 ----a-w- c:\program files\Acer\OrbiCam10\OrbiCam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-09-07 13:07 133104 ----atw- c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] 2005-10-22 23:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2007-12-31 14:19 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2007-12-31 14:19 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-02-19 11:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] 2005-07-25 12:36 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2006-12-22 09:07 204800 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD] 2006-08-29 08:26 241664 ----a-w- c:\program files\Launch Manager\OSDCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] 2006-11-28 16:38 244512 ----a-w- c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect.EXE] 2007-12-31 14:20 3072000 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] 2008-06-17 14:00 1249280 ----a-w- d:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2006-11-22 22:29 90191 ----a-w- c:\windows\System32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-01-31 21:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor] 2008-11-04 10:06 1105920 ----a-w- c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng] 2008-01-29 15:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TerraTec Remote Control] 2008-11-04 10:06 1105920 ----a-w- c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton] 2006-11-09 13:37 86016 ----a-w- c:\program files\Launch Manager\WButton.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center] 2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):23,16,25,e4,36,1f,ca,01 R1 mailKmd;mailKmd; [x] R2 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86;c:\windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [2010-01-28 130384] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-26 4352] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896] R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088] R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2007-12-19 401920] R3 MODRC;Cinergy DT USB XS Diversity IR Service;c:\windows\system32\DRIVERS\modrc.sys [2007-07-11 13824] R3 o1394bul;o1394bul;c:\users\Joseph\AppData\Local\Temp\o1394bul.sys [x] R3 tt;owonhdsusb.sys, Owon Hds1000 usb Driver;c:\windows\system32\Drivers\owonhdsusb.sys [2006-04-21 59168] R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x] R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [2010-01-28 738656] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128] R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-05-24 717296] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688] S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792] S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-06-11 12032] S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-06-11 10496] S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-06-11 12928] S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-08-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 12:42] 2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000Core.job - c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 13:07] 2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000UA.job - c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 13:07] 2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{E5145A7A-AF08-4E7E-AAB9-74C047D56293}.job - c:\windows\system32\msfeedssync.exe [2010-08-13 04:24] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.google.com mStart Page = hxxp://en.us.acer.yahoo.com uInternet Settings,ProxyOverride = fritz.box uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://www.yahoo.com IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) MSConfigStartUp-AVMWlanClient - c:\program files\avmwlanstick\wlangui.exe MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe MSConfigStartUp-PowerKey - c:\program files\Launch Manager\PowerKey.exe MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-08-25 23:32 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\TEMP\TMP0000000A86BD860FDB0B752A 524288 bytes executable scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wvudmctcrqucplr] "imagepath"="\??\c:\windows\TEMP\E698.tmp" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xyrfgvxveobayne] "imagepath"="\??\c:\windows\TEMP\E7A2.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4033196447-1890306390-1010895685-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{56994F70-5643-455F-F3BE-F00A46CF6B07}*] "habgmhijojcncpim"=hex:6b,61,63,66,62,6d,67,65,66,6e,6b,70,67,6a,63,6a,61,6c, 61,61,6a,62,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(3004) c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\acer\Empowering Technology\EPOWER\SysHook.dll c:\windows\system32\btncopy.dll d:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\windows\system32\conime.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\RtHDVCpl.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\acer\Mobility Center\MobilityService.exe c:\windows\ehome\ehmsas.exe c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\acer\Empowering Technology\ENET\ENMTRAY.EXE c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE c:\windows\system32\wbem\unsecapp.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2010-08-25 23:40:15 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-25 21:40 Pre-Run: 1*749*069*824 bytes free Post-Run: 2*657*067*008 bytes free - - End Of File - - 0E2E1798EB68A38F44D36DF03273477D Gruss |
26.08.2010, 10:11 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor noch immer auf meinem PC Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
27.08.2010, 15:16 | #11 |
