Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Antimalware Doctor erfolgreich entfernt? (https://www.trojaner-board.de/90036-antimalware-doctor-erfolgreich-entfernt.html)

mo9 26.08.2010 18:39
Antimalware Doctor erfolgreich entfernt?
 
Guten Tag,

vorab: Herzlichen Dank dafür, dass Ihr PC-Virenopfern
so engagiert helft. IHR MACHT EINEN SUPER JOB!!!

Gestern Nacht hat sich Antimalware Doctor in meinem
Notebook eingenistet, NortonIS 2010 meldete plötzlich diverse Infektionen,
die es aber scheinbar entfernen konnte.

NIS entfernte diverse Infektionen:
Code:
26.08.2010 02:38,Hoch,a0000043.exe (Bloodhound.MalPE) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion
25.08.2010 23:59,Hoch,unqo.exe (unqo.exe) erkannt von SONAR,Isoliert,Behoben - Keine Aktion
25.08.2010 23:58,Hoch,unqo.exe (unqo.exe) erkannt von SONAR,Isoliert,Behoben - Keine Aktion
25.08.2010 23:58,Hoch,wtpvaae.exe (W32.Pilleuz) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,qhysq[1].htm (Downloader) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,mqupjickr[2].htm (W32.Pilleuz) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,izqlfr[2].htm (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,qhysqcardvipx.htm (Downloader) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,mqupjickr[1].htm (W32.Pilleuz) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,wtpvaae.exe (W32.Pilleuz) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,izqlfr[1].htm (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,mqupjickr[1].htm (W32.Pilleuz) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,qhysqcam484bx.htm (Downloader) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,qhysq[1].htm (Downloader) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,mqupjickr[1].htm (W32.Pilleuz) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,izqlfr[1].htm (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,tpcuqc.exe (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,izqlfr[1].htm (Trojan.Gen) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,qhysq[1].htm (Downloader) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,lqrog.exe (Downloader) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,sphlp.dll (Trojan.Bamital) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion
25.08.2010 23:53,Hoch,hlp.dat (Trojan.Bamital) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion

Anti-Malware entferte diverse andere Infektionen.
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4479

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

26.08.2010 00:35:33
mbam-log-2010-08-26 (00-35-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 21264
Laufzeit: 3 Minute(n), 2 Sekunde(n)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ekpqubch (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ekpqubch (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mnxresaocw.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Temp\E_N4 (Worm.Autorun) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Anwendungsdaten\kmptrchug\bevhcppshdw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\9F4EF0A12E32FE80ACA7A7219B9479FE\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Temp\mnxresaocw.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Temp\74A.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Temp\74B.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Temp\74C.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Temp\E_N4\krnln.fnr (Trojan.GamesThief) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Temp\E_N4\eCalc.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Temp\E_N4\GDI+Ö§³Ö¿â.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Temp\E_N4\PhyDMACC.dll (Worm.Autorun) -> Quarantined and deleted successfully.
Obwohl anschliessend weder NIS noch AM bei erneute Scans fündig wurde,
war immer noch "der Wurm drin".
Die NIS Firewall meldete nämlich diverse Tidserv Requests 2 zum SVCHOST.




RKill elimierte dann auch noch ein paar unerwünschte Besucher.
(Leider kein Protokoll)


Also war's ein Rootkit, das ComboFix.exe scheinbar entfernt hat.
(Ich hatte die Anleitung zu ComboFix.exe so verstanden, als würde es
erstmal nur ein Log erstellen, daher habe ich es "ohne Helfer" gestartet.)

Code:
ComboFix 10-08-25.01 - xxx 26.08.2010  16:13:04.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2909.2370 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\All Users\Dokumente\von m2\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
ADS - WINDOWS: deleted 8 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_@54E.tmp
c:\dokumente und einstellungen\xxx\Anwendungsdaten\9F4EF0A12E32FE80ACA7A7219B9479FE
c:\dokumente und einstellungen\xxx\Anwendungsdaten\9F4EF0A12E32FE80ACA7A7219B9479FE\enemies-names.txt
c:\dokumente und einstellungen\xxx\Anwendungsdaten\9F4EF0A12E32FE80ACA7A7219B9479FE\local.ini
c:\dokumente und einstellungen\xxx\Anwendungsdaten\9F4EF0A12E32FE80ACA7A7219B9479FE\lsrslt.ini
c:\dokumente und einstellungen\xxx\Anwendungsdaten\EurekaLog
c:\dokumente und einstellungen\xxx\Anwendungsdaten\inst.exe
c:\dokumente und einstellungen\xxx\g2mdlhlpx.exe
c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Windows Server
c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Windows Server\admin.txt
c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Windows Server\server.dat
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\Temp
c:\windows\system32\Temp\KSKD87SFDS
c:\windows\wc98pp.dll

Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-26 bis 2010-08-26  ))))))))))))))))))))))))))))))
.

2010-08-25 22:48 . 2010-08-25 22:48        --------        d-----w-        c:\programme\Sophos
2010-08-25 21:53 . 2010-08-25 22:35        --------        d-----w-        c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\kmptrchug
2010-08-23 19:09 . 2010-08-23 19:09        --------        d-----w-        c:\programme\t@b
2010-08-23 12:36 . 2010-08-23 12:37        --------        d-----w-        c:\programme\DivX
2010-08-23 12:32 . 2010-08-23 12:33        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
2010-08-23 12:32 . 2010-08-23 12:32        --------        d-----w-        c:\programme\SmartSound Software
2010-08-23 12:30 . 2004-07-16 14:47        14165        ----a-w-        c:\windows\system32\drivers\Pclepci.sys
2010-08-23 12:29 . 2004-03-10 13:27        11264        ----a-w-        c:\windows\system32\drivers\asapiW2k.sys
2010-08-23 12:29 . 2004-03-10 13:26        406016        ----a-w-        c:\windows\system32\PSDrvCheck.exe
2010-08-23 12:29 . 2004-03-10 13:27        19456        ----a-w-        c:\windows\system32\asapi.dll
2010-08-23 12:29 . 2003-03-15 20:15        90112        ----a-w-        c:\windows\unvise32.exe
2010-08-23 12:25 . 2004-01-23 15:44        61440        ----a-w-        c:\windows\system32\pclepim1.dll
2010-08-23 12:25 . 2003-11-21 15:48        61440        ----a-w-        c:\windows\system32\MFC71ITA.DLL
2010-08-23 12:25 . 2003-11-21 15:48        61440        ----a-w-        c:\windows\system32\MFC71FRA.DLL
2010-08-23 12:25 . 2003-11-21 15:48        49152        ----a-w-        c:\windows\system32\MFC71KOR.DLL
2010-08-23 12:25 . 2003-11-21 15:48        49152        ----a-w-        c:\windows\system32\MFC71JPN.DLL
2010-08-23 12:25 . 2004-01-23 15:44        49152        ----a-w-        c:\windows\system32\PCLEGetGuid.dll
2010-08-23 12:25 . 2003-11-21 15:48        61440        ----a-w-        c:\windows\system32\MFC71ESP.DLL
2010-08-23 12:25 . 2003-11-21 15:48        57344        ----a-w-        c:\windows\system32\MFC71ENU.DLL
2010-08-23 12:25 . 2003-11-21 15:48        45056        ----a-w-        c:\windows\system32\MFC71CHT.DLL
2010-08-23 12:25 . 2003-11-21 15:48        40960        ----a-w-        c:\windows\system32\MFC71CHS.DLL
2010-08-23 12:06 . 2010-08-23 12:37        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Pinnacle
2010-08-23 12:06 . 2010-08-23 12:26        --------        d-----w-        c:\programme\Pinnacle
2010-08-20 15:22 . 2010-08-23 19:15        --------        d-----w-        C:\temp
2010-08-19 13:48 . 2009-08-18 11:06        114688        ----a-r-        c:\windows\system32\drivers\ZTEusbnet.sys
2010-08-19 13:48 . 2009-08-18 11:06        105088        ----a-r-        c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-08-19 13:48 . 2009-08-18 11:06        105088        ----a-r-        c:\windows\system32\drivers\zteusbvoice.sys
2010-08-19 13:48 . 2009-08-18 11:06        105088        ----a-r-        c:\windows\system32\drivers\ZTEusbnmea.sys
2010-08-19 13:48 . 2009-08-18 11:06        105088        ----a-r-        c:\windows\system32\drivers\ZTEusbser6k.sys
2010-08-19 13:47 . 2010-08-19 13:47        --------        d-----w-        c:\programme\Vodafone
2010-08-19 13:46 . 2010-08-19 13:46        --------        d-----w-        c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\{460B8D94-E5AF-4A67-B475-D079D5805431}
2010-08-14 17:51 . 2010-08-14 17:51        --------        d-----w-        c:\programme\Gemeinsame Dateien\Futuremark Shared
2010-08-14 17:14 . 2010-07-09 11:18        20328        ----a-w-        c:\windows\system32\drivers\cpuz134_x32.sys
2010-08-13 16:30 . 2010-08-13 16:30        --------        d-----w-        c:\programme\Poedit
2010-08-11 21:42 . 2010-08-11 21:43        --------        d-----w-        c:\programme\MyDefrag v4.3.1
2010-08-11 21:42 . 2010-05-21 10:11        475648        ----a-w-        c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2010-08-11 21:42 . 2010-05-21 10:11        1061888        ----a-w-        c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2010-08-11 16:29 . 2010-08-11 16:29        --------        d-----w-        c:\programme\StreamTransport
2010-08-11 16:01 . 2010-08-11 16:01        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\ProgSense
2010-08-10 23:04 . 2010-08-10 23:04        --------        d-----w-        c:\programme\MATCO22
2010-08-10 21:52 . 2010-08-10 22:27        --------        d-----w-        c:\programme\DEFRAG-DIRMS
2010-08-03 19:17 . 2007-02-21 10:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2010-08-03 16:51 . 2010-08-25 21:32        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\vlc
2010-07-28 12:11 . 2010-07-28 12:11        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2010-07-28 12:06 . 2010-07-28 12:10        --------        d-----w-        c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Temp
2010-07-28 12:06 . 2010-07-28 12:06        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2010-07-28 12:06 . 2010-08-07 12:11        --------        d-----w-        c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Google
2010-07-28 12:06 . 2010-07-28 12:10        --------        d-----w-        c:\programme\Google