| Antimalware Doctor noch immer auf meinem PC Puh, hoffen die Scans waren erfolgreich. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-08-27 15:47:05 Windows 6.0.6002 Service Pack 2 Running: x7qsvr1u.exe; Driver: C:\Users\Joseph\AppData\Local\Temp\kflyqpow.sys ---- Kernel code sections - GMER 1.0.15 ---- .rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x807F0014] .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C20A340, 0x292427, 0xE8000020] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74707817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7475A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7470BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74738395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7470DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7478CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7472C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74702AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\tifm21 \Device\TIFMxx21DE-0 BD023192 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79@001620a37b62 0x21 0x22 0xD9 0x32 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79@001cd41a1124 0xF1 0x4C 0x23 0x88 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79@0023b433acf0 0xCE 0xA2 0xAF 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79@0022a949d7c8 0x38 0x60 0x7B 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79@5cac4cd24428 0xDA 0xCD 0xAF 0x24 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x86 0xB4 0x12 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5F 0x63 0x5D 0xA9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDA 0x4D 0xA7 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x62 0xC2 0x6A 0x64 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79@001620a37b62 0x21 0x22 0xD9 0x32 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79@001cd41a1124 0xF1 0x4C 0x23 0x88 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79@0023b433acf0 0xCE 0xA2 0xAF 0xED ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79@0022a949d7c8 0x38 0x60 0x7B 0xE2 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79@5cac4cd24428 0xDA 0xCD 0xAF 0x24 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x86 0xB4 0x12 0x8D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5F 0x63 0x5D 0xA9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDA 0x4D 0xA7 0xB2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x62 0xC2 0x6A 0x64 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{56994F70-5643-455F-F3BE-F00A46CF6B07} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{56994F70-5643-455F-F3BE-F00A46CF6B07}@habgmhijojcncpim 0x6B 0x61 0x63 0x66 ... ---- Files - GMER 1.0.15 ---- File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ---- OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:11:19 on 27.08.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000Core.job" - "Google Inc." - C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000UA.job" - "Google Inc." - C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "TIControlPanel.cpl" - "Texas Instruments Incorporated" - C:\Windows\system32\TIControlPanel.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "NokiaConnectionManager" - "Nokia" - D:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\Windows\System32\Drivers\GEARAspiWDM.sys "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "IDE Channel" (atapi) - ? - C:\Windows\System32\drivers\atapi.sys (File found, but it contains no detailed information) "int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kflyqpow" (kflyqpow) - ? - C:\Users\Joseph\AppData\Local\Temp\kflyqpow.sys (Hidden registry entry, rootkit activity | File not found) "mailKmd" (mailKmd) - ? - C:\Windows\system32\drivers\mailKmd.sys (File not found) "o1394bul" (o1394bul) - ? - C:\Users\Joseph\AppData\Local\Temp\o1394bul.sys (File not found) "owonhdsusb.sys, Owon Hds1000 usb Driver" (tt) - "zhangzhou lilliput optoelectronics institute co.,ltd." - C:\Windows\System32\Drivers\owonhdsusb.sys "PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys "psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfvfs02.sys "Team H2O CLEDX service" (CLEDX) - "Team H2O" - C:\Windows\System32\DRIVERS\cledx.sys "TIEHDUSB" (TIEHDUSB) - "Texas Instruments Incorporated" - C:\Windows\System32\drivers\tiehdusb.sys "UBHelper" (UBHelper) - ? - C:\Windows\system32\drivers\UBHelper.sys (File found, but it contains no detailed information) "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "WisINT15" (WisINT15) - ? - C:\Elements\1stboot\WisINT15.SYS (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Dossiers Web" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "FileTimeShlExt Class" - "Texas Instruments Incorporated" - C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - D:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Users\Joseph\Desktop\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {238F6F83-B8B4-11CF-8771-00A024541EE3} "{238F6F83-B8B4-11CF-8771-00A024541EE3}" - ? - (File not found | COM-object registry key not found) / hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll "ICQ6" - "ICQ, Inc." - C:\Program Files\ICQ6\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll {AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Windows\system32\ActiveToolBand.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {02478D38-C3F9-4EFB-9B51-7695ECA05670} "Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "WhatPulse" - "WhatPulse.org" - C:\Program Files\WhatPulse\WhatPulse.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AcerOrbicamRibbon" - "Acer Inc." - "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide "eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe "ISUSScheduler" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start "LogitechCommunicationsManager" - "Acer Inc." - "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple, Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30128\aspnet_state.exe "Automatic LiveUpdate Scheduler" (Automatic LiveUpdate Scheduler) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe "eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe "ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe "eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe "eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - c:\Program Files\Common Files\LightScribe\LSSrvc.exe "LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE "LiveUpdate Notice Service" (LiveUpdate Notice Service) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe "LiveUpdate Notice Service Ex" (LiveUpdate Notice Ex) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe "Microsoft .NET Framework NGEN v4.0.30128_X86" (clr_optimization_v4.0.30128_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe ===[ Logfile end ]=========================================[ Logfile end ]=== Bootkit Remover Log Code:
ATTFilter .\debug.cpp(238) : Debug log started at 27.08.2010 - 14:12:50 .\boot_cleaner.cpp(675) : Bootkit Remover .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab .\boot_cleaner.cpp(677) : www.esagelab.com .\boot_cleaner.cpp(681) : Program version: 1.1.0.0 .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x82644000 0x003b9000 "\SystemRoot\system32\ntkrnlpa.exe" .\debug.cpp(256) : 0x82611000 0x00033000 "\SystemRoot\system32\hal.dll" .\debug.cpp(256) : 0x80405000 0x00007000 "\SystemRoot\system32\kdcom.dll" .\debug.cpp(256) : 0x8040c000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll" .\debug.cpp(256) : 0x8047c000 0x00011000 "\SystemRoot\system32\PSHED.dll" .\debug.cpp(256) : 0x8048d000 0x00008000 "\SystemRoot\system32\BOOTVID.dll" .\debug.cpp(256) : 0x80495000 0x00041000 "\SystemRoot\system32\CLFS.SYS" .\debug.cpp(256) : 0x804d6000 0x000e0000 "\SystemRoot\system32\CI.dll" .\debug.cpp(256) : 0x8060f000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys" .\debug.cpp(256) : 0x8068b000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS" .\debug.cpp(256) : 0x80698000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys" .\debug.cpp(256) : 0x806de000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS" .\debug.cpp(256) : 0x806e7000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys" .\debug.cpp(256) : 0x806ef000 0x00027000 "\SystemRoot\system32\drivers\pci.sys" .\debug.cpp(256) : 0x80716000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys" .\debug.cpp(256) : 0x80725000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys" .\debug.cpp(256) : 0x80728000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0x80732000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys" .\debug.cpp(256) : 0x80741000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys" .\debug.cpp(256) : 0x8078b000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys" .\debug.cpp(256) : 0x80792000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS" .\debug.cpp(256) : 0x807cd000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys" .\debug.cpp(256) : 0x807dd000 0x00009000 "\SystemRoot\System32\drivers\sfsync02.sys" .\debug.cpp(256) : 0x807e6000 0x00004000 "\SystemRoot\System32\Drivers\UBHelper.sys" .\debug.cpp(256) : 0x807ea000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys" .\debug.cpp(256) : 0x805b6000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS" .\debug.cpp(256) : 0x8300d000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys" .\debug.cpp(256) : 0x8303f000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys" .\debug.cpp(256) : 0x8304f000 0x00009000 "\SystemRoot\system32\DRIVERS\psdfilter.sys" .\debug.cpp(256) : 0x83058000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys" .\debug.cpp(256) : 0x830c9000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys" .\debug.cpp(256) : 0x831d4000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys" .\debug.cpp(256) : 0x83208000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS" .\debug.cpp(256) : 0x83243000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys" .\debug.cpp(256) : 0x8332d000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys" .\debug.cpp(256) : 0x88605000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys" .\debug.cpp(256) : 0x88715000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys" .\debug.cpp(256) : 0x8874e000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys" .\debug.cpp(256) : 0x88756000 0x00018000 "\SystemRoot\System32\drivers\sfvfs02.sys" .\debug.cpp(256) : 0x8876e000 0x00008000 "\SystemRoot\System32\drivers\sfhlp02.sys" .\debug.cpp(256) : 0x88776000 0x00013000 "\SystemRoot\System32\drivers\sfdrv01.sys" .\debug.cpp(256) : 0x88789000 0x00012000 "\SystemRoot\system32\drivers\psdvdisk.sys" .\debug.cpp(256) : 0x8879b000 0x00002000 "\SystemRoot\system32\drivers\PSDNServ.sys" .\debug.cpp(256) : 0x8879d000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys" .\debug.cpp(256) : 0x887ac000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys" .\debug.cpp(256) : 0x887d3000 0x00011000 "\SystemRoot\system32\drivers\disk.sys" .\debug.cpp(256) : 0x83348000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS" .\debug.cpp(256) : 0x887e4000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys" .\debug.cpp(256) : 0x8337c000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys" .\debug.cpp(256) : 0x83387000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys" .