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 14:11 . 2010-03-08 14:31        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\VMware
2010-08-26 14:11 . 2010-03-08 14:32        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\VMware
2010-08-26 14:11 . 2009-02-04 12:32        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\WTablet
2010-08-26 14:09 . 2009-02-03 22:43        12        ----a-w-        c:\windows\bthservsdp.dat
2010-08-26 13:00 . 2009-10-19 07:31        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\Skype
2010-08-26 07:24 . 2009-10-19 07:33        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\skypePM
2010-08-26 06:36 . 2008-07-23 08:24        98328        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-26 06:36 . 2008-07-23 08:24        493256        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-25 22:53 . 2009-01-24 23:01        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\Orbit
2010-08-25 22:30 . 2009-08-31 08:56        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2010-08-25 21:59 . 2010-06-23 15:17        13452184        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-08-25 21:55 . 2010-04-26 18:28        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\FileZilla
2010-08-23 12:45 . 2008-07-23 08:38        117872        ----a-w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-08-23 12:24 . 2008-07-23 09:03        --------        d--h--w-        c:\programme\InstallShield Installation Information
2010-08-20 21:21 . 2008-07-23 09:37        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-08-19 13:47 . 2010-04-06 13:49        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Vodafone
2010-08-16 11:51 . 2009-10-29 21:15        --------        d-----w-        c:\programme\JDownloader
2010-08-14 20:11 . 2009-02-10 11:42        1629        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\xmlFA.tmp
2010-08-14 20:11 . 2009-02-10 11:42        14252        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\xmlF9.tmp
2010-08-14 20:11 . 2009-02-10 11:42        10390        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\xmlF8.tmp
2010-08-13 09:37 . 2010-04-26 18:28        --------        d-----w-        c:\programme\FileZilla FTP Client
2010-08-11 21:06 . 2008-09-30 18:33        198184        ----a-w-        c:\windows\Contig.exe
2010-08-11 16:01 . 2009-12-25 18:48        --------        d-----w-        c:\programme\Orbitdownloader
2010-08-10 23:05 . 2010-08-10 23:05        21630        ----a-r-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\Microsoft\Installer\{F81B7B81-6458-4A38-A261-BC163E16EB8B}\_2cd672ae.exe
2010-08-10 23:05 . 2010-08-10 23:05        21630        ----a-r-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\Microsoft\Installer\{F81B7B81-6458-4A38-A261-BC163E16EB8B}\_4ae13d6c.exe
2010-08-10 22:01 . 2010-08-10 22:01        1078        ----a-r-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\Microsoft\Installer\{B550D1C2-13FE-4F1E-AEAB-9AF26CF3506D}\_bb32ea6.exe
2010-08-10 22:01 . 2010-08-10 22:01        1078        ----a-r-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\Microsoft\Installer\{B550D1C2-13FE-4F1E-AEAB-9AF26CF3506D}\_12db153c.exe
2010-08-09 07:34 . 2009-12-02 17:20        --------        d-----w-        c:\programme\SpeedFan
2010-08-03 19:24 . 2009-02-02 10:38        --------        d-----w-        c:\programme\eRightSoft
2010-08-03 14:53 . 2008-09-09 11:23        229376        ----a-w-        c:\windows\system32\UCI32A27.dll
2010-08-03 14:53 . 2008-09-09 11:23        732160        ----a-w-        c:\windows\system32\drivers\CHDAud.sys
2010-07-31 21:03 . 2010-01-01 16:05        --------        d-----w-        c:\programme\WebsiteBooster 2.0
2010-07-31 19:41 . 2009-01-27 12:46        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DVD Shrink
2010-07-26 15:18 . 2009-02-01 17:52        --------        d-----w-        c:\programme\Notepad++
2010-07-24 08:11 . 2010-07-24 08:11        --------        d-----w-        c:\programme\Gemeinsame Dateien\Skype
2010-07-21 20:32 . 2009-04-20 11:45        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\Apple Computer
2010-07-21 12:47 . 2010-07-21 12:47        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\CherryPickerLive
2010-07-21 12:47 . 2010-07-21 12:46        --------        d-----w-        c:\programme\CherryPicker
2010-07-21 12:46 . 2009-02-04 20:54        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe AIR
2010-07-21 12:46 . 2010-07-21 12:47        53632        ----a-w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-17 17:54 . 2009-01-23 22:41        20        ---h--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PKP_DLbx.DAT
2010-07-08 07:45 . 2010-01-01 16:05        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\founder.de Website Booster
2010-07-07 11:19 . 2010-07-07 09:18        --------        d-----w-        c:\programme\Filedatabase
2010-06-30 12:28 . 2008-07-23 08:24        149504        ----a-w-        c:\windows\system32\schannel.dll
2010-06-28 20:00 . 2010-06-28 19:54        --------        d-----w-        c:\programme\PortableSigner
2010-06-24 12:15 . 2008-07-23 08:24        832512        ----a-w-        c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2008-07-23 08:24        78336        ------w-        c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2008-07-23 08:24        17408        ------w-        c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2008-07-23 08:24        1852032        ------w-        c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-07-23 08:24        354304        ------w-        c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-07-23 08:24        80384        ------w-        c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-07-23 08:32        744448        ------w-        c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-07-23 08:24        1172480        ----a-w-        c:\windows\system32\msxml3.dll
1984-04-16 19:48 . 2009-01-31 14:34        14976        ------w-        c:\programme\translit.exe
1984-04-15 20:53 . 2009-01-31 14:34        2549        ------w-        c:\programme\translit.doc
2009-07-16 13:25 . 2009-07-16 13:25        28488        ------w-        c:\programme\mozilla firefox\plugins\atgpcdec.dll
2009-07-16 13:25 . 2009-07-16 13:25        185232        ------w-        c:\programme\mozilla firefox\plugins\atgpcext.dll
2009-07-16 13:26 . 2009-07-16 13:26        46408        ------w-        c:\programme\mozilla firefox\plugins\atmccli.dll
2009-07-16 13:26 . 2009-07-16 13:26        99216        ------w-        c:\programme\mozilla firefox\plugins\ieatgpc.dll
2008-06-19 09:16 . 2008-06-19 09:16        118784        ------w-        c:\programme\mozilla firefox\plugins\MyCamera.dll
2008-11-14 08:21 . 2008-11-14 08:21        8        --sh--r-        c:\windows\neoqaz2.dll
2006-05-03 09:06 . 2010-03-13 11:13        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-08-03 19:17        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-03-13 11:13        216064        --sh--r-        c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\programme\Freecorder\tbFre0.dll" [2010-08-18 2734688]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-08-18 18:24        2734688        ----a-w-        c:\programme\Freecorder\tbFre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\programme\Freecorder\tbFre0.dll" [2010-08-18 2734688]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\programme\Freecorder\tbFre0.dll" [2010-08-18 2734688]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"SpeedswitchXP"="c:\programme\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 626688]
"NBJ"="c:\programme\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]
"Skype"="c:\programme\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba Hotkey Utility"="c:\programme\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-09 1773568]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1024000]
"Toshiba Controls Utility"="c:\programme\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-09 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-09 141848]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"vspdfprsrv.exe"="c:\programme\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-07-02 1179648]
"Cobian Backup 9"="c:\programme\Cobian Backup 9\Cobian.exe" [2009-01-22 579584]
"QuickTime Task"="c:\programme\QuickTime Alternative\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"VMware hqtray"="c:\programme\VMware\VMware Player\hqtray.exe" [2010-01-22 64048]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^web'n'walk Manager.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\web'n'walk Manager.lnk
backup=c:\windows\pss\web'n'walk Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43        67488        ------w-        c:\programme\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24        40368        ----a-w-        c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bamboo Dock]
2008-12-11 21:53        440408        ------w-        c:\programme\Bamboo Dock\BambooCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BatteryMon]
2007-06-19 03:25        1220608        ------w-        c:\programme\BatteryMon\BatteryMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 06:53        110592        ------w-        c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 09:33        417792        ------w-        c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-12-19 15:12        83336        ------w-        c:\programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
2007-05-17 23:05        37392        ------r-        c:\programme\Mindjet\MindManager 7\MmReminderService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2006-09-15 12:27        2048000        ------w-        c:\programme\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40        155648        ------w-        c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-11-03 10:45        2540800        ------w-        c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
2004-09-05 16:20        380928        ------w-        c:\programme\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SerExt]
2005-03-01 08:40        61440        ------w-        c:\windows\system32\SerExt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24        581632        ------w-        c:\programme\Toshiba\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueCrypt]
2009-01-16 14:54        1353408        ------w-        c:\programme\TrueCrypt\TrueCrypt.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Programme\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programme\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programme\\ActionVoip.com\\ActionVoip\\ActionVoip.exe"=
"c:\\Programme\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25.05.2010 14:37 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25.05.2010 14:37 173104]
R1 BHDrvx86;BHDrvx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [10.08.2010 03:11 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25.05.2010 14:37 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25.05.2010 14:37 116784]
R2 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;c:\programme\DEFRAG-DIRMS\BuzzSawService.exe [07.06.2007 21:02 327680]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [14.08.2010 19:14 20328]
R2 GtDetectSc;GtDetectSc;c:\programme\Option\GlobeTrotter Connect\GtDetectSc.exe [30.04.2008 18:52 200704]
R2 NIS;Norton Internet Security;c:\programme\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25.05.2010 14:37 126392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe [16.12.2009 23:34 583640]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [04.02.2009 14:31 3032360]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22.01.2010 22:57 70704]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18.09.2009 18:48 9216]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\programme\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.01.2010 22:00 563760]
R2 WTGService;WTGService;c:\programme\3DataManager\WTGService.exe [22.01.2010 18:50 312784]
R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [11.09.2009 14:07 53120]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [09.09.2008 13:23 732160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27.05.2010 22:54 102448]
R3 HRCMPA;ISDN Wan driver (Ver. 1.20.0032);c:\windows\system32\drivers\hrcmpa.sys [08.09.2004 15:22 263751]
R3 IDSxpx86;IDSxpx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100825.001\IDSXpx86.sys [26.08.2010 15:19 331640]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [21.03.2009 22:41 110080]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [23.07.2008 11:03 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29.05.2007 10:01 8192]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [28.07.2010 14:06 136176]
S3 DectEnum;DectEnum;c:\windows\system32\drivers\DectEnum.sys [01.03.2005 10:36 8448]
S3 FRAGSVX;FragExt Defragmenter;c:\programme\FragExt\FragSvx.exe [20.07.2008 13:25 49664]
S3 FXUSBASE;Teledat USB 2 a/b (WinXP/2000);c:\windows\system32\drivers\fxusbase.sys [11.09.2009 14:07 547840]
S3 Gigser;Dect Serial Driver;c:\windows\system32\drivers\Gigser.sys [01.03.2005 10:34 53120]
S3 Gigusb;Dect USB Driver;c:\windows\system32\drivers\Gigusb.sys [01.03.2005 10:46 53632]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [18.02.2008 18:14 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [08.02.2008 14:00 59648]
S3 IUAPIWDM;ISDN USB Interface (Ver. 1.20.0032);c:\windows\system32\drivers\IUAPIWDM.sys [08.09.2004 15:22 50759]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [06.04.2010 15:50 7680]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 NDISLOOP;Virtual TT-DVB USB Adapter Driver;c:\windows\system32\drivers\ndisloop.sys [17.01.2009 15:03 39280]
S3 NDISLPU2;Virtual DVB/USB2.0 Network Adapter Driver;c:\windows\system32\DRIVERS\ndislpu2.sys --> c:\windows\system32\DRIVERS\ndislpu2.sys [?]
S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;c:\windows\system32\drivers\Netfritz.sys [30.01.2009 14:07 334640]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [10.02.2009 13:39 98488]
S3 siellif;siellif;c:\windows\system32\drivers\siellif.sys [01.03.2005 10:33 113408]
S3 TTDVBUSB;TechnoTrend - TT-DVB USB Driver;c:\windows\system32\drivers\ttdvbusb.sys [17.01.2009 15:03 59616]
S3 TTNDSBDA;Virtual BDA DVB Network Adapter;c:\windows\system32\drivers\ttndsbda.sys [18.06.2008 14:48 24064]
S3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;c:\windows\system32\drivers\ttusb2bda.sys [11.03.2009 19:02 572800]
S3 TTUSB2TS;TTUSB2TS USB 2.0 Driver;c:\windows\system32\Drivers\ttusb2ts.sys --> c:\windows\system32\Drivers\ttusb2ts.sys [?]
S3 vmdmd;Softmodem/Fax Port Driver;c:\windows\system32\DRIVERS\vmdmd.sys --> c:\windows\system32\DRIVERS\vmdmd.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [04.02.2009 14:31 15144]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [19.08.2010 15:48 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [19.08.2010 15:48 105088]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.01.2009 23:43 691696]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-07-28 12:06]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-07-28 12:06]

2010-08-26 c:\windows\Tasks\Norton Internet Security - xxx - Vollständiger Systemscan.job
- c:\programme\Norton Internet Security\Engine\17.7.0.12\navw32.exe [2010-05-25 05:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: &Download by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/204
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Do&wnload selected by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/202
LSP: c:\programme\VMware\VMware Player\vsocklib.dll
TCP: {36A17D75-D62B-492D-9922-75F55848AF89} = 139.7.30.125,192.168.2.2
TCP: {A3BE1EFC-8DC8-46C3-BFE1-20F9D9F6712D} = 192.168.120.252,192.168.120.253
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a04-b04.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://cgi.ebay.de/ws/eBayISAPI.dll?ViewItem&item=170515336006&ssPageName=ADME:B:SS:DE:1123
FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\programme\3-addons\addon\components\bmboc_addon3.dll
FF - plugin: c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPCIG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-pdfSaver3 - (no file)
MSConfigStartUp-QuickTime Task - c:\programme\QuickTime\qttask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-26 16:24
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\programme\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\programme\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1829248579-4010149705-1503786076-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D37C27F5-8DA1-268A-9AF5-9C06CD3EE0A3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paobfnflfihpalpdhffhbgekpclfgcfa"=hex:61,62,6c,69,63,66,63,65,62,6e,65,6d,6e,
  68,70,6a,62,61,66,62,6f,66,66,62,6f,6d,61,64,67,66,6b,6c,62,69,00,00

[HKEY_USERS\S-1-5-21-1829248579-4010149705-1503786076-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC9F0E17-DF2C-2024-93FC-FE478F6FE0F2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"palpojogakigodkmnjjffbgoglbgiiif"=hex:61,62,69,6f,65,66,63,6e,68,62,63,68,62,
  63,61,68,69,6b,6a,63,63,6e,63,6f,6b,66,6a,62,6c,64,66,66,6d,6a,00,00
.
Zeit der Fertigstellung: 2010-08-26  16:31:07
ComboFix-quarantined-files.txt  2010-08-26 14:31

Vor Suchlauf: 26 Verzeichnis(se), 82.395.836.416 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 82.429.304.832 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7FBA1461AAF31F9676393B4F1B05EE29

Ich war eh kurz davor, den Rechner neu aufzusetzen,
um auf der sicheren Seite zu sein.

Nun ist zwar Ruhe. Keinerlei Alarme mehr von den o.g. Tools.

Meine Frage lautet:
Sollte ich noch etwas tun, um die Sicherheit zu erhöhen,
dass der Spuk vorbei ist?

Vielen Dank
mo9

PS: Ich hoffe, ich trete mit meinem Posting niemandem auf den Fuss,
da ich "Ohne Helfer" gesäubert habe. Es war nicht respektlos gemeint.
Entschuldigung, wenn's so rüberkommt.

cosinus 26.08.2010 20:49
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

mo9 27.08.2010 07:26
Ganz herzlichen Dank!

Kleines Update zum Systemzustand:
NIS hat Backdoor.Tidserv.Iinf im _restore{} gefunden.
Ich vermute, dass das OK ist, denn ComboFix
hat ja einen Sicherungspunkt angelegt.

Ansonsten gibt es kein auffälliges Verhalten des Rechners mehr.


Code:
OTL logfile created on: 27.08.2010 07:43:00 - Run 3
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,09 Gb Total Space | 76,63 Gb Free Space | 25,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931,51 Gb Total Space | 279,84 Gb Free Space | 30,04% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: P
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Programme\3DataManager\WTGService.exe ()
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Cobian Backup 9\cbInterface.exe (Luis Cobian)
PRC - C:\Programme\Cobian Backup 9\Cobian.exe (Luis Cobian)
PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Programme\Yahoo!\Companion\Installs\cpn\ytbb.exe (Yahoo! Inc.)
PRC - C:\Programme\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Controls\VolumeIndicator.exe (TOSHIBA Inc.)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin)
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Visagesoft\eXPert PDF 5\vspdfprsrv.exe ()
PRC - C:\Programme\DEFRAG-DIRMS\BuzzSawService.exe (SpyderComm, Inc.)
PRC - C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe (TOSHIBA Corporation)
PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - c:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Programme\OO Software\CleverCache\ooccag.exe (O&O Software GmbH)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Programme\SpeedswitchXP\SpeedswitchXP.exe (Christian Diefer)
PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avg8wd) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe File not found
SRV - (NIS) -- C:\Programme\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (DirMS_Defragmentation) -- C:\Programme\DEFRAG-DIRMS\DirmsService.exe ()
SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (PCToolsSSDMonitorSvc) -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (WTGService) -- C:\Programme\3DataManager\WTGService.exe ()
SRV - (ufad-ws60) -- C:\Programme\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (FRAGSVX) -- C:\Programme\FragExt\FragSvx.exe ()
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (GtDetectSc) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (Buzzsaw_Defragmentation) -- C:\Programme\DEFRAG-DIRMS\BuzzSawService.exe (SpyderComm, Inc.)
SRV - (o2flash) -- c:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (OOCleverCacheAgent) -- C:\Programme\OO Software\CleverCache\ooccag.exe (O&O Software GmbH)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (IDriverT) -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vmdmd) -- C:\WINDOWS\System32\DRIVERS\vmdmd.sys File not found
DRV - (TTUSB2TS) -- C:\WINDOWS\System32\Drivers\ttusb2ts.sys File not found
DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found
DRV - (NDISLPU2) -- C:\WINDOWS\System32\DRIVERS\ndislpu2.sys File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\5.tmp File not found
DRV - (catchme) -- C:\DOKUME~1\xxx\LOKALE~1\Temp\catchme.sys File not found
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys File not found
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys File not found
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys File not found
DRV - (BHDrvx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys (Symantec Corporation)
DRV - (CnxtHdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100826.023\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100826.023\NAVENG.SYS (Symantec Corporation)
DRV - (cpuz134) -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100826.001\IDSXpx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (vmm) -- C:\WINDOWS\system32\drivers\VMM.sys (Microsoft Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (TTUSB2BDA) -- C:\WINDOWS\system32\drivers\ttusb2bda.sys (TechnoTrend GmbH)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys (SiSoftware)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (TTNDSBDA) -- C:\WINDOWS\system32\drivers\ttndsbda.sys (TechnoTrend)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (GT72NDISIPXP) -- C:\WINDOWS\system32\drivers\Gt51Ip.sys (Option N.V.)
DRV - (GT72UBUS) -- C:\WINDOWS\system32\drivers\gt72ubus.sys (Option N.V.)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (UVCFTR) -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NETFRITZ) -- C:\WINDOWS\system32\drivers\Netfritz.sys (AVM Berlin)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.SYS (Adaptec)
DRV - (QIOMem) -- C:\WINDOWS\system32\drivers\QIOMem.sys (TOSHIBA)
DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.)
DRV - (tdudf) -- C:\WINDOWS\system32\drivers\tdudf.sys (TOSHIBA Corporation)
DRV - (trudf) -- C:\WINDOWS\system32\drivers\trudf.sys (TOSHIBA Corporation)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (VPCNetS2) -- C:\WINDOWS\system32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (tdcmdpst) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (qkbfiltr) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.)
DRV - (BoiHwsetup) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys (Quanta Computer Corp)
DRV - (qmofiltr) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.)
DRV - (Gigusb) -- C:\WINDOWS\system32\drivers\Gigusb.sys (Siemens AG)
DRV - (DectEnum) -- C:\WINDOWS\system32\drivers\DectEnum.sys (Siemens AG)
DRV - (Gigser) -- C:\WINDOWS\system32\drivers\Gigser.sys (Siemens AG)
DRV - (siellif) -- C:\WINDOWS\system32\drivers\siellif.sys (Siemens AG)
DRV - (NDISLOOP) -- C:\WINDOWS\system32\drivers\ndisloop.sys (TechnoTrend AG)
DRV - (IUAPIWDM) ISDN USB Interface (Ver. 1.20.0032) -- C:\WINDOWS\system32\drivers\IUAPIWDM.sys (SIEMENS AG)
DRV - (HRCMPA) ISDN Wan driver (Ver. 1.20.0032) -- C:\WINDOWS\system32\drivers\hrcmpa.sys (SIEMENS AG)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (FXUSBASE) Teledat USB 2 a/b (WinXP/2000) -- C:\WINDOWS\system32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (TTDVBUSB) -- C:\WINDOWS\system32\drivers\ttdvbusb.sys (TechnoTrend AG)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\tbFre0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://cgi.ebay.de/ws/eBayISAPI.dll?ViewItem&item=170515336006&ssPageName=ADME:B:SS:DE:1123"
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.4.95
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.9
FF - prefs.js..extensions.enabledItems: {27A2FD41-CB23-4518-AB5C-C25BAFFDE531}:1.4.1
FF - prefs.js..extensions.enabledItems: {5B280457-4290-40c2-9441-EA647775F824}:0.17
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4001
FF - prefs.js..network.proxy.socks_version: 4
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\3-addons\addon [2010.01.22 18:50:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2010.05.28 11:37:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2010.02.10 15:23:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.07 07:27:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.21 00:33:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.16\Extensions\\Components: C:\Programme\mozilla.org\SeaMonkey\Components [2009.12.10 12:32:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.16\Extensions\\Plugins: C:\Programme\mozilla.org\SeaMonkey\Plugins [2010.08.21 00:33:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: C:\Programme\SeaMonkey\components [2010.04.13 20:07:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: C:\Programme\SeaMonkey\plugins [2010.08.21 00:33:10 | 000,000,000 | ---D | M]
 