\debug.cpp(256) : 0x83390000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0x8339f000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys" .\debug.cpp(256) : 0x8c20a000 0x00440000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys" .\debug.cpp(256) : 0x8c64a000 0x000a1000 "\SystemRoot\System32\drivers\dxgkrnl.sys" .\debug.cpp(256) : 0x8c6eb000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys" .\debug.cpp(256) : 0x8c6f7000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys" .\debug.cpp(256) : 0x8bc01000 0x001c1000 "\SystemRoot\system32\DRIVERS\NETw3v32.sys" .\debug.cpp(256) : 0x8bdc2000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0x8c784000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0x8bdcd000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0x8bddc000 0x0001a000 "\SystemRoot\system32\DRIVERS\sdbus.sys" .\debug.cpp(256) : 0x8bdf6000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0x833a8000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0x8c7f0000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0x833bb000 0x0002b000 "\SystemRoot\system32\DRIVERS\SynTP.sys" .\debug.cpp(256) : 0x8bdfa000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0x833e6000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0x805d4000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0x8bdfc000 0x00002000 "\SystemRoot\system32\DRIVERS\NTIDrvr.sys" .\debug.cpp(256) : 0x8c200000 0x00007000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys" .\debug.cpp(256) : 0x8c807000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys" .\debug.cpp(256) : 0x8c836000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys" .\debug.cpp(256) : 0x8c877000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0x8c882000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0x8c899000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0x8c8a4000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0x8c8c7000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0x8c8d6000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0x8c8ea000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys" .\debug.cpp(256) : 0x8c8ff000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0x8c90f000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0x8c911000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0x8c93b000 0x00003000 "\SystemRoot\system32\drivers\WmBEnum.sys" .\debug.cpp(256) : 0x8c93e000 0x0000c000 "\SystemRoot\system32\drivers\WmXlCore.sys" .\debug.cpp(256) : 0x8c94a000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0x8c954000 0x0000e000 "\SystemRoot\system32\DRIVERS\cledx.sys" .\debug.cpp(256) : 0x8c962000 0x00003000 "\SystemRoot\system32\DRIVERS\lgbtbus.sys" .\debug.cpp(256) : 0x8c965000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys" .\debug.cpp(256) : 0x8c972000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0x8c9a7000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0x8c9b8000 0x00004000 "\SystemRoot\system32\DRIVERS\lgvmodem.sys" .\debug.cpp(256) : 0x8c9bc000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys" .\debug.cpp(256) : 0x8c9c9000 0x00003000 "\SystemRoot\system32\DRIVERS\lgbtport.sys" .\debug.cpp(256) : 0x8cc0f000 0x00191000 "\SystemRoot\system32\drivers\RTKVHDA.sys" .\debug.cpp(256) : 0x8cda0000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0x8cdcd000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0x8ce08000 0x0011c000 "\SystemRoot\system32\DRIVERS\AGRSM.sys" .\debug.cpp(256) : 0x8cf24000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0x8cf2d000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0x8cf34000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0x8cf44000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0x8cf4b000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0x8cf57000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS" .\debug.cpp(256) : 0x8cf78000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0x8cf80000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys" .\debug.cpp(256) : 0x8cf88000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0x8cf93000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0x8cfa1000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0x8cfaa000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys" .\debug.cpp(256) : 0x8cfc0000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys" .\debug.cpp(256) : 0x8d209000 0x00048000 "\SystemRoot\system32\drivers\afd.sys" .\debug.cpp(256) : 0x8d251000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0x8d283000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys" .\debug.cpp(256) : 0x8d299000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0x8d2a7000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0x8d2ba000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0x8d2f6000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys" .\debug.cpp(256) : 0x8d300000 0x00003000 "\SystemRoot\System32\Drivers\Hotkey.SYS" .\debug.cpp(256) : 0x8d303000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys" .\debug.cpp(256) : 0x8da03000 0x001de000 "\SystemRoot\system32\DRIVERS\LVMVDrv.sys" .\debug.cpp(256) : 0x8d31a000 0x000ce000 "\SystemRoot\system32\DRIVERS\lv321av.sys" .\debug.cpp(256) : 0x8dbe1000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys" .\debug.cpp(256) : 0x8dbee000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys" .\debug.cpp(256) : 0x8d3e8000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys" .\debug.cpp(256) : 0x962b0000 0x00203000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0x8d3f0000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0x8cfd4000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys" .\debug.cpp(256) : 0x964d0000 0x00009000 "\SystemRoot\System32\TSDDD.dll" .\debug.cpp(256) : 0x964f0000 0x0000e000 "\SystemRoot\System32\cdd.dll" .\debug.cpp(256) : 0x8cfe3000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys" .\debug.cpp(256) : 0x9ba0d000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys" .\debug.cpp(256) : 0x9babd000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys" .\debug.cpp(256) : 0x9bacd000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys" .\debug.cpp(256) : 0x9baf7000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0x9bb01000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys" .\debug.cpp(256) : 0x9bb14000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys" .\debug.cpp(256) : 0x9bb81000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys" .\debug.cpp(256) : 0x9bb9e000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys" .\debug.cpp(256) : 0x9bbb7000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys" .\debug.cpp(256) : 0x9bbcc000 0x00021000 "\SystemRoot\system32\drivers\mrxdav.sys" .\debug.cpp(256) : 0x8c9cc000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0x9d60a000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys" .\debug.cpp(256) : 0x9d643000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys" .\debug.cpp(256) : 0x9d65b000 0x00027000 "\SystemRoot\System32\DRIVERS\srv2.sys" .\debug.cpp(256) : 0x9d682000 0x0004e000 "\SystemRoot\System32\DRIVERS\srv.sys" .\debug.cpp(256) : 0x9d6d0000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys" .\debug.cpp(256) : 0x9d6e6000 0x00011000 "\??\C:\Windows\system32\drivers\int15.sys" .\debug.cpp(256) : 0x9d6f7000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS" .\debug.cpp(256) : 0x9d71f000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys" .\debug.cpp(256) : 0x9d600000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS" .\debug.cpp(256) : 0x9bbed000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys" .\debug.cpp(256) : 0x8c7c2000 0x00017000 "\??\C:\Users\Joseph\AppData\Local\Temp\kflyqpow.sys" .\debug.cpp(256) : 0x807a0000 0x0002d000 "\SystemRoot\system32\DRIVERS\pcmcia.sys" .\debug.cpp(256) : 0xbd000000 0x0002e000 "\SystemRoot\system32\drivers\tifm21.sys" .\debug.cpp(256) : 0xbd02e000 0x0001c000 "\SystemRoot\system32\DRIVERS\Rtlh86.sys" .\debug.cpp(256) : 0x77820000 0x00127000 "\Windows\System32\ntdll.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000005a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000008" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000046" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination="\Device\Video0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000076" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination="\Device\Ndis" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{686068EB-1EB4-40A3-8922-CFF278C162FA}" .\debug.cpp(400) : Destination="\Device\NDMP18" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000044" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination="\Device\Video1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSDVDiskTemp" .\debug.cpp(400) : Destination="\Device\PSDVDiskTemp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination="\Device\Video2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FE39A392-9F2F-4ED6-A048-7A71FD852A52}" .\debug.cpp(400) : Destination="\Device\NDMP30" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice" .\debug.cpp(400) : Destination="\Device\WMIAdminDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&21558de7&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{60C4332C-62B4-4CA6-B119-1A28F468AA43}" .\debug.cpp(400) : Destination="\Device\NDMP3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9}" .\debug.cpp(400) : Destination="\Device\NDMP23" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000045" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}" .\debug.cpp(400) : Destination="\Device\00000076" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination="\Device\Video3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl" .\debug.cpp(400) : Destination="\Device\VolMgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62}" .\debug.cpp(400) : Destination="\Device\NDMP19" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination="\Device\Video4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPL2388#5&422345b&0&UID280#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}" .\debug.cpp(400) : Destination="\Device\0000007a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0" .\debug.cpp(400) : Destination="\Device\Tun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000007f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfsync02i" .\debug.cpp(400) : Destination="\Device\sfsync02i" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\00000076" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803B&SUBSYS_01071025&REV_00#4&2cabf08d&0&32F0#{2c9f2281-eb3c-11d6-80af-0001020c74d4}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination="\Device\CompositeBattery" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FF439460-52DE-411E-8C6F-4DC818CE5EE1}" .\debug.cpp(400) : Destination="\Device\NDMP2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10018086&REV_02#4&17ad8718&0&00E2#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LGE Virtual Modem" .\debug.cpp(400) : Destination="\Device\00000073" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\0000006a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000011" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_01071025&REV_02#3&21436425&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0003#{d50f1fe3-64e1-4ce7-aac3-410dc6b98b2d}" .