[2009.11.16 21:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2009.11.16 21:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010.08.26 20:14:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions
[2010.04.17 00:44:17 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010.04.30 18:10:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.22 16:28:46 | 000,000,000 | ---D | M] (SwitchProxy Tool) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2010.07.27 08:37:58 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010.07.11 16:14:32 | 000,000,000 | ---D | M] (Xinha Here!) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{5B280457-4290-40c2-9441-EA647775F824}
[2010.04.10 12:08:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.25 19:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2010.07.23 18:36:14 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.03.05 15:44:46 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.01.22 17:09:51 | 000,000,000 | ---D | M] (jDownFF) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.04.08 16:28:41 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2010.07.23 18:36:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.09.21 17:20:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.04.10 12:08:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.04.10 12:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\extensions\DTToolbar@toolbarnet.com
[2009.11.16 21:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\SeaMonkey\Profiles\de5sf30p.default\extensions
[2010.01.11 12:58:30 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\4y35hec7.default\searchplugins\daemon-search.xml
[2010.08.26 17:12:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.24 10:12:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.07.16 15:25:29 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Programme\Mozilla Firefox\plugins\atgpcdec.dll
[2009.07.16 15:25:30 | 000,185,232 | ---- | M] (WebEx Communications, Inc) -- C:\Programme\Mozilla Firefox\plugins\atgpcext.dll
[2009.07.16 15:26:25 | 000,046,408 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\atmccli.dll
[2009.07.16 15:26:38 | 000,099,216 | ---- | M] (WebEx Communications, Inc) -- C:\Programme\Mozilla Firefox\plugins\ieatgpc.dll
[2008.06.19 11:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Programme\Mozilla Firefox\plugins\MyCamera.dll
[2009.07.16 15:25:26 | 000,061,840 | ---- | M] (WebEx Communications, Inc) -- C:\Programme\Mozilla Firefox\plugins\npatgpc.dll
[2008.06.19 11:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Programme\Mozilla Firefox\plugins\NPCIG.dll
[2010.01.24 14:36:24 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.24 14:36:24 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.26 20:36:07 | 000,003,700 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.png
[2009.08.26 20:36:08 | 000,001,963 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.xml
[2010.01.24 14:36:24 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.01.20 12:34:52 | 000,031,679 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\orbitsearch.xml
[2010.05.08 21:44:51 | 000,008,704 | -HS- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\Thumbs.db
[2010.01.24 14:36:24 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.24 14:36:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.26 16:24:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Programme\Freecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Cobian Backup 9] C:\Programme\Cobian Backup 9\Cobian.exe (Luis Cobian)
O4 - HKLM..\Run: [DDWMon] C:\Programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Controls Utility] C:\Programme\Toshiba\Controls\VolumeIndicator.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Programme\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Programme\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF 5\vspdfprsrv.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NBJ] C:\Programme\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SpeedswitchXP] C:\Programme\SpeedswitchXP\SpeedswitchXP.exe (Christian Diefer)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2010.08.20 18:35:10 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010.08.20 18:35:10 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010.08.20 18:35:10 | 000,000,000 | ---D | M]
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232105316367 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} hxxp://a04-b04.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB (QuickUpload)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.23 10:33:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.26 18:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
[2010.08.26 18:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Yahoo!
[2010.08.26 18:32:27 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo!
[2010.08.26 18:31:30 | 003,427,712 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\xxx\Desktop\ccsetup235.exe
[2010.08.26 18:08:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.08.26 18:02:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.08.26 15:55:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.08.26 15:50:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.08.26 15:50:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.08.26 15:50:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.08.26 15:50:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.08.26 15:50:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.08.26 15:48:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.26 03:53:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Real
[2010.08.26 00:52:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.08.26 00:48:25 | 000,000,000 | ---D | C] -- C:\Programme\Sophos
[2010.08.26 00:29:56 | 006,153,376 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup-1.46.exe
[2010.08.25 23:53:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\kmptrchug
[2010.08.23 21:09:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\.zs4
[2010.08.23 21:09:07 | 000,000,000 | ---D | C] -- C:\Programme\t@b
[2010.08.23 21:06:10 | 002,688,584 | ---- | C] (t@b                                                        ) -- C:\Dokumente und Einstellungen\xxx\Desktop\t@b_zweistein_win32.exe
[2010.08.23 14:37:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Pinnacle Studio
[2010.08.23 14:36:45 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.08.23 14:34:35 | 001,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTCLR13n.dll
[2010.08.23 14:34:35 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn13n.dll
[2010.08.23 14:34:35 | 000,393,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCMP13n.DLL
[2010.08.23 14:34:35 | 000,294,912 | ---- | C] (Pegasus Imaging Corporation) -- C:\WINDOWS\System32\pvmjpg21.dll
[2010.08.23 14:34:35 | 000,278,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFJ2K13n.dll
[2010.08.23 14:34:35 | 000,204,881 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\DiskIO.dll
[2010.08.23 14:34:35 | 000,155,721 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\RALMain.dll
[2010.08.23 14:34:35 | 000,153,088 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil13n.DLL
[2010.08.23 14:34:35 | 000,143,360 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lftif13n.dll
[2010.08.23 14:34:35 | 000,114,759 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\Aviprax.dll
[2010.08.23 14:34:35 | 000,081,920 | ---- | C] (Pinnacle Systems) -- C:\WINDOWS\System32\vdrmux.dll
[2010.08.23 14:34:35 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfwmf13n.dll
[2010.08.23 14:34:35 | 000,073,728 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\MMAviAx.dll
[2010.08.23 14:34:35 | 000,073,728 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lffax13n.dll
[2010.08.23 14:34:35 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfpct13n.dll
[2010.08.23 14:34:35 | 000,046,592 | ---- | C] (Pinnacle Systems) -- C:\WINDOWS\System32\vdrcodec.dll
[2010.08.23 14:34:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2010.08.23 14:34:35 | 000,040,960 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\langserv.dll
[2010.08.23 14:34:35 | 000,032,768 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\MLPagAx.dll
[2010.08.23 14:34:35 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfbmp13n.dll
[2010.08.23 14:34:35 | 000,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lftga13n.dll
[2010.08.23 14:34:35 | 000,018,432 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\Cachex.dll
[2010.08.23 14:34:07 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL70.DLL
[2010.08.23 14:32:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2010.08.23 14:32:27 | 000,000,000 | ---D | C] -- C:\Programme\SmartSound Software
[2010.08.23 14:30:11 | 000,014,165 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\drivers\Pclepci.sys
[2010.08.23 14:29:15 | 000,011,264 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\drivers\asapiW2k.sys
[2010.08.23 14:29:10 | 000,019,456 | ---- | C] (VoB Computersysteme GmbH) -- C:\WINDOWS\System32\asapi.dll
[2010.08.23 14:29:07 | 000,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010.08.23 14:25:11 | 000,061,440 | ---- | C] (Pinnacle Systems) -- C:\WINDOWS\System32\pclepim1.dll
[2010.08.23 14:25:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ITA.DLL
[2010.08.23 14:25:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71FRA.DLL
[2010.08.23 14:25:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71KOR.DLL
[2010.08.23 14:25:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71JPN.DLL
[2010.08.23 14:25:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ESP.DLL
[2010.08.23 14:25:10 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL
[2010.08.23 14:25:10 | 000,049,152 | ---- | C] (Pinnacle Systems) -- C:\WINDOWS\System32\PCLEGetGuid.dll
[2010.08.23 14:25:10 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHT.DLL
[2010.08.23 14:25:10 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHS.DLL
[2010.08.23 14:06:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2010.08.23 14:06:20 | 000,000,000 | ---D | C] -- C:\Programme\Pinnacle
[2010.08.23 13:41:28 | 048,783,043 | ---- | C] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\xxx\Desktop\StudioPatch10_5_2.exe
[2010.08.20 17:22:41 | 000,000,000 | ---D | C] -- C:\temp
[2010.08.19 15:48:44 | 000,114,688 | R--- | C] (ZTE Corporation) -- C:\WINDOWS\System32\drivers\ZTEusbnet.sys
[2010.08.19 15:48:29 | 000,105,088 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2010.08.19 15:48:25 | 000,105,088 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zteusbvoice.sys
[2010.08.19 15:48:21 | 000,105,088 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2010.08.19 15:48:17 | 000,105,088 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2010.08.19 15:47:13 | 000,000,000 | ---D | C] -- C:\Programme\Vodafone
[2010.08.19 15:46:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\{460B8D94-E5AF-4A67-B475-D079D5805431}
[2010.08.14 19:51:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Futuremark Shared
[2010.08.14 19:14:43 | 000,020,328 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\cpuz134_x32.sys
[2010.08.13 18:30:16 | 000,000,000 | ---D | C] -- C:\Programme\Poedit
[2010.08.13 11:38:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\max-erfolg
[2010.08.11 23:42:54 | 001,061,888 | ---- | C] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.3.1.exe
[2010.08.11 23:42:54 | 000,475,648 | ---- | C] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.3.1.scr
[2010.08.11 23:42:54 | 000,000,000 | ---D | C] -- C:\Programme\MyDefrag v4.3.1
[2010.08.11 18:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\StreamTransport
[2010.08.11 18:29:48 | 003,982,240 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Flash10d.ocx
[2010.08.11 18:29:48 | 000,000,000 | ---D | C] -- C:\Programme\StreamTransport
[2010.08.11 18:01:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ProgSense
[2010.08.11 01:04:50 | 000,000,000 | ---D | C] -- C:\Programme\MATCO22
[2010.08.10 23:52:13 | 000,000,000 | ---D | C] -- C:\Programme\DEFRAG-DIRMS
[2010.08.03 21:18:00 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010.08.03 21:18:00 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010.08.03 21:18:00 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010.08.03 21:17:59 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010.08.03 21:17:55 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010.08.03 18:51:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\vlc
[2010.07.28 14:11:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.07.28 14:06:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Temp
[2010.07.28 14:06:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.07.28 14:06:17 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010.07.28 14:06:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Google
[2010.02.01 22:14:07 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2009.08.14 10:29:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\pcouffin.sys
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\xxx\*.tmp files -> C:\Dokumente und Einstellungen\xxx\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.27 07:11:55 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.26 20:25:15 | 000,000,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010.08.26 20:25:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.26 20:23:01 | 000,001,078 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.26 20:22:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.26 20:22:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.26 20:22:38 | 3050,160,128 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.26 20:22:36 | 000,582,312 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.08.26 20:20:51 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010.08.26 20:20:49 | 018,087,936 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.dat
[2010.08.26 20:20:49 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.ini
[2010.08.26 18:32:24 | 000,000,655 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\CCleaner.lnk
[2010.08.26 18:31:40 | 003,427,712 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\xxx\Desktop\ccsetup235.exe
[2010.08.26 18:02:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.08.26 17:54:13 | 000,036,660 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\tasklist.zip
[2010.08.26 17:54:06 | 000,002,097 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\hjtscanlist.zip
[2010.08.26 16:24:53 | 000,000,344 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.26 16:24:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.26 15:55:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.08.26 10:21:44 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable
[2010.08.26 08:36:24 | 000,493,256 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.26 08:36:24 | 000,448,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.26 08:36:24 | 000,098,328 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.26 08:36:24 | 000,074,736 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.26 08:36:22 | 001,126,286 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.26 04:01:53 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - xxx - Vollständiger Systemscan.job
[2010.08.26 01:06:14 | 001,944,537 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\bios-20091028115305.zip
[2010.08.26 00:30:26 | 006,153,376 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup-1.46.exe
[2010.08.26 00:26:03 | 000,363,520 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\iExplore.exe
[2010.08.25 23:43:00 | 000,115,897 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\katie freiling blogfaststartguide.pdf
[2010.08.25 23:37:43 | 000,616,586 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\katie freiling smwmdownload.pdf
[2010.08.25 23:30:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.08.25 23:29:28 | 001,994,904 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\c3ebadbcf75d9cad.flv
[2010.08.25 19:22:28 | 000,028,639 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\MC Mailing.docx
[2010.08.25 17:33:25 | 000,167,936 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.25 17:00:58 | 024,806,666 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\salesvideo.pdf
[2010.08.25 15:33:30 | 000,084,275 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\FourDayCashMachine.zip
[2010.08.25 11:08:29 | 000,001,663 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\body html email demo für autoresponder.html
[2010.08.25 09:57:37 | 000,890,196 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\ColorMaticTheme-wicked-wordpress.zip
[2010.08.24 19:22:54 | 000,002,525 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\ar-mail-vorlage ok.html
[2010.08.24 18:43:57 | 000,001,193 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Kopie von ar-mail-vorlage.html
[2010.08.24 18:43:57 | 000,001,193 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\ar-mail-vorlage.html
[2010.08.24 16:05:43 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010.08.23 21:09:17 | 000,000,773 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\t@b ZweiStein v0.958 686.lnk
[2010.08.23 21:06:46 | 002,688,584 | ---- | M] (t@b                                                        ) -- C:\Dokumente und Einstellungen\xxx\Desktop\t@b_zweistein_win32.exe
[2010.08.23 15:06:55 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI
[2010.08.23 14:42:22 | 003,104,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.23 14:35:38 | 000,001,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Studio Version 9.lnk
[2010.08.23 13:51:14 | 048,783,043 | ---- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\xxx\Desktop\StudioPatch10_5_2.exe
[2010.08.23 09:55:42 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Neu Textdokument.html
[2010.08.21 15:28:19 | 000,000,930 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.08.21 00:33:10 | 000,001,710 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk
[2010.08.19 17:29:14 | 003,735,040 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\My Wallet.wlt
[2010.08.19 09:36:38 | 000,004,822 | ---- | M] () -- C:\WINDOWS\seRapid.INI
[2010.08.18 21:10:27 | 010,292,613 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\newvideo.mp4
[2010.08.18 20:57:47 | 006,718,067 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\testi contest.mp4
[2010.08.14 22:11:13 | 000,000,064 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.ldb
[2010.08.14 19:04:11 | 018,087,936 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.dat.bak
[2010.08.13 11:37:34 | 000,001,628 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FileZilla Client.lnk
[2010.08.11 23:06:24 | 000,198,184 | ---- | M] (Sysinternals) -- C:\WINDOWS\Contig.exe
[2010.08.09 09:34:20 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010.08.09 09:34:19 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\initdebug.nfo
[2010.08.03 16:53:53 | 000,229,376 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\UCI32A27.dll
[2010.08.03 16:53:52 | 000,732,160 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\CHDAud.sys
[2010.08.02 20:22:40 | 000,007,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\mc2.dlc
[2010.08.02 13:51:54 | 000,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\xxx\*.tmp files -> C:\Dokumente und Einstellungen\xxx\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.26 18:32:24 | 000,000,655 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\CCleaner.lnk
[2010.08.26 17:55:28 | 000,033,150 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\hjtscanlist.txt
[2010.08.26 17:54:13 | 000,036,660 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\tasklist.zip
[2010.08.26 17:54:05 | 000,002,097 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\hjtscanlist.zip
[2010.08.26 15:55:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.08.26 15:55:40 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.08.26 15:50:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.08.26 15:50:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.08.26 15:50:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.08.26 15:50:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.08.26 15:50:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.08.26 10:21:31 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable
[2010.08.26 01:17:34 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\Norton Internet Security - xxx - Vollständiger Systemscan.job
[2010.08.26 01:06:07 | 001,944,537 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\bios-20091028115305.zip
[2010.08.26 00:26:03 | 000,363,520 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\iExplore.exe
[2010.08.25 23:56:34 | 000,119,246 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Mappe2.xlsx
[2010.08.25 16:57:47 | 024,806,666 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\salesvideo.pdf
[2010.08.25 15:33:29 | 000,084,275 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\FourDayCashMachine.zip
[2010.08.25 11:08:29 | 000,001,663 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\body html email demo für autoresponder.html
[2010.08.25 09:57:32 | 000,890,196 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\ColorMaticTheme-wicked-wordpress.zip
[2010.08.24 18:52:00 | 000,002,525 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\ar-mail-vorlage ok.html
[2010.08.24 18:44:47 | 000,001,193 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Kopie von ar-mail-vorlage.html
[2010.08.24 18:24:50 | 000,001,193 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\ar-mail-vorlage.html
[2010.08.23 21:09:17 | 000,000,773 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\t@b ZweiStein v0.958 686.lnk
[2010.08.23 16:40:29 | 000,081,042 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Herunterladen.pdf
[2010.08.23 16:35:06 | 000,028,801 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Herunterladen.csv
[2010.08.23 14:35:38 | 000,001,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Studio Version 9.lnk
[2010.08.23 14:29:15 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.KOR
[2010.08.23 14:29:15 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.JPN
[2010.08.23 14:29:15 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.JP
[2010.08.23 14:29:15 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.ITA
[2010.08.23 14:29:15 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.IT
[2010.08.23 14:29:15 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.FR
[2010.08.23 14:29:15 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.NLD
[2010.08.23 14:29:15 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.NL
[2010.08.23 14:29:15 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.KO
[2010.08.23 14:29:14 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.FRA
[2010.08.23 14:29:12 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2010.08.23 14:29:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.ESP
[2010.08.23 14:29:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.ES
[2010.08.23 14:29:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.DE
[2010.08.23 14:29:11 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.DEU
[2010.08.23 14:29:11 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.CHT
[2010.08.23 14:29:11 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.CHS
[2010.08.23 14:25:12 | 000,038,232 | ---- | C] () -- C:\WINDOWS\wmprfsky.prx
[2010.08.23 14:25:12 | 000,037,916 | ---- | C] () -- C:\WINDOWS\wmprffra.prx
[2010.08.23 14:25:12 | 000,037,014 | ---- | C] () -- C:\WINDOWS\wmprfhun.prx
[2010.08.23 14:25:12 | 000,036,594 | ---- | C] () -- C:\WINDOWS\wmprfell.prx
[2010.08.23 14:25:12 | 000,035,916 | ---- | C] () -- C:\WINDOWS\wmprfptg.prx
[2010.08.23 14:25:12 | 000,035,822 | ---- | C] () -- C:\WINDOWS\wmprfplk.prx
[2010.08.23 14:25:12 | 000,035,680 | ---- | C] () -- C:\WINDOWS\wmprfita.prx
[2010.08.23 14:25:12 | 000,035,590 | ---- | C] () -- C:\WINDOWS\wmprfesp.prx
[2010.08.23 14:25:12 | 000,033,694 | ---- | C] () -- C:\WINDOWS\wmprfptb.prx
[2010.08.23 14:25:12 | 000,033,580 | ---- | C] () -- C:\WINDOWS\wmprfslv.prx
[2010.08.23 14:25:12 | 000,033,314 | ---- | C] () -- C:\WINDOWS\wmprfsve.prx
[2010.08.23 14:25:12 | 000,032,964 | ---- | C] () -- C:\WINDOWS\wmprfnld.prx
[2010.08.23 14:25:12 | 000,032,852 | ---- | C] () -- C:\WINDOWS\wmprfnor.prx
[2010.08.23 14:25:12 | 000,032,022 | ---- | C] () -- C:\WINDOWS\wmprftrk.prx
[2010.08.23 14:25:12 | 000,031,764 | ---- | C] () -- C:\WINDOWS\wmprffin.prx
[2010.08.23 14:25:12 | 000,028,718 | ---- | C] () -- C:\WINDOWS\wmprfheb.prx
[2010.08.23 14:25:12 | 000,023,304 | ---- | C] () -- C:\WINDOWS\WMPrfJpn.prx
[2010.08.23 14:25:12 | 000,022,338 | ---- | C] () -- C:\WINDOWS\WMPrfKor.prx
[2010.08.23 14:25:12 | 000,000,804 | ---- | C] () -- C:\WINDOWS\wmprfrus.prx
[2010.08.23 14:25:11 | 000,035,474 | ---- | C] () -- C:\WINDOWS\wmprfcsy.prx
[2010.08.23 14:25:11 | 000,033,336 | ---- | C] () -- C:\WINDOWS\WMPrfAra.prx
[2010.08.23 14:25:11 | 000,031,712 | ---- | C] () -- C:\WINDOWS\wmprfdan.prx
[2010.08.23 14:25:11 | 000,000,136 | ---- | C] () -- C:\WINDOWS\WMPrfCHS.prx
[2010.08.23 14:25:11 | 000,000,132 | ---- | C] () -- C:\WINDOWS\WMPrfCHT.prx
[2010.08.23 14:08:05 | 000,000,349 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI
[2010.08.21 00:33:10 | 000,001,710 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk
[2010.08.20 21:26:00 | 000,000,618 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Neu Textdokument.html
[2010.08.18 21:05:46 | 010,292,613 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\newvideo.mp4
[2010.08.18 20:56:24 | 006,718,067 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\testi contest.mp4
[2010.08.14 22:11:11 | 000,000,064 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.ldb
[2010.08.11 14:09:06 | 3050,160,128 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.11 11:39:20 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.08.09 09:34:19 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\initdebug.nfo
[2010.08.03 21:18:00 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010.08.03 21:18:00 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010.08.03 21:18:00 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010.08.03 21:17:58 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010.08.03 21:17:55 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010.08.03 21:17:54 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010.07.28 14:06:37 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.28 14:06:36 | 000,001,078 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.23 17:17:12 | 013,452,184 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.06.20 18:30:18 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Settings.ini
[2010.05.22 16:50:20 | 000,000,066 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\C3183940-D6EC-42C5-B742-88F8E4EE41DE.DAT
[2010.01.09 14:49:49 | 000,003,718 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Custom.Log
[2009.12.27 10:48:38 | 000,000,057 | ---- | C] () -- C:\WINDOWS\Emu48.ini
[2009.12.23 13:24:25 | 000,012,998 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Microsoft Excel 97-2003.CAL
[2009.12.23 13:23:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.16 14:00:28 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\vsmon1.dll
[2009.10.15 19:17:10 | 000,130,520 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
[2009.09.09 15:42:28 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.09.09 15:42:27 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.09.09 15:42:26 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.09.09 15:42:26 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.09.09 15:42:25 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.09.09 15:42:25 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.09.01 23:06:24 | 000,013,992 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2009.09.01 23:06:24 | 000,002,182 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2009.08.14 10:29:39 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\pcouffin.log
[2009.08.14 10:29:19 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\pcouffin.cat
[2009.08.14 10:29:19 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\pcouffin.inf
[2009.08.02 23:46:22 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.04.27 19:11:27 | 000,000,101 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2009.04.27 17:35:08 | 000,000,249 | ---- | C] () -- C:\WINDOWS\BUHL.INI
[2009.04.21 12:10:22 | 000,000,086 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.03.25 21:02:22 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.03.25 20:52:50 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009.03.21 22:41:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2009.03.11 22:12:15 | 000,001,091 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2009.03.11 20:47:30 | 000,004,911 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mxnhytee.feu
[2009.03.11 19:02:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.03.07 20:21:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009.03.01 08:58:28 | 000,001,248 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini
[2009.02.27 21:02:34 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2009.02.24 21:00:30 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2009.02.19 09:43:41 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.02.10 13:39:13 | 008,515,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2009.02.03 01:15:58 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.02.02 12:38:54 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.01.31 16:34:08 | 000,014,976 | ---- | C] () -- C:\Programme\translit.exe
[2009.01.31 16:34:08 | 000,002,549 | ---- | C] () -- C:\Programme\translit.doc
[2009.01.31 16:09:06 | 000,004,822 | ---- | C] () -- C:\WINDOWS\seRapid.INI
[2009.01.24 15:02:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Change.dll
[2009.01.24 00:45:32 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\MIDI Devices
[2009.01.24 00:45:32 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mail
[2009.01.24 00:45:32 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLck.DAT
[2009.01.24 00:45:32 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SupportPrinters
[2009.01.24 00:45:29 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\MIDI Drivers
[2009.01.24 00:45:29 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mallets
[2009.01.24 00:45:29 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sync Services
[2009.01.24 00:41:53 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLbx.DAT
[2009.01.23 22:45:27 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.01.22 13:09:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.01.19 15:50:52 | 000,348,160 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\filesync.metadata
[2009.01.17 10:33:51 | 000,167,936 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.16 20:28:50 | 000,001,008 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\FASTWiz.html
[2009.01.16 17:31:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2009.01.16 16:25:13 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009.01.16 15:27:32 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\$_hpcst$.hpc
[2009.01.16 14:35:00 | 000,071,967 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\FASTWiz.log
[2009.01.16 13:44:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009.01.16 11:07:48 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.11.14 10:21:23 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\neoqaz2.dll
[2008.07.23 12:10:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.07.23 12:09:03 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2008.07.23 11:15:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.07.23 11:15:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.07.23 11:15:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.07.23 11:15:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.07.23 11:15:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.07.23 11:15:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.07.23 11:05:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2008.07.23 11:03:49 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008.07.23 11:03:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008.07.23 11:03:49 | 000,009,480 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008.07.23 11:03:49 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008.07.23 10:49:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2008.07.23 10:47:59 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008.07.23 10:47:40 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.12.18 13:47:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2007.12.14 16:01:30 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2004.09.16 22:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004.03.18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== Files - Unicode (All) ==========
[2009.12.18 13:26:18 | 000,015,600 | ---- | M] (Sysinternals - www.sysinternals.com)(C:\WINDOWS\System32\drivers\???????) -- C:\WINDOWS\System32\drivers\剐䍏塅ㅐ〰匮卙
[2009.12.18 13:26:17 | 000,015,600 | ---- | C] (Sysinternals - www.sysinternals.com)(C:\WINDOWS\System32\drivers\???????) -- C:\WINDOWS\System32\drivers\剐䍏塅ㅐ〰匮卙
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0E08FC17
< End of report >