\debug.cpp(400) : Destination="\Device\0000004f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice" .\debug.cpp(400) : Destination="\Device\SpDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination="\Device\WMIDataDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth" .\debug.cpp(400) : Destination="\Device\PEAuth" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&ActiveSyncWPDEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination="\Device\0000007e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination="\Device\NamedPipe" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfhlp02i" .\debug.cpp(400) : Destination="\Device\sfhlp02i" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM27" .\debug.cpp(400) : Destination="\Device\00000073" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000054" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3" .\debug.cpp(400) : Destination="\Device\AgereModem5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_3026&SUBSYS_10250100&REV_1006#4&14c70871&0&0101#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination="\Device\00000077" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice" .\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2215D338-64ED-4121-99F1-BFBDAB675739}" .\debug.cpp(400) : Destination="\Device\NDMP14" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM28" .\debug.cpp(400) : Destination="\Device\00000074" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched" .\debug.cpp(400) : Destination="\Device\Psched" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination="\Device\Mup" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000005c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{84E1A471-F4DA-4BDF-A4E8-3BB14E58B4BC}" .\debug.cpp(400) : Destination="\Device\NDMP5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1ff35374&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination="\Device\Tcp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination="\Device\USBFDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{845be5c3-b439-11db-85f3-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_01D7&SUBSYS_01071025&REV_A1#4&1c716b25&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfdrv01" .\debug.cpp(400) : Destination="\Device\sfdrv01" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8ACB5A22-0394-40DD-A14C-3817B4E70107}" .\debug.cpp(400) : Destination="\Device\NDMP7" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0010#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination="\Device\USBFDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_01071025&REV_02#3&21436425&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Agere Systems HDA Modem" .\debug.cpp(400) : Destination="\Device\00000077" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfvfs02" .\debug.cpp(400) : Destination="\Device\sfvfs02" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0009#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0015#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000010" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000011" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination="\Device\USBFDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination="\DosDevices\LPT1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3977CB03-ACE8-445E-8510-4918127ABA4F}" .\debug.cpp(400) : Destination="\Device\NDMP8" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F956B924-B91D-4C01-96ED-787FC947813C}" .\debug.cpp(400) : Destination="\Device\NDMP12" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3" .\debug.cpp(400) : Destination="\Device\USBFDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination="\Device\FsWrap" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination="\Device\00000051" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________ac00____#5&214dc5be&0&1.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T1L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{845be5bf-b439-11db-85f3-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000052" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4" .\debug.cpp(400) : Destination="\Device\USBFDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000048" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_3026&SUBSYS_10250100&REV_1006#4&14c70871&0&0101#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\00000077" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LGBT#LGBT_modem#1&431a56f&0&0000#{769829ad-0071-4e70-a1b0-d56dbfc1c628}" .\debug.cpp(400) : Destination="\Device\00000073" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureB53AB53AOffset7E00Length1F4117A00#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureB53AB53AOffset1F411F800LengthCFF6D8600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination="\GLOBAL??" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS1#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000057" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000014" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000044" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LGBT#LGBT_modem#1&431a56f&0&0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination="\Device\00000073" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:" .\debug.cpp(400) : Destination="\clfs" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000076" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS0#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000056" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&21558de7&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000008" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&34e8c3c5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv" .\debug.cpp(400) : Destination="\Device\Secdrv" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_01D7&SUBSYS_01071025&REV_A1#4&1c716b25&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0010#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\int15" .\debug.cpp(400) : Destination="\Device\int15" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000076" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1c214eb5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip" .\debug.cpp(400) : Destination="\Device\nativewifip" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfdrv01i" .\debug.cpp(400) : Destination="\Device\sfdrv01i" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10018086&REV_02#4&17ad8718&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000055" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_01071025&REV_01#4&16535a13&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0014#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000007f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination="\Device\MountPointManager" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfsync02" .\debug.cpp(400) : Destination="\Device\sfsync02" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000045" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\kflyqpow" .\debug.cpp(400) : Destination="\Device\kflyqpow" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl" .\debug.cpp(400) : Destination="\Device\PartmgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfhlp02" .\debug.cpp(400) : Destination="\Device\sfhlp02" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0013#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0004#{508a919c-d155-4cf7-863e-de014cbb1b90}" .\debug.cpp(400) : Destination="\Device\00000050" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0896#5&1e9490a9&0&7#{fb6c428a-0353-11d1-905f-0000c0cc16ba}" .\debug.cpp(400) : Destination="\Device\USBPDO-5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination="\Device\WANARP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0017#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000007c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi" .\debug.cpp(400) : Destination="\Device\Nsi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1C0414E5-8DCB-4F7E-AE11-4C318B2703DF}" .\debug.cpp(400) : Destination="\Device\NDMP4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{84C7DA36-B4B8-4384-8F67-227704D1F3E3}" .\debug.cpp(400) : Destination="\Device\NDMP9" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7B31554B-FC77-467A-9BD1-1FD00CB197CF}" .\debug.cpp(400) : Destination="\Device\NDMP10" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54126D3A-1F7B-481B-AA83-DFE4BE82171D}" .\debug.cpp(400) : Destination="\Device\NDMP16" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_01071025&REV_02#3&21436425&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F}" .\debug.cpp(400) : Destination="\Device\NDMP24" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice" .\debug.cpp(400) : Destination="\Device\NXTIPSEC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfvfs02i" .\debug.cpp(400) : Destination="\Device\sfvfs02i" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0011#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination="\Device\NDMP21" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev" .\debug.cpp(400) : Destination="\Device\WFP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6" .\debug.cpp(400) : Destination="\Device\WANARPV6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{442A5B3D-9FD2-4348-8647-624CC2BD2198}" .\debug.cpp(400) : Destination="\Device\NDMP25" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPL2388#5&422345b&0&UID280#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}" .\debug.cpp(400) : Destination="\Device\0000007a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination="\Device\0000007b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5660E17F-5C10-4FD0-82C7-F1B4C2C4F949}" .\debug.cpp(400) : Destination="\Device\NDMP26" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{845be5c0-b439-11db-85f3-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CE53E496-4163-416E-A8C3-646C4F712890}" .\debug.cpp(400) : Destination="\Device\NDMP1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0011#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{66313009-8F7E-42E2-9C3A-F44CE14C3F20}" .\debug.cpp(400) : Destination="\Device\NDMP17" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000048" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LGBT#LGBT_transport#1&431a56f&0&0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\00000074" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________ac00____#5&214dc5be&0&1.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T1L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureB53AB53AOffsetEF37F7E00LengthCFEF00400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NTIDrvr" .\debug.cpp(400) : Destination="\Device\NTIDrvr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_01071025&REV_02#3&21436425&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH" .\debug.cpp(400) : Destination="\Device\NDMP20" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{a530a220-8e1d-11d3-87a1-00104be390af}" .\debug.cpp(400) : Destination="\Device\0000004d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0302#4&eb94406&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000069" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&eb94406&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000068" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd" .