mo9 27.08.2010 07:31
Code:
OTL Extras logfile created on: 27.08.2010 07:43:00 - Run 3
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,09 Gb Total Space | 76,63 Gb Free Space | 25,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931,51 Gb Total Space | 279,84 Gb Free Space | 30,04% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: P
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with ACDSee] -- C:\Programme\ACDSee32\ACDSee32.exe "%1" (ACD Systems, Ltd.)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [open_x2] -- "C:\Programme\xplorer2_lite\xplorer2_lite.exe" /S:x2solo /1 /N /M /T "%1" (ZabKat)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1 -- [2010.08.20 18:35:10 | 000,000,000 | ---D | M]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programme\VMware\VMware Player\vmware-authd.exe" = C:\Programme\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\SmartFTP Client\SmartFTP.exe" = C:\Programme\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Java\jre1.6.0_06\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_06\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\ActionVoip.com\ActionVoip\ActionVoip.exe" = C:\Programme\ActionVoip.com\ActionVoip\ActionVoip.exe:*:Enabled:ActionVoip -- (ActionVoip)
"C:\Programme\VMware\VMware Player\vmware-authd.exe" = C:\Programme\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{008A35E1-E58F-4228-9CDA-7A8B0E7F77EA}" = WinTV NOVA USB
"{01CEF48F-41F2-4A43-82F2-25D23D68C1D4}" = Cuttermaran 1.69a
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08581E23-EC5B-4AEC-8DB9-F186D751129F}" = Bamboo Scribe Shared Files
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C0A2D69-7F51-4B77-B64E-AB405AC446BE}" = Toshiba Controls Utility
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{12AF9C46-DB2C-4CB5-B9EE-6A4264A6C204}" = OutlookTempCleaner
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{156E98D0-1AEC-4013-A41A-94A1A01BFD68}" = O2Micro Flash Memory Card Reader Driver (x86)
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
"{19862E4F-6080-47C8-A3AC-AF9F0D39F1AB}" = ArtRage 2
"{1BCA1F47-9498-46E3-895E-1C235D7AE967}_is1" = WebsiteBooster 2.0
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D45405D-B1CF-4AEC-AC09-2D8175CB98DE}" = Desktop Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2388C625-9532-467F-ADEA-B92E027B85E3}" = Ranking Toolbox 4
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2B1D468C-FE3F-445D-A508-654249C6A355}" = S3Safe
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
"{2F1C6C2A-26BA-4FD7-912B-B55AE34F51D6}" = Serif AlbumPlus 4
"{30EA452A-801D-4A27-8236-F5F59F61B9C6}" = MySpeed v3.6.5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3648DB03-30F4-4383-95AC-AE793825184C}" = TT-Media Center
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3CDFEE23-66D2-4DB0-8269-12634E871725}" = Mindjet MindManager Pro 7
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C6F02E1-D873-45F3-B852-D83F84BEA8D4}" = TMPGEnc Plus 2.5
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{53239B61-ACEE-47A9-8FB9-CE24DCDA1605}" = authorPOINT Lite
"{53480390-0EC4-429E-BBEE-78E19EEB03BD}" = O&O CleverCache
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55422578-FD40-4D36-A798-31515812F579}" = Image Trends' Fisheye-Hemi Plug-In 1.1.4
"{5691A25E-C05B-4E0F-87DA-E80869F756C2}" = Toshiba Hotkey Utility
"{576420A5-E1F0-4C09-A07C-F689082E666F}" = Toshiba Touchpad Utility
"{578082DB-B171-48D3-B22E-5B1662181051}" = simpleology Wimiki
"{59152D0E-DDFE-4769-A746-776457091048}" = Outlook 2007 HTML and CSS Validator
"{59997DD7-9434-4D44-8DFA-26EB87DD96A1}" = WISE-FTP 6
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{688200EE-B071-4E14-809F-622C92FA8CE9}" = SX3x3 Firmware
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69CA3A84-6CE4-41C3-9E5F-69135D18D751}" = Gigaset SX3x3isdn
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6E04BF6D-1C71-47DE-9619-B0F69E2F9144}" = LightScribe Diagnostic Utility
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74AA8AEA-921D-44FC-A54F-EE3C0BA8B7BC}" = FragExt
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{76169163-891E-4BC5-88AF-7FA4B8CAC235}" = FLV Producer Lite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79CB8453-CD12-4FD8-AD93-6CC8C7E8C095}" = GlobeTrotter Connect
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{884BB5CC-108E-41a9-936D-955C999C06A1}_x" = GlobeTrotter Connect
"{889A4C47-1C95-D2A2-35B0-0CF5BA84A688}" = Bamboo Dock
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_WebDesigner_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_WebDesigner_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0407-0000-0000000FF1CE}" = Microsoft Expression Web MUI (German)
"{90120000-0026-0407-0000-0000000FF1CE}_WebDesigner_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_WebDesigner_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{947C41AC-5926-41D6-9139-D41ABE9173AE}" = Bamboo Link
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A106D3BA-CF1F-4E13-8161-4ACA153E2F96}" = Graphviz
"{A1A24343-F801-4A65-A5F4-194548A15AA5}" = DirMS-S
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 5
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE6ECFF9-FD33-48A3-B4AC-89263CC393A8}" = ImageMixer 3 SE Ver.4 Video Tools
"{AEBC4CA2-B05F-47E3-8680-B2CDB6E12006}" = WISO Sparbuch 2006
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B550D1C2-13FE-4F1E-AEAB-9AF26CF3506D}" = Buzzsaw-S
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7C32F22-FAB2-4781-B36E-DE00F4F6A875}" = Ranking Toolbox 6
"{B976F8E5-6A68-482C-8371-1DF9C70F7E2E}_is1" = sipgate X-Lite 1105c ger
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA98EC5B-5B4C-2A54-4A50-72F932CF7DEF}" = simpleology DesktopCockpit 1.2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD60F72D-3F1F-4DE1-9C41-3CF75B2CA59A}" = DVR-Studio Light
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C153ABD3-0A1E-4F70-A1AA-339F43CCA02A}" = simpleology BrowserBodyguard 1.2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{C852C0FF-CDF5-43F9-A75E-CB99410FF602}" = Toshiba Utility
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF49A5C4-E09A-4A22-BE7B-E42C687952BC}" = O&O Defrag Professional
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4126659-643C-461C-AB2C-5E3B6EDA23D9}" = Ergo Print Monitor xp86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD304638-64D4-43C9-8B8F-48BE23564791}" = Presto! BizCard 5 SE (Deutsche Version)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDBC8703-AA18-491F-97BE-98D4543A901B}" = FileMover
"{DE1A361F-31DC-4AC5-ABBA-2323BC505880}" = LexarMedia ImageRescue Software
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E0F46925-2F25-45B7-895D-AF26C264C2EC}" = Meeting Center
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0FD58F8-3C3C-482E-BA18-0435378E9C4F}" = The File Database
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F41A9EE5-A6A8-5647-63D0-F0A5D744612A}" = CherryPicker
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F761F998-0DE1-49B5-A99C-FBBFF1B5E912}" = Presto! BizCard5 SE
"{F81B7B81-6458-4A38-A261-BC163E16EB8B}" = DirMS-S
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"1&1 SmartFax" = 1&1 SmartFax
"3DataManager" = 3DataManager
"ACDSee 32" = ACDSee 32
"ACDSee Trial Version" = ACDSee Trial Version
"ActionVoip_is1" = ActionVoip
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Anti-Twin 2010-03-26 08.09.55" = Anti-Twin (Installation 26.03.2010)
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bamboo Dock" = Bamboo Dock 1.0.3
"Bamboo Scribe_is1" = Bamboo Scribe 2.6
"BatteryMon_is1" = BatteryMon V2.1
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"BMW Reparaturanleitung" = BMW Reparaturanleitung
"Box Shot 3D" = Box Shot 3D
"BurnInTest_is1" = BurnInTest v6.0 Pro
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CamStudio" = CamStudio
"Camtasia Effects" = Camtasia Effects
"Camtasia Studio 3" = Camtasia Studio 3
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner
"CDWinder" = CDWinder 5.5
"CherryPickerLive" = CherryPicker
"CloudBerry Explorer for Amazon S3" = CloudBerry Explorer for Amazon S3 2.3.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CobBackup9" = Cobian Backup 9
"Connection Keeper" = Connection Keeper
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.14
"CSCLIB" = Canon Camera Support Core Library
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DDR - Removable Media (Demo)" = DDR - Removable Media (Demo) 4.0.1.6
"DV CIG Guide" = CANON IMAGE GATEWAY Registrierungsanleitung
"DVD Flick_is1" = DVD Flick 1.3.0.6
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"dzperl_is1" = DzSoft Perl Editor 5.8.4
"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 2.50
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"Emu48" = Emu48 1.49
"FileZilla Client" = FileZilla Client 3.3.4
"FingerFriendlyFriends" = FingerFriendlyFriends
"FLV Player" = FLV Player 2.0 (build 25)
"Free Fast Mpeg Cut_is1" = Free Fast Mpeg Cut version 2.4
"Free Studio_is1" = Free Studio version 4.2
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.03" = Freecorder Toolbar 3.03 Application
"FRITZ! 2.0" = AVM FRITZ!
"GetRight" = GetRight
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HD Tach_is1" = HD Tach version 3
"HD Tune Pro_is1" = HD Tune Pro 3.50
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Ilium Software eWallet_is1" = eWallet 6.0 Professional Edition (Windows Mobile)
"InfoRapid Suchen & Ersetzen" = InfoRapid Suchen & Ersetzen
"InstallShield_{0C0A2D69-7F51-4B77-B64E-AB405AC446BE}" = Toshiba Controls Utility
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC-Diagnose-Tool
"InstallShield_{4C6F02E1-D873-45F3-B852-D83F84BEA8D4}" = TMPGEnc Plus 2.5
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{5691A25E-C05B-4E0F-87DA-E80869F756C2}" = Toshiba Hotkey Utility
"InstallShield_{576420A5-E1F0-4C09-A07C-F689082E666F}" = Toshiba Touchpad Utility
"InstallShield_{947C41AC-5926-41D6-9139-D41ABE9173AE}" = Bamboo Link
"InstallShield_{C852C0FF-CDF5-43F9-A75E-CB99410FF602}" = Toshiba Utility
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"JDownloader" = JDownloader
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"KoolMoves_is1" = KoolMoves 7.2
"KoolWizard Demo_is1" = KoolWizard Demo 1.3.1
"Lookout" = Lookout
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MyCamera" = Canon Utilities MyCamera
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NetObjects Fusion 7.5" = NetObjects Fusion 7.5
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Nvu_is1" = Nvu 1.0
"Orbit_is1" = Orbit Downloader
"PaperlessPrinter_is1" = PaperlessPrinter version 4.0
"PDF Blender" = PDF Blender
"PDF Password Remover v3.0_is1" = PDF Password Remover v3.0
"PDF-XChange 3_is1" = PDF-XChange 3.0
"Pen Tablet Driver" = Stifttablett
"PocketTalk" = Pocket Talk
"PoiEdit" = PoiEdit
"Powerbullet Presenter free v1.35_is1" = Powerbullet Presenter
"PROHYBRIDR" = 2007 Microsoft Office system
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.2
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SeaMonkey (1.1.16)" = SeaMonkey (1.1.16)
"SeaMonkey (2.0.4)" = SeaMonkey (2.0.4)
"SmartFTP Client_is1" = SmartFTP Client 3.0.1016.15
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SpamBayes_is1" = SpamBayes 1.0.4
"SpeedFan" = SpeedFan (remove only)
"SpeedswitchXP" = SpeedswitchXP V1.5
"Squeeze Page Wizard_is1" = Squeeze Page Wizard 1.0
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"t@b ZS4 Video Editor_is1" = t@b ZS4 Video Editor v0.958-686
"TeledatKonf" = Teledat USB 2 a/b Konfiguration
"TreeSize Free_is1" = TreeSize Free V2.4
"TrueCrypt" = TrueCrypt
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.4f
"Virtualdub 1.4.9" = Virtualdub 1.4.9
"VLC media player" = VLC media player 1.1.2
"VMware_Player" = VMware Player
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WebDesigner" = Microsoft Expression Web
"WinASO RegDefrag 2.0_is1" = WinASO RegDefrag 2.0
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-4
"WinRAR archiver" = WinRAR
"xplorer2l" = xplorer² lite
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"JScreenFix deluxe" = JScreenFix deluxe

 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 09:23:18 | Computer Name = P | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 24.08.2010 12:45:31 | Computer Name = P | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nvu.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x030a9fa0.
 
[ Application Events ]
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 06:00:04 | Computer Name = P | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 19.08.2010 09:23:18 | Computer Name = P | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 24.08.2010 12:45:31 | Computer Name = P | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nvu.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x030a9fa0.
 
[ OSession Events ]
Error - 01.07.2009 07:44:44 | Computer Name = P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.08.2009 10:45:15 | Computer Name = P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 12256
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 08.08.2009 06:06:50 | Computer Name = P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 264
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 30.09.2009 06:46:51 | Computer Name = P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9748
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2009 03:28:26 | Computer Name = P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28757
 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2010 04:40:50 | Computer Name = P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 82438
 seconds with 2400 seconds of active time.  This session ended with a crash.
 
Error - 01.04.2010 05:51:54 | Computer Name = P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 244151
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 04.06.2010 15:31:44 | Computer Name = P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 14008 seconds with 8580 seconds of active time.  This session ended with
a crash.
 
Error - 01.08.2010 17:00:21 | Computer Name = P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 45408
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 19.08.2010 17:17:26 | Computer Name = P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 24392
 seconds with 3540 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.08.2010 10:45:14 | Computer Name = P | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 26.08.2010 10:45:14 | Computer Name = P | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
 Peer  "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
 Minuten  wiederholt.  Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
 (0x80072751)
 
Error - 26.08.2010 10:45:14 | Computer Name = P | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 26.08.2010 10:45:28 | Computer Name = P | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVG Free8 WatchDog" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 26.08.2010 10:45:28 | Computer Name = P | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
  %%126
 
Error - 26.08.2010 10:45:38 | Computer Name = P | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  atapi  AvgLdx86  AvgMfx86  AvgTdiX  PCIIde
 
Error - 26.08.2010 12:14:55 | Computer Name = P | Source = BROWSER | ID = 8032
Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport
 "\Device\NetBT_Tcpip_{EDB5EC45-6014-4E0F-A46C-7C0407CD8696}" zu oft fehl.  Der Sicherungssuchdienst
 wird beendet.
 
Error - 26.08.2010 14:24:31 | Computer Name = P | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVG Free8 WatchDog" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 26.08.2010 14:24:31 | Computer Name = P | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
  %%126
 
Error - 26.08.2010 14:24:48 | Computer Name = P | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  atapi  AvgLdx86  AvgMfx86  AvgTdiX  PCIIde
 
 
< End of report >

cosinus 27.08.2010 10:25
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
[2008.11.14 10:21:23 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\neoqaz2.dll
@Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0E08FC17
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

mo9 27.08.2010 11:07
Vielen herzlichen Dank für die schnelle Hilfe.

Code:
All processes killed
========== OTL ==========
C:\WINDOWS\neoqaz2.dll moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0E08FC17 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes
 
User: downloads
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 434 bytes
 
User: Tom
->Temp folder emptied: 1799368 bytes
->Temporary Internet Files folder emptied: 2191448 bytes
->Java cache emptied: 3791305 bytes
->FireFox cache emptied: 157446369 bytes
->Flash cache emptied: 84630 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 248359 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 196365 bytes
RecycleBin emptied: 554066 bytes
 
Total Files Cleaned = 159,00 mb
 
 
OTL by OldTimer - Version 3.2.10.0 log created on 08272010_115556

Files\Folders moved on Reboot...
C:\WINDOWS\temp\vmware-SYSTEM-3602600609\vmware-usbarb-SYSTEM-2224.log moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c8c.dat not found!