\debug.cpp(400) : Destination="\Device\AscKmd" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination="\Device\NdisWan" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS541612J9SA00_________________SBDOC70P#5&e941519&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2FAF8F3-CE8D-4D5C-82AF-ACAE63744075}" .\debug.cpp(400) : Destination="\Device\NDMP6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0009#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F27D7546-0502-48A8-A374-01A1EC4BBABD}" .\debug.cpp(400) : Destination="\Device\NDMP13" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0015#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000010" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_01071025&REV_02#3&21436425&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice" .\debug.cpp(400) : Destination="\Device\MPS" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination="\Device\VolMgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{be472025-8177-11d3-87a1-00104be390af}" .\debug.cpp(400) : Destination="\Device\0000004d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0896#5&1e9490a9&0&7#{6994ad05-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\USBPDO-5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}" .\debug.cpp(400) : Destination="\Device\00000076" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSDVDisk" .\debug.cpp(400) : Destination="\Device\PSDVDisk" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0053D894-9CCD-48FA-BE75-C82C0B862241}" .\debug.cpp(400) : Destination="\Device\NDMP11" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6" .\debug.cpp(400) : Destination="\Device\NDMP22" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination="\DosDevices\COM1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination="\Device\MailSlot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSDNServ" .\debug.cpp(400) : Destination="\Device\PSDNServ" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&a840b01&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&e58f58a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination="\Device\Null" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:" .\debug.cpp(400) : Destination="\Device\RaidPort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0896#5&1e9490a9&0&7#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000004b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination="\Device\Ndisuio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0896#5&1e9490a9&0&7#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\USBPDO-5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv" .\debug.cpp(400) : Destination="\Device\SstpDrv" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination="" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_01071025&REV_01#4&16535a13&0&00E0#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AGRSM_xface" .\debug.cpp(400) : Destination="\Device\AGRSM_xface" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UBHelper0" .\debug.cpp(400) : Destination="\Device\UBHelper0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0013#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000004a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle" .\debug.cpp(400) : Destination="\Device\WfpAle" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP" .\debug.cpp(400) : Destination="\Device\SynTP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0017#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000007c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0B445639-B454-43BF-A2FB-49D9E835E9DB}" .\debug.cpp(400) : Destination="\Device\NDMP29" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000059" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000046" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HOTKEY" .\debug.cpp(400) : Destination="\Device\HOTKEY" .\debug.cpp(451) : ********************************************** .\boot_cleaner.cpp(1077) : System volume is \\.\C: .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`f411f800 .\boot_cleaner.cpp(424) : Boot sector MD5 is: 4857c98ecdcb93636f1a53bbb301a72f .\boot_cleaner.cpp(1151) : .\boot_cleaner.cpp(1152) : Size Device Name MBR Status .\boot_cleaner.cpp(1153) : -------------------------------------------- .\boot_cleaner.cpp(1197) : 111 GB \\.\PhysicalDrive0 Unknown boot code .\boot_cleaner.cpp(1203) : .\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks. .\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector: .\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file] .\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command: .\boot_cleaner.cpp(1217) : remover.exe fix <device_name> .\boot_cleaner.cpp(1220) : .\boot_cleaner.cpp(1242) : Done; |
27.08.2010, 19:33 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor noch immer auf meinem PCZitat:
Hast Du auf Deinem Computer noch eine andere atapi.sys, außer die in system32\drivers? Durchsuch mal Laufwerk C
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Antimalware Doctor noch immer auf meinem PC |
32 bit, adobe, adware.adparatus, adware.adrotator, adware.bho, adware.gabpath, adware.mirar, adware.resultdns, adware.trymedia, agere systems, browser, converter, defender, device driver, diagnostics, explorer, firefox, fontcache, hdaudio.sys, hijack, hijack.startpage, home premium, hotkey.sys, install.exe, local\temp, mdm.exe, microsoft, mozilla, notepad.exe, nvlddmkm.sys, pdf, plug-in, popup, preferences, programdata, realtek, registry, remote control, rogue.antimalwaredoctor, rootkit.dropper, rundll, scan, senden, server, software, sptd.sys, start menu, stick, svchost.exe, symantec, system, trojan.adware, trymedia, virus, vista 32, vista 32 bit, vodafone, wireless lan, wmp, wscript.exe |