Registry entries deleted on Reboot...

cosinus 27.08.2010 11:24
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

mo9 27.08.2010 12:21
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:18:05 on 27.08.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17080

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"Norton Internet Security - xxx - Vollständiger Systemscan.job" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\17.7.0.12\navw32.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl
"HWSETUP.CPL" - "TOSHIBA Corp." - C:\WINDOWS\system32\HWSETUP.CPL
"igfxcpl.cpl" - "Intel Corporation" - C:\WINDOWS\system32\igfxcpl.cpl
"ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PenTablet.cpl" - "Wacom Technology, Corp." - C:\WINDOWS\system32\PenTablet.cpl
"TOSCDSPD.cpl" - ? - C:\WINDOWS\system32\TOSCDSPD.cpl  (File found, but it contains no detailed information)
"ToshSrv.cpl" - ? - C:\WINDOWS\system32\ToshSrv.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CleverCache" - "O&O Software GmbH" - C:\Programme\OO Software\CleverCache\ooccmngr.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime Alternative\QTSystem\QuickTime.cpl
"Stifttablett" - "Wacom Technology, Corp." - C:\WINDOWS\system32\PenTablet.cpl
"TosBtLocalCOM" - "TOSHIBA CORPORATION" - C:\Programme\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Access 32bits INT15 routine" (BoiHwsetup) - "Quanta Computer Corp" - C:\WINDOWS\System32\drivers\BoiHwSetup.sys
"ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\System32\drivers\aspi32.sys
"AVG Free AVI Loader Driver x86" (AvgLdx86) - ? - C:\WINDOWS\System32\Drivers\avgldx86.sys  (File not found)
"AVG Free On-access Scanner Minifilter Driver x86" (AvgMfx86) - ? - C:\WINDOWS\System32\Drivers\avgmfx86.sys  (File not found)
"AVG Free8 Network Redirector" (AvgTdiX) - ? - C:\WINDOWS\System32\Drivers\avgtdix.sys  (File not found)
"AVM FRITZ!web PPP over ISDN" (NETFRITZ) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS
"AVMCOWAN" (AVMCOWAN) - "AVM GmbH" - C:\WINDOWS\System32\DRIVERS\AVMCOWAN.sys
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\WINDOWS\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\WINDOWS\system32\drivers\tcpipBM.sys
"catchme" (catchme) - ? - C:\DOKUME~1\xxx\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"cpuz134" (cpuz134) - "Windows (R) Win 7 DDK provider" - C:\WINDOWS\system32\drivers\cpuz134_x32.sys
"Dect Serial Driver" (Gigser) - "Siemens AG" - C:\WINDOWS\System32\Drivers\Gigser.sys
"Dect USB Driver" (Gigusb) - "Siemens AG" - C:\WINDOWS\System32\Drivers\Gigusb.sys
"DectEnum" (DectEnum) - "Siemens AG" - C:\WINDOWS\System32\Drivers\DectEnum.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"Generic IO & Memory Access" (QIOMem) - "TOSHIBA" - C:\WINDOWS\System32\DRIVERS\QIOMem.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ialm" (ialm) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\igxpmp32.sys
"IDSxpx86" (IDSxpx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100826.001\IDSxpx86.sys
"Intel AHCI Controller" (iaStor) - "Intel Corporation" - C:\WINDOWS\System32\drivers\iaStor.sys
"Intel(R) High Definition Audio HDMI Service" (IntcHdmiAddService) - "Intel(R) Corporation" - C:\WINDOWS\System32\drivers\IntcHdmi.sys
"Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32-Bit" (NETw5x32) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\NETw5x32.sys
"ISDN USB Interface (Ver. 1.20.0032)" (IUAPIWDM) - "SIEMENS AG" - C:\WINDOWS\System32\DRIVERS\IUAPIWDM.sys
"ISDN Wan driver (Ver. 1.20.0032)" (HRCMPA) - "SIEMENS AG" - C:\WINDOWS\System32\DRIVERS\hrcmpa.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\5.tmp  (File not found)
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100826.023\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100826.023\NAVEX15.SYS
"NSNDIS5 NDIS Protocol Driver" (NSNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\NSNDIS5.SYS
"O2MDRDR" (O2MDRDR) - "O2Micro " - C:\WINDOWS\System32\DRIVERS\o2media.sys
"PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\WINDOWS\System32\Drivers\PCASp50.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Quanta HotKey Keyboard Filter Driver" (qkbfiltr) - "Quanta Computer, Inc." - C:\WINDOWS\System32\drivers\qkbfiltr.sys
"Quanta HotKey Mouse Filter Driver" (qmofiltr) - "Quanta Computer, Inc." - C:\WINDOWS\System32\drivers\qmofiltr.sys
"SANDRA" (SANDRA) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys
"siellif" (siellif) - "Siemens AG" - C:\WINDOWS\System32\Drivers\siellif.sys
"Softmodem/Fax Port Driver" (vmdmd) - ? - C:\WINDOWS\System32\DRIVERS\vmdmd.sys  (File not found)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NIS\1107000.00C\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NIS\1107000.00C\SYMEFA.SYS
"Symantec Hash Provider" (ccHP) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
"Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"Synaptics TouchPad Driver" (SynTP) - "Synaptics, Inc." - C:\WINDOWS\System32\DRIVERS\SynTP.sys
"TechnoTrend - TT-DVB USB Driver" (TTDVBUSB) - "TechnoTrend AG" - C:\WINDOWS\System32\Drivers\ttdvbusb.sys
"Teledat USB 2 a/b (WinXP/2000)" (FXUSBASE) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\fxusbase.sys
"TOSHIBA DVD-RAM UDF File System Driver" (trudf) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\trudf.sys
"TOSHIBA UDF File System Driver" (tdudf) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tdudf.sys
"TOSHIBA Writing Engine Filter Driver" (tdcmdpst) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tdcmdpst.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\drivers\truecrypt.sys
"TTUSB2BDA USB 2.0 Driver" (TTUSB2BDA) - "TechnoTrend GmbH" - C:\WINDOWS\System32\DRIVERS\ttusb2bda.sys
"TTUSB2TS USB 2.0 Driver" (TTUSB2TS) - ? - C:\WINDOWS\System32\Drivers\ttusb2ts.sys  (File not found)
"UVCFTR" (UVCFTR) - "Chicony Electronics Co., Ltd." - C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS
"Virtual BDA DVB Network Adapter" (TTNDSBDA) - "TechnoTrend" - C:\WINDOWS\System32\DRIVERS\ttndsbda.sys
"Virtual DVB/USB2.0 Network Adapter Driver" (NDISLPU2) - ? - C:\WINDOWS\System32\DRIVERS\ndislpu2.sys  (File not found)
"Virtual Keyboard Driver" (WacomVKHid) - "Wacom Technology" - C:\WINDOWS\System32\DRIVERS\WacomVKHid.sys
"Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\WINDOWS\system32\Drivers\vmm.sys
"Virtual Machine Network Services Driver" (VPCNetS2) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\VMNetSrv.sys
"Virtual TT-DVB USB Adapter Driver" (NDISLOOP) - "TechnoTrend AG" - C:\WINDOWS\System32\DRIVERS\ndisloop.sys
"VMware Bridge Protocol" (VMnetBridge) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\WINDOWS\system32\drivers\hcmon.sys
"VMware kbd" (vmkbd) - "VMware, Inc." - C:\WINDOWS\system32\drivers\VMkbd.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\WINDOWS\system32\drivers\vmnetuserif.sys
"VMware vmci" (vmci) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\vmci.sys
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\vmx86.sys
"VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys
"Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - C:\Programme\VMware\VMware Player\vstor2-ws60.sys
"Wacom Mode Helper" (wacmoumonitor) - "Wacom Technology" - C:\WINDOWS\System32\DRIVERS\wacmoumonitor.sys
"Wacom Mouse Filter Driver" (wacommousefilter) - "Wacom Technology" - C:\WINDOWS\System32\DRIVERS\wacommousefilter.sys
"Wacom Virtual Hid Driver" (wacomvhid) - "Wacom Technology" - C:\WINDOWS\System32\DRIVERS\wacomvhid.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Programme\Audible\Bin\AudibleExt.dll
{B3AFAE44-F603-4456-808F-C9F8F0C76082} "CRawViewerExtension Class" - "Microsoft Corporation" - C:\Programme\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\CRawViewerExtension.dll
{242ED098-D606-4FA8-9DDE-89AEDFE4EAD7} "FragExt" - "Jeremy Boschen" - C:\Programme\FragExt\FragShx.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{BBCA9F81-8F4F-11D2-90FF-0080C83D3571} "ic32pp" - ? - C:\WINDOWS\wc98pp.dll  (File not found)
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Programme\Audible\Bin\AudibleExt.dll
{efb97cb8-a4a4-4357-a261-002ffaed0267} "CD Burn Slideshow Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\slideshow.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" - "TOSHIBA Inc." - C:\Programme\Toshiba\TouchED\TouchED.DLL
{242ED098-D606-4FA8-9DDE-89AEDFE4EAD7} "FragExt" - "Jeremy Boschen" - C:\Programme\FragExt\FragShx.dll
{8935BD84-0BDB-4AE5-869C-18EEA4E81D77} "FragExt" - "Jeremy Boschen" - C:\Programme\FragExt\FragShx.dll
{B23E896C-5CC0-40ab-916D-3BA3328FEADD} "FragExt" - "Jeremy Boschen" - C:\Programme\FragExt\FragShx.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\Wcesview.dll
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? -  (File not found | COM-object registry key not found)
{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} "OODShellExtObj Class" - "O&O Software GmbH" - C:\PROGRA~1\OOSOFT~1\Defrag\oodsh.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{1530F7EE-5128-43BD-9977-84A4B0FAD7DF} "PhotoToys" - "Microsoft Corporation" - C:\WINDOWS\system32\phototoys.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{82AA9188-44E0-40B9-B956-43A10C315B4F} "RootShellFolder Class" - "SmartSoft Ltd." - C:\Programme\SmartFTP Client\sfFTPShellExtension.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{2ED7FD81-CBA6-45E5-A49A-5E84889A94E2} "ShellFolderDragDropHandler Class" - "SmartSoft Ltd." - C:\Programme\SmartFTP Client\sfFTPShellExtension.dll
{EB5EE1F3-041A-4c03-9D51-2BEC6715FB00} "ShellFolderSearchRoot Class" - "SmartSoft Ltd." - C:\Programme\SmartFTP Client\sfFTPShellExtension.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{F87DED31-303F-4ED1-9BCE-D360FBC74E0A} "SmartFTP ContextMenu Shell Extension" - "SmartSoft Ltd" - C:\Programme\SmartFTP Client\sfShellTools.dll
{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} "SmartFTP Drop ShellIconOverlayHandler" - "SmartSoft Ltd" - C:\Programme\SmartFTP Client\sfShellTools.dll
{39DD67E0-73B6-4a11-AF55-49E1EBBF72BE} "SmartFTP FavoritesShellFolder Class" - "SmartSoft Ltd." - C:\Programme\SmartFTP Client\sfFavoritesShellExtension.dll
{40FDFA48-5F4E-4627-A78E-6A49A3D4492F} "SmartFTP ShellDropHandler Class" - "SmartSoft Ltd" - C:\Programme\SmartFTP Client\sfShellTools.dll
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll
{CF74B903-3389-469c-B3B6-0204D204FCBD} "SnagItShellExt Class" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 7\SnagItShellExt.dll
{2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - "Synaptics, Inc." - C:\Programme\Synaptics\SynTP\SynTPCpl.dll
{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Programme\Microsoft Virtual PC\VPCShExH.DLL
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{EB6024B6-1632-4CC7-94B1-3334A34B4554} "Web Sites" - "Microsoft Corporation" - C:\Programme\Microsoft Expression\Web 3\fpnse.dll
{AB4F43CA-ADCD-4384-B9AF-3CECEA7D6544} "Websites" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBSER~1\12\BIN\FPNSE.DLL
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll
{7C602F97-DF50-47A1-85B3-5F7911FE7367} "WISE-FTP 6 Verbindungen" - "AceBIT GmbH" - C:\WINDOWS\system32\we6.dll
SEStart "{0CAF1FA2-6F8D-11D5-84C7-0000836958D3}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "Freecorder Toolbar" - "Conduit Ltd." - C:\Programme\Freecorder\tbFre0.dll
<binary data> "Grab Pro" - ? - C:\Programme\Orbitdownloader\GrabPro.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
<binary data> "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{1392b8d2-5c05-419f-a8f6-b9f15a596612} "Freecorder Toolbar" - "Conduit Ltd." - C:\Programme\Freecorder\tbFre0.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} "CKAVWebScan Object" - ? - C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll  (File not found) / hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - ? - C:\Programme\Java\jre6\bin\npjpi160_15.dll  (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - ? - C:\Programme\Java\jre6\bin\npjpi160_15.dll  (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - ? - C:\Programme\Java\jre6\bin\npjpi160_15.dll  (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{BC0AE9E6-E549-4554-A222-EA083A894683} "QuickUpload" - ? - C:\WINDOWS\Downloaded Program Files\QUpl_47.dll  (File not found) / hxxp://a04-b04.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - ? - C:\WINDOWS\Downloaded Program Files\avsniff.dll  (File not found) / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - ? - C:\WINDOWS\Downloaded Program Files\rufsi.dll  (File not found) / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{07A11D74-9D25-4fea-A833-8B0D76A5577A} "An Mindjet MindManager senden" - "Mindjet" - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{86529161-034E-4F8A-88D2-3C625E612E04} "Run WinHTTrack" - ? - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
{1392b8d2-5c05-419f-a8f6-b9f15a596612} "Freecorder Toolbar" - "Conduit Ltd." - C:\Programme\Freecorder\tbFre0.dll
<binary data> "Grab Pro" - ? - C:\Programme\Orbitdownloader\GrabPro.dll
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll
<binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - ? - C:\Programme\AVG\AVG8\avgssie.dll  (File not found)
{07A11D74-9D25-4fea-A833-8B0D76A5577A} "CmjBrowserHelperObject Object" - "Mindjet" - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll
{1392b8d2-5c05-419f-a8f6-b9f15a596612} "Freecorder Toolbar" - "Conduit Ltd." - C:\Programme\Freecorder\tbFre0.dll
{00C6482D-C502-44C8-8409-FCE54AD9C208} "HelperObject Class" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Programme\Orbitdownloader\orbitcth.dll
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" - "Yahoo! Inc" - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %AllUsersProfile%\Startmenü\Programme\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
"NBJ" - "Ahead Software AG" - "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized
"SpeedswitchXP" - "Christian Diefer" - C:\Programme\SpeedswitchXP\SpeedswitchXP.exe
"TOSCDSPD" - "TOSHIBA" - C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Cobian Backup 9" - "Luis Cobian" - "C:\Programme\Cobian Backup 9\Cobian.exe"
"DDWMon" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
"HotKeysCmds" - "Intel Corporation" - C:\WINDOWS\system32\hkcmd.exe
"IgfxTray" - "Intel Corporation" - C:\WINDOWS\system32\igfxtray.exe
"ITSecMng" - "TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
"Persistence" - "Intel Corporation" - C:\WINDOWS\system32\igfxpers.exe
"PinnacleDriverCheck" - ? - C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime Alternative\qttask.exe" -atboottime
"SmoothView" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
"SynTPEnh" - "Synaptics, Inc." - C:\Programme\Synaptics\SynTP\SynTPEnh.exe
"Toshiba Controls Utility" - "TOSHIBA Inc." - C:\Programme\TOSHIBA\Controls\VolumeIndicator.exe
"Toshiba Hotkey Utility" - "TOSHIBA Inc." - "c:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE
"VMware hqtray" - "VMware, Inc." - "C:\Programme\VMware\VMware Player\hqtray.exe"
"vspdfprsrv.exe" - ? - C:\Programme\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"1und1 Fax Monitor" - "1&1 Internet AG" - C:\WINDOWS\system32\UI1&1MON.DLL
"Canon BJ Language Monitor iP4500 series" - "CANON INC." - C:\WINDOWS\system32\CNMLM92.DLL
"Ergo Monitor" - "Invu (2007) Ltd" - C:\WINDOWS\system32\ErgoMon.dll
"FRITZ!fax Color Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaColorMon.dll
"FRITZ!fax Port Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaMon.dll
"PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\WINDOWS\system32\tbtmon.dll
"VSP1:" - ? - C:\WINDOWS\system32\vsmon1.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"AVG Free8 WatchDog" (avg8wd) - ? - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe  (File not found)
"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Buzzsaw_Defragmentation" (Buzzsaw_Defragmentation) - "SpyderComm, Inc." - C:\Programme\DEFRAG-DIRMS\BuzzSawService.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"DirMS_Defragmentation" (DirMS_Defragmentation) - ? - C:\Programme\DEFRAG-DIRMS\DirmsService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"FragExt Defragmenter" (FRAGSVX) - "Jeremy Boschen" - C:\Programme\FragExt\FragSvx.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GtDetectSc" (GtDetectSc) - "OptionNV" - C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
"O&O CleverCache Agent" (OOCleverCacheAgent) - "O&O Software GmbH" - C:\Programme\OO Software\CleverCache\ooccag.exe
"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe
"O2Micro Flash Memory Card Service" (o2flash) - "O2Micro International" - c:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PC Tools Startup and Shutdown Monitor service" (PCToolsSSDMonitorSvc) - "PC Tools" - C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
"TabletServicePen" (TabletServicePen) - "Wacom Technology, Corp." - C:\WINDOWS\system32\Pen_Tablet.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\WINDOWS\system32\TODDSrv.exe
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
"VMware Agent Service" (ufad-ws60) - "VMware, Inc." - C:\Programme\VMware\VMware Player\vmware-ufad.exe
"VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Programme\VMware\VMware Player\vmware-authd.exe
"VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\WINDOWS\system32\vmnetdhcp.exe
"VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\WINDOWS\system32\vmnat.exe
"VMware USB Arbitration Service" (VMUSBArbService) - "VMware, Inc." - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WTGService" (WTGService) - ? - C:\Programme\3DataManager\WTGService.exe  (File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"igfxcui" - "Intel Corporation" - C:\WINDOWS\system32\igfxdev.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"VMCI sockets DGRAM" - "VMware, Inc." - C:\Programme\VMware\VMware Player\vsocklib.dll
"VMCI sockets STREAM" - "VMware, Inc." - C:\Programme\VMware\VMware Player\vsocklib.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:
.\debug.cpp(238) : Debug log started at 27.08.2010 - 11:13:50
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f78000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f67000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba0b8000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xba0c8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xba4c0000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0d8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f48000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba5ac000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb9f22000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba4c4000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xba671000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xba0e8000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9e3c000 0x000ce000 "iaStor.sys"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba108000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9e1c000 0x00020000 "fltMgr.sys"
.\debug.cpp(256) : 0xb9dc6000 0x00056000 "SYMDS.SYS"
.\debug.cpp(256) : 0xb9db4000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xb9d87000 0x0002d000 "SYMEFA.SYS"
.\debug.cpp(256) : 0xba118000 0x00009000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb9d70000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9ce3000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9cb6000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba5ae000 0x00002000 "speedfan.sys"
.\debug.cpp(256) : 0xba128000 0x0000b000 "sbp2port.sys"
.\debug.cpp(256) : 0xb9c9c000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba672000 0x00001000 "giveio.sys"
.\debug.cpp(256) : 0xba338000 0x00006000 "BMLoad.sys"
.\debug.cpp(256) : 0xba588000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xb7d73000 0x005be000 "\SystemRoot\system32\DRIVERS\igxpmp32.sys"
.\debug.cpp(256) : 0xb7d5f000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xba4a8000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb7d3b000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba4b0000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb7d13000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb7cca000 0x00049000 "\SystemRoot\system32\DRIVERS\yk51x86.sys"
.\debug.cpp(256) : 0xb7954000 0x00376000 "\SystemRoot\system32\DRIVERS\NETw5x32.sys"
.\debug.cpp(256) : 0xb7940000 0x00014000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0xba288000 0x0000c000 "\SystemRoot\system32\DRIVERS\o2media.sys"
.\debug.cpp(256) : 0xb7928000 0x00018000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0xba298000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xba348000 0x00008000 "\SystemRoot\system32\drivers\qkbfiltr.sys"
.\debug.cpp(256) : 0xba350000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba358000 0x00005000 "\??\C:\WINDOWS\system32\drivers\VMkbd.sys"
.\debug.cpp(256) : 0xb78f2000 0x00036000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xba5ba000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba360000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba58c000 0x00004000 "\SystemRoot\system32\DRIVERS\tdcmdpst.sys"
.\debug.cpp(256) : 0xba2d8000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba368000 0x00008000 "\SystemRoot\system32\drivers\ASAPIW2k.sys"
.\debug.cpp(256) : 0xba2e8000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba370000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xba188000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb980f000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xb980b000 0x00003000 "\SystemRoot\system32\DRIVERS\tosrfec.sys"
.\debug.cpp(256) : 0xb94d2000 0x0000d000 "\SystemRoot\system32\DRIVERS\AVMCOWAN.sys"
.\debug.cpp(256) : 0xb94c2000 0x00010000 "\SystemRoot\System32\Drivers\tosrfcom.sys"
.\debug.cpp(256) : 0xb83c1000 0x0000f000 "\SystemRoot\system32\DRIVERS\VMNetSrv.sys"
.\debug.cpp(256) : 0xba5bc000 0x00002000 "\SystemRoot\system32\DRIVERS\wacomvhid.sys"
.\debug.cpp(256) : 0xb83b1000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xba378000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xba5be000 0x00002000 "\SystemRoot\system32\DRIVERS\WacomVKHid.sys"
.\debug.cpp(256) : 0xb78b1000 0x00041000 "\SystemRoot\system32\DRIVERS\hrcmpa.sys"
.\debug.cpp(256) : 0xba5c4000 0x00002000 "\SystemRoot\system32\DRIVERS\KMONAPI.SYS"
.\debug.cpp(256) : 0xba6e0000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba5c8000 0x00002000 "\SystemRoot\System32\Drivers\RootMdm.sys"
.\debug.cpp(256) : 0xba380000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xb83a1000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb9803000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb789a000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xb8391000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xb8381000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba388000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb7889000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xb8371000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba390000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba398000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb8361000 0x0000c000 "\SystemRoot\System32\Drivers\pcouffin.sys"
.\debug.cpp(256) : 0xb7859000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xb8351000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5ca000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb7836000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xb77d8000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xba5a0000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xb8341000 0x00009000 "\SystemRoot\system32\DRIVERS\QIOMem.sys"
.\debug.cpp(256) : 0xb9c70000 0x00003000 "\SystemRoot\system32\DRIVERS\vmnetadapter.sys"
.\debug.cpp(256) : 0xb929f000 0x00003000 "\SystemRoot\system32\DRIVERS\VMNET.SYS"
.\debug.cpp(256) : 0xba1e8000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xba1c8000 0x0000b000 "\SystemRoot\system32\DRIVERS\tosporte.sys"
.\debug.cpp(256) : 0xba5a4000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xba410000 0x00008000 "\SystemRoot\system32\DRIVERS\wacommousefilter.sys"
.\debug.cpp(256) : 0xb9c78000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xba228000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xa1d15000 0x000bd000 "\SystemRoot\system32\drivers\CHDAud.sys"
.\debug.cpp(256) : 0xa1cf1000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xa399b000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa1cbd000 0x00034000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys"
.\debug.cpp(256) : 0xa1bcc000 0x000f1000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
.\debug.cpp(256) : 0xa1b19000 0x000b3000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
.\debug.cpp(256) : 0xa1af9000 0x00020000 "\SystemRoot\system32\drivers\IntcHdmi.sys"
.\debug.cpp(256) : 0xa0077000 0x00057000 "\SystemRoot\System32\Drivers\NIS\1107000.00C\SRTSP.SYS"
.\debug.cpp(256) : 0xa0058000 0x0001f000 "\SystemRoot\system32\drivers\NIS\1107000.00C\Ironx86.SYS"
.\debug.cpp(256) : 0xba3d0000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xba208000 0x00009000 "\SystemRoot\System32\Drivers\UVCFTR_S.SYS"
.\debug.cpp(256) : 0xa003a000 0x0001e000 "\SystemRoot\System32\Drivers\usbvideo.sys"
.\debug.cpp(256) : 0xba218000 0x0000a000 "\SystemRoot\system32\drivers\NIS\1107000.00C\SRTSPX.SYS"
.\debug.cpp(256) : 0x9feee000 0x0014c000 "\??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100826.023\NAVEX15.SYS"
.\debug.cpp(256) : 0x9fec9000 0x00025000 "\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS"
.\debug.cpp(256) : 0x9feb5000 0x00014000 "\??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100826.023\NAVENG.SYS"
.\debug.cpp(256) : 0x9fe82000 0x00033000 "\SystemRoot\System32\drivers\truecrypt.sys"
.\debug.cpp(256) : 0xba5f4000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba79e000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba5fc000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba490000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba602000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba608000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba498000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba4a0000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xb6529000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x9fe4f000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0x9fdf6000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xb6876000 0x00005000 "\SystemRoot\System32\Drivers\tcpipBM.SYS"
.\debug.cpp(256) : 0x9fd9f000 0x00057000 "\SystemRoot\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS"
.\debug.cpp(256) : 0x9fd79000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb6936000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x9fd24000 0x00055000 "\??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100826.001\IDSxpx86.sys"
.\debug.cpp(256) : 0x9fcfc000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xb69a6000 0x00003000 "\SystemRoot\System32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0x9fcda000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xba168000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x9fc9f000 0x0003b000 "\??\C:\WINDOWS\system32\Drivers\vmm.sys"
.\debug.cpp(256) : 0x9fc74000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xb699e000 0x00004000 "\??\C:\WINDOWS\system32\drivers\pclepci.sys"
.\debug.cpp(256) : 0x9fc04000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xa27c0000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0x9fba6000 0x0005e000 "\??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys"
.\debug.cpp(256) : 0x9fb89000 0x0001d000 "\??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
.\debug.cpp(256) : 0x9fb0a000 0x0007f000 "\SystemRoot\system32\drivers\NIS\1107000.00C\ccHPx86.sys"
.\debug.cpp(256) : 0x9fa5e000 0x000ac000 "\??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys"
.\debug.cpp(256) : 0xba2b8000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0x9f990000 0x000ce000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb927b000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba470000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba6d7000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf024000 0x0002b000 "\SystemRoot\System32\igxpgd32.dll"
.\debug.cpp(256) : 0xbf012000 0x00012000 "\SystemRoot\System32\igxprd32.dll"
.\debug.cpp(256) : 0xbf04f000 0x0020c000 "\SystemRoot\System32\igxpdv32.DLL"
.\debug.cpp(256) : 0xbf25b000 0x00307000 "\SystemRoot\System32\igxpdx32.DLL"
.\debug.cpp(256) : 0x9e49f000 0x0001a000 "\SystemRoot\system32\DRIVERS\tdudf.sys"
.\debug.cpp(256) : 0x9e48e000 0x00011000 "\SystemRoot\System32\Drivers\Udfs.SYS"
.\debug.cpp(256) : 0x9e46d000 0x00021000 "\SystemRoot\system32\DRIVERS\trudf.sys"
.\debug.cpp(256) : 0xa1f39000 0x00007000 "\SystemRoot\system32\DRIVERS\vmnetbridge.sys"
.\debug.cpp(256) : 0x9ec4a000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x9e3b8000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xb6916000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0x9df4d000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0x9df05000 0x0000a000 "\??\C:\WINDOWS\system32\drivers\hcmon.sys"
.\debug.cpp(256) : 0x9de95000 0x00010000 "\??\C:\WINDOWS\system32\Drivers\vmci.sys"
.\debug.cpp(256) : 0x9dd66000 0x000cf000 "\??\C:\WINDOWS\system32\Drivers\vmx86.sys"
.\debug.cpp(256) : 0xa1f29000 0x00005000 "\SystemRoot\System32\drivers\aspi32.sys"
.\debug.cpp(256) : 0x9de5d000 0x00004000 "\??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys"
.\debug.cpp(256) : 0x9dc8e000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0x9d927000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xba400000 0x00005000 "\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys"
.\debug.cpp(256) : 0xa3790000 0x00004000 "\??\C:\Programme\VMware\VMware Player\vstor2-ws60.sys"
.\debug.cpp(256) : 0x9cabc000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :              Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_FF501179&REV_03#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_FF501179&REV_03#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :              Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{46CC7287-AE0D-4C0C-AA94-2D7FE7A7ED84}"
.\debug.cpp(400) :              Destination="\Device\{46CC7287-AE0D-4C0C-AA94-2D7FE7A7ED84}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1020#4&ff861e6&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000009e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :              Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#20#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000ac"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000005a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B35CAC74-7CCF-469A-B98E-12B6A5B1D1BA}"
.\debug.cpp(400) :              Destination="\Device\{B35CAC74-7CCF-469A-B98E-12B6A5B1D1BA}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{85B84A4F-BE96-4A18-A89E-70DC072C5483}"
.\debug.cpp(400) :              Destination="\Device\{85B84A4F-BE96-4A18-A89E-70DC072C5483}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000077"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{99a600fa-e3ac-11dd-ada0-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) :              Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :              Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
.\debug.cpp(400) :              Destination="\Device\SymEvent"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM20"
.\debug.cpp(400) :              Destination="\Device\porte20"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) :              Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVKHID&Col02#1&4784345&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000b5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2192624a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :              Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM21"
.\debug.cpp(400) :              Destination="\Device\porte21"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM15"
.\debug.cpp(400) :              Destination="\Device\porte15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000059"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) :              Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :              Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM22"
.\debug.cpp(400) :              Destination="\Device\porte22"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM16"
.\debug.cpp(400) :              Destination="\Device\porte16"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B254D356-A120-4C97-8C84-5607607A2EF6}"
.\debug.cpp(400) :              Destination="\Device\{B254D356-A120-4C97-8C84-5607607A2EF6}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) :              Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1217&DEV_00F7&SUBSYS_FF501179&REV_02#4&31fc8c23&0&08F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ862AS________________1.50____#4&4079406&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IAAStorageDevice-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVKHID&Col03#1&4784345&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000b6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3701aabd&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000#4&14f5bf9f&0&0101#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\000000c1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ862AS________________1.50____#4&4079406&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IAAStorageDevice-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5051&SUBSYS_1179FF50&REV_1000#4&14f5bf9f&0&0002#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) :              Destination="\Device\000000c0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_1179FF52&REV_1000#4&14f5bf9f&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :              Destination="\Device\000000bf"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM17"
.\debug.cpp(400) :              Destination="\Device\porte17"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :              Destination="\Device\00000057"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) :              Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMDS"
.\debug.cpp(400) :              Destination="\Device\SymDS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&55e5f3f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) :              Destination="\Device\00000079"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04f2&Pid_b064#SN0001#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#21#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000ad"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM18"
.\debug.cpp(400) :              Destination="\Device\porte18"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TosRFCOM"
.\debug.cpp(400) :              Destination="\Device\RFCOMM"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) :              Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :              Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&263b5d5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000#4&14f5bf9f&0&0101#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :              Destination="\Device\000000c1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM19"
.\debug.cpp(400) :              Destination="\Device\porte19"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#VMWARE#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000071"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BASHDRVCHANNEL"
.\debug.cpp(400) :              Destination="\Device\BBDrvDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_1179FF52&REV_1000#4&14f5bf9f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\000000bf"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4232&SUBSYS_12018086&REV_00#4&2bcebcdb&0&00E5#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0023"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{530AAB3C-8439-47D9-B19B-5384ECCC3585}"
.\debug.cpp(400) :              Destination="\Device\{530AAB3C-8439-47D9-B19B-5384ECCC3585}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_FF501179&REV_03#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#22#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000ae"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#15#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000a7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#VMWARE#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000070"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :              Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVIRTUALHID&Col04#1&2d595ca7&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000b3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) :              Destination="\Device\porte3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_1179FF52&REV_1000#4&14f5bf9f&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000bf"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BD9D5DED-D6DB-46E2-9224-6B982DB4CFD7}"
.\debug.cpp(400) :              Destination="\Device\{BD9D5DED-D6DB-46E2-9224-6B982DB4CFD7}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM40"
.\debug.cpp(400) :              Destination="\Device\porte40"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) :              Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :              Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) :              Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) :              Destination="\Device\NAVEX15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{36A17D75-D62B-492D-9922-75F55848AF89}"
.\debug.cpp(400) :              Destination="\Device\{36A17D75-D62B-492D-9922-75F55848AF89}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_FF501179&REV_03#3&11583659&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#BLUETOOTH#0000#{aa83bdcf-92fa-41ac-96d3-5e92b59c9b9d}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :              Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASAPI"
.\debug.cpp(400) :              Destination="\Device\ASAPI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VMnetUserif"
.\debug.cpp(400) :              Destination="\Device\VMnetUserif"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :              Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\bmksa"
.\debug.cpp(400) :              Destination="\Device\bmksa"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :              Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TrueCrypt"
.\debug.cpp(400) :              Destination="\Device\TrueCrypt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000#4&14f5bf9f&0&0101#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) :              Destination="\Device\000000c1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ862AS________________1.50____#4&4079406&0&0.1.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) :              Destination="\Device\Ide\IAAStorageDevice-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_1179FF52&REV_1000#4&14f5bf9f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000bf"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&29c76ef8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :              Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7D24C5A5-0379-46DF-8033-AE7A92F06149}"
.\debug.cpp(400) :              Destination="\Device\{7D24C5A5-0379-46DF-8033-AE7A92F06149}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :              Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM6"
.\debug.cpp(400) :              Destination="\Device\porte6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000067"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :              Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :              Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) :              Destination="\Device\ConexantDiagnosticsServer"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM7"
.\debug.cpp(400) :              Destination="\Device\porte7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :              Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI10"
.\debug.cpp(400) :              Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) :              Destination="\Device\EraserCtrlDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9615F92E-62CC-409F-ADFF-56D698E8E026}"
.\debug.cpp(400) :              Destination="\Device\{9615F92E-62CC-409F-ADFF-56D698E8E026}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000005d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :              Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000#4&14f5bf9f&0&0101#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000c1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) :              Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :              Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000005e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#CNTX_VPCNETS2_MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000005c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#40#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000af"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BMLoad"
.\debug.cpp(400) :              Destination="\Device\BMLoad"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMRDR"
.\debug.cpp(400) :              Destination="\Device\SYMRDR"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) :              Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbMmDp32"
.\debug.cpp(400) :              Destination="\Device\MbMmDp32"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCLEPCIDevice0"
.\debug.cpp(400) :              Destination="\Device\PCLEPCIDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A42&SUBSYS_FF501179&REV_07#3&11583659&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :              Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) :              Destination="\Device\USBFDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000007e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) :              Destination="\Device\USBFDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vmci"
.\debug.cpp(400) :              Destination="\Device\vmci"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0003#{8c7c1d13-54d5-4a49-aeaa-4b77c982fb44}"
.\debug.cpp(400) :              Destination="\Device\0000006f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_1179FF52&REV_1000#4&14f5bf9f&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000bf"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) :              Destination="\Device\NAVENG"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCNetS2"
.\debug.cpp(400) :              Destination="\Device\VPCNetS2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4355&SUBSYS_FF501179&REV_12#4&296e4dac&0&00E4#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#6#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000a5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) :              Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
.\debug.cpp(400) :              Destination="\Device\SRTSPX"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) :              Destination="\Device\USBFDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\bmknet"
.\debug.cpp(400) :              Destination="\Device\bmknet"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\QKFiltr0"
.\debug.cpp(400) :              Destination="\Device\QKeyboardFilter0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVIRTUALHID&Col02#1&2d595ca7&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000b1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVIRTUALHID&Col01#1&2d595ca7&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000b0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\hcmon"
.\debug.cpp(400) :              Destination="\Device\hcmon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCNetS2_{EDB5EC45-6014-4E0F-A46C-7C0407CD8696}"
.\debug.cpp(400) :              Destination="\Device\VPCNetS2_{EDB5EC45-6014-4E0F-A46C-7C0407CD8696}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) :              Destination="\Device\HSF_MDMDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A978F901-5AC8-4444-90A0-961A00DCA9A8}"
.\debug.cpp(400) :              Destination="\Device\{A978F901-5AC8-4444-90A0-961A00DCA9A8}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2f77b030&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVIRTUALHID&Col03#1&2d595ca7&0&0002#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\000000b2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\patincouffin0"
.\debug.cpp(400) :              Destination="\Device\Patin couffin device0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVKHID&Col01#1&4784345&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000b4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#18#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000aa"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPEEDFAN"
.\debug.cpp(400) :              Destination="\Device\speedfan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1efe2f6b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5051&SUBSYS_1179FF50&REV_1000#4&14f5bf9f&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :              Destination="\Device\000000c0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1217&DEV_7130&SUBSYS_FF501179&REV_01#4&31fc8c23&0&0BF0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :              Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureCAED4A9FOffset7E00Length4A85AD0400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP"
.\debug.cpp(400) :              Destination="\Device\000000c0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04f2&Pid_b064&MI_00#6&cba8ae0&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000c7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) :              Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :              Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_FF501179&REV_03#3&11583659&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\0000000c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVIRTUALHID&Col03#1&2d595ca7&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000b2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskTOSHIBA_MK3252GSX_______________________LV010M__#4&4079406&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IAAStorageDevice-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_FF501179&REV_03#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\giveio"
.\debug.cpp(400) :              Destination="\Device\giveio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVKHID&Col02#1&4784345&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\000000b5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :              Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\0000000b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :              Destination="\Device\Ide\iaStor0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CPUZ134"
.\debug.cpp(400) :              Destination="\Device\cpuz134"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F2817ACA-8859-401C-8EBE-2E0707B5DAF6}"
.\debug.cpp(400) :              Destination="\Device\{F2817ACA-8859-401C-8EBE-2E0707B5DAF6}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EDB5EC45-6014-4E0F-A46C-7C0407CD8696}"
.\debug.cpp(400) :              Destination="\Device\{EDB5EC45-6014-4E0F-A46C-7C0407CD8696}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&ff861e6&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000009d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#17#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000a9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) :              Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMEFA"
.\debug.cpp(400) :              Destination="\Device\SYMEFA"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIron"
.\debug.cpp(400) :              Destination="\Device\SymIron"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11010"
.\debug.cpp(400) :              Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000005b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#LEGACY_NDIS_USB_WAN#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000030"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) :              Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\tdcmdpst"
.\debug.cpp(400) :              Destination="\Device\tdcmdpst"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{99a600fb-e3ac-11dd-ada0-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) :              Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) :              Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :              Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI"
.\debug.cpp(400) :              Destination="\Device\SymTDI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :              Destination="\Device\Scsi\O2MDRDR1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) :              Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_1179FF52&REV_1000#4&14f5bf9f&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}"
.\debug.cpp(400) :              Destination="\Device\000000bf"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) :              Destination="\Device\MICH_AZ0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6C3E7F03-645A-4A55-8BCC-898D105281C4}"
.\debug.cpp(400) :              Destination="\Device\{6C3E7F03-645A-4A55-8BCC-898D105281C4}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AVMCOWANCI#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) :              Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) :              Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) :              Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VMM"
.\debug.cpp(400) :              Destination="\Device\VMM"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A43&SUBSYS_FF501179&REV_07#3&11583659&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#16#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000a8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) :              Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VMwareKbdFilter"
.\debug.cpp(400) :              Destination="\Device\VMwareKbdFilter"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vmx86"
.\debug.cpp(400) :              Destination="\Device\vmx86"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&18c22a0d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vstor2-ws60"
.\debug.cpp(400) :              Destination="\Device\vstor2-ws60"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04f2&Pid_b064&MI_00#6&cba8ae0&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000c7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#19#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000ab"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#TOS6205#2&daba3ff&0#{5291cda8-acc2-4fcf-b566-8187e74c9d97}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :              Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :              Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
.\debug.cpp(400) :              Destination="\Device\SRTSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIDSCo"
.\debug.cpp(400) :              Destination="\Device\SymIDSCo"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SND_USER_DEVICE"
.\debug.cpp(400) :              Destination="\Device\SND_USER_DEVICE"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :              Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :              Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :              Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_1179FF52&REV_1000#4&14f5bf9f&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}"
.\debug.cpp(400) :              Destination="\Device\000000bf"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :              Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\tdudf"
.\debug.cpp(400) :              Destination="\TdUDF"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) :              Destination="\Device\SynTP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000006a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_FF501179&REV_03#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0014"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#7#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000a6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#3#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\000000a4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{246E2E13-9B32-421C-9A00-279CF4879D54}"
.\debug.cpp(400) :              Destination="\Device\{246E2E13-9B32-421C-9A00-279CF4879D54}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standard 33600 bps Modem"
.\debug.cpp(400) :              Destination="\Device\00000057"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
.\debug.cpp(400) :              Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM11"
.\debug.cpp(400) :              Destination="\Device\Winachsf0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_FF501179&REV_03#3&11583659&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmInfo"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1153) :  --------------------------------------------
.\boot_cleaner.cpp(1197) :    298 GB  \\.\PhysicalDrive0  OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;

cosinus 27.08.2010 12:30
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

mo9 27.08.2010 14:04
Vielen Dank nochmal.

Hier noch ein GMER Log (warum es nun lief - keine Ahnung):

Die Vollscan-Logs kommen, sobald die Scans beendet sind.
(Sieht so aus, als laufen die Stunden, richtig?)

Liebe Grüße


Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-27 14:40:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\Tom\LOKALE~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT  866E6D88                                                                                    ZwAlertResumeThread
SSDT  86469C80                                                                                    ZwAlertThread
SSDT  8A2930C0                                                                                    ZwAllocateVirtualMemory
SSDT  864D3960                                                                                    ZwAssignProcessToJobObject
SSDT  8A2893F0                                                                                    ZwConnectPort
SSDT  \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwCreateKey [0x9FEDF210]
SSDT  854BF9C0                                                                                    ZwCreateMutant
SSDT  864D37C0                                                                                    ZwCreateSymbolicLinkObject
SSDT  8A1B9E18                                                                                    ZwCreateThread
SSDT  86468EC0                                                                                    ZwDebugActiveProcess
SSDT  \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwDeleteKey [0x9FEDF490]
SSDT  \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwDeleteValueKey [0x9FEDF9F0]
SSDT  8A0C8100                                                                                    ZwDuplicateObject
SSDT  854C1308                                                                                    ZwFreeVirtualMemory
SSDT  854BFA90                                                                                    ZwImpersonateAnonymousToken
SSDT  866E6CC8                                                                                    ZwImpersonateThread
SSDT  8A107C30                                                                                    ZwLoadDriver
SSDT  855269F0                                                                                    ZwMapViewOfSection
SSDT  854BF900                                                                                    ZwOpenEvent
SSDT  89B843C0                                                                                    ZwOpenProcess
SSDT  8A2BE8C0                                                                                    ZwOpenProcessToken
SSDT  86462E88                                                                                    ZwOpenSection
SSDT  89B7C3E0                                                                                    ZwOpenThread
SSDT  864D3890                                                                                    ZwProtectVirtualMemory
SSDT  86469D40                                                                                    ZwResumeThread
SSDT  864D2BA8                                                                                    ZwSetContextThread
SSDT  86464CB8                                                                                    ZwSetInformationProcess
SSDT  86462E08                                                                                    ZwSetSystemInformation
SSDT  \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwSetValueKey [0x9FEDFC40]
SSDT  86462F48                                                                                    ZwSuspendProcess
SSDT  864D2A28                                                                                    ZwSuspendThread
SSDT  8A2BE980                                                                                    ZwTerminateProcess
SSDT  864D2AE8                                                                                    ZwTerminateThread
SSDT  86464D88                                                                                    ZwUnmapViewOfSection
SSDT  866E72C8                                                                                    ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!ZwCallbackReturn + 2FE8                                                        80504884 8 Bytes  JMP AB38D2B4

---- User code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\system32\SearchIndexer.exe[4056] kernel32.dll!WriteFile                          7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT    \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                    [BA338FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT    \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                    [BA338FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)

cosinus 27.08.2010 18:55
Mach bitte die Kontrollscans.

mo9 28.08.2010 06:05
Oh oh. Schau mal einer an.
Was tun die Biester?
Der 2 Scan läuft noch...

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4491

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28.08.2010 06:50:38
mbam-log-2010-08-28 (06-50-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 635752
Laufzeit: 6 Stunde(n), 42 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\xxx\Desktop\desktop\Nvu\nvu.exe (Trojan.Agent.CK) -> No action taken.
C:\Dokumente und Einstellungen\xxx\Desktop\1\ChangeLogo\ReplaceLogo.exe (Malware.Packer.Gen) -> No action taken.

mo9 28.08.2010 08:32
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/28/2010 at 08:28 AM

Application Version : 4.41.1000

Core Rules Database Version : 5412
Trace Rules Database Version: 3224

Scan type      : Complete Scan
Total Scan Time : 01:20:14

Memory items scanned      : 726
Memory threats detected  : 0
Registry items scanned    : 11118
Registry threats detected : 0
File items scanned        : 67038
File threats detected    : 5

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\xxx\Cookies\xxx@2o7[1].txt
        C:\Dokumente und Einstellungen\xxx\Cookies\xxx@tradedoubler[2].txt
        C:\Dokumente und Einstellungen\xxx\Cookies\xxx@doubleclick[2].txt
        C:\Dokumente und Einstellungen\xxx\Cookies\xxx@ad.yieldmanager[2].txt

Trojan.Agent/Gen-Nullo[Short]
        C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD13ED35-8D4C-4574-A9BC-A6C566E8EBEC}\RP1\A0000044.EXE

cosinus 28.08.2010 12:36
Zitat:
Infizierte Dateien:
C:\Dokumente und Einstellungen\xxx\Desktop\desktop\Nvu\nvu.exe (Trojan.Agent.CK) -> No action taken.
C:\Dokumente und Einstellungen\xxx\Desktop\1\ChangeLogo\ReplaceLogo.exe (Malware.Packer.Gen) -> No action taken
Das sind welche auf dem Desktop, Du solltest wissen was das ist!

mo9 01.09.2010 09:20
So, habe nun die Dinger entfernt, obwohl ich mich frage,
ob das evtl. false positives waren.

Ganz herzlichen Dank nochmal.

:daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:25 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131