Trojaner-Board
Seite 2 von 5 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC fährt nicht herunter,Programme hängen sich auf etc. (https://www.trojaner-board.de/91159-pc-faehrt-herunter-programme-haengen-etc.html)

cosinus 29.09.2010 14:04
Dann bitte jetzt CF ausführen :)

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ali321 29.09.2010 16:39
Code:
ComboFix 10-09-28.03 - Zandy 29.09.2010  16:27:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.3070.1963 [GMT 2:00]
ausgeführt von:: c:\users\Zandy\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
C:\start
c:\users\Zandy\AppData\Roaming\Aqdizi
c:\users\Zandy\AppData\Roaming\Aqdizi\ezoq.muu
c:\users\Zandy\AppData\Roaming\Desktopicon
c:\users\Zandy\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Zandy\AppData\Roaming\Desktopicon\uninst.exe

Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-28 bis 2010-09-29  ))))))))))))))))))))))))))))))
.

2010-09-29 14:39 . 2010-09-29 14:40    --------    d-----w-    c:\users\Zandy\AppData\Local\temp
2010-09-29 12:53 . 2010-09-29 12:53    --------    d-----w-    c:\program files\Logitech Touch Mouse Server
2010-09-28 19:42 . 2010-09-28 19:42    --------    d-----w-    C:\_OTL
2010-09-28 13:42 . 2010-09-28 13:48    --------    d-----w-    c:\users\Zandy\AppData\Roaming\FreeScreenToVideo
2010-09-28 13:42 . 2010-09-28 13:42    --------    d-----w-    c:\program files\Free Screen To Video
2010-09-27 11:59 . 2010-04-29 10:19    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 11:59 . 2010-09-27 11:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-09-27 11:59 . 2010-04-29 10:19    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-25 15:33 . 2010-09-25 15:33    --------    d-----w-    c:\program files\Orbitdownloader
2010-09-23 13:10 . 2010-09-25 11:59    --------    d-----w-    c:\program files\Duplicate Music Files Finder
2010-09-20 13:02 . 2010-09-20 13:02    --------    d-----w-    c:\program files\iPod
2010-09-20 13:02 . 2010-09-20 13:03    --------    d-----w-    c:\program files\iTunes
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Apple Software Update
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Bonjour
2010-09-18 16:25 . 2010-09-18 16:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\ProgSense
2010-09-17 21:27 . 2010-09-17 21:43    --------    d-----w-    c:\programdata\FLEXnet
2010-09-17 21:20 . 2010-09-17 21:20    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2010-09-17 19:25 . 2010-09-17 19:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Download Manager
2010-09-17 15:05 . 2010-09-17 15:05    --------    d-----w-    c:\users\Zandy\Deskto
2010-09-17 06:35 . 2010-09-16 15:20    28048    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED9EEC5D-C01E-4A04-8570-8884A14C9265}\mpasdlta.vdm
2010-09-17 06:35 . 2010-09-17 06:35    12300688    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED9EEC5D-C01E-4A04-8570-8884A14C9265}\mpasbase.vdm
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\programdata\Ableton
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Ableton
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Notepad++
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\program files\Notepad++
2010-09-02 18:42 . 2010-09-02 18:43    --------    d-----w-    c:\program files\QuickTime
2010-09-01 07:12 . 2010-09-01 07:12    73000    ----a-w-    c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 14:33 . 2006-11-02 15:33    656262    ----a-w-    c:\windows\system32\perfh007.dat
2010-09-29 14:33 . 2006-11-02 15:33    121228    ----a-w-    c:\windows\system32\perfc007.dat
2010-09-29 14:24 . 2010-02-16 15:35    12    ----a-w-    c:\windows\bthservsdp.dat
2010-09-29 14:18 . 2008-09-20 17:02    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Skype
2010-09-29 14:18 . 2008-09-20 17:07    --------    d-----w-    c:\users\Zandy\AppData\Roaming\skypePM
2010-09-29 13:11 . 2009-03-07 16:18    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Orbit
2010-09-28 13:57 . 2009-09-06 08:31    183112    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-09-25 15:16 . 2007-11-30 12:49    111616    ----a-w-    c:\users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 14:59 . 2009-09-26 21:56    --------    d-----w-    c:\program files\TeamViewer
2010-09-25 14:57 . 2008-12-14 11:29    --------    d-----w-    c:\program files\Common Files\DVDVideoSoft
2010-09-25 14:28 . 2008-01-02 16:42    8052    ----a-w-    c:\users\Zandy\AppData\Local\d3d9caps.dat
2010-09-25 11:52 . 2009-11-30 14:33    --------    d-----w-    c:\program files\trend micro
2010-09-24 21:14 . 2010-03-03 20:48    0    ----a-w-    c:\windows\system32\Access.dat
2010-09-24 15:05 . 2010-04-12 13:08    --------    d-----w-    c:\program files\JDownloader
2010-09-21 19:16 . 2010-04-15 15:45    --------    d-sh--r-    c:\users\Zandy\AppData\Roaming\dx10ac
2010-09-20 13:02 . 2009-01-30 21:42    --------    d-----w-    c:\program files\Common Files\Apple
2010-09-17 21:24 . 2007-05-23 12:24    --------    d-----w-    c:\program files\Common Files\Adobe
2010-09-17 21:06 . 2010-04-01 19:48    --------    d-----w-    c:\program files\Ask.com
2010-09-14 18:21 . 2010-07-08 15:04    --------    d-----w-    c:\users\Zandy\AppData\Roaming\PhotoScape
2010-09-14 14:41 . 2007-12-01 21:15    582544    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm
2010-09-13 15:08 . 2009-02-05 13:57    --------    d-----w-    c:\programdata\ArcSoft
2010-09-13 15:08 . 2007-05-23 11:06    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-13 15:07 . 2009-02-06 14:16    2564863    ----a-w-    c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-09-11 19:23 . 2007-11-30 14:50    --------    d-----w-    c:\users\Zandy\AppData\Roaming\dvdcss
2010-09-06 17:56 . 2008-02-17 09:00    --------    d-----w-    c:\users\Zandy\AppData\Roaming\StarOffice8
2010-09-04 12:19 . 2009-09-06 08:31    138184    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-08-30 20:19 . 2007-05-23 11:09    --------    d-----w-    c:\program files\Roxio
2010-08-28 16:20 . 2009-02-05 13:57    --------    d-----w-    c:\program files\ArcSoft
2010-08-28 16:19 . 2009-07-13 15:31    --------    d-----w-    c:\program files\ElcomSoft
2010-08-28 16:19 . 2008-09-20 17:01    --------    d-----r-    c:\program files\Skype
2010-08-28 16:17 . 2010-06-17 20:30    --------    d-----w-    c:\program files\thriXXX
2010-08-27 13:57 . 2007-05-23 11:09    --------    d-----w-    c:\programdata\Roxio
2010-08-24 18:44 . 2010-05-11 16:15    --------    d-sh--w-    c:\users\Zandy\AppData\Roaming\lowsec
2010-08-24 13:00 . 2007-12-01 21:15    12120464    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasbase.vdm
2010-08-05 21:05 . 2009-03-03 20:42    --------    d-----w-    c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44    91424    ----a-w-    c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44    107808    ----a-w-    c:\windows\system32\dns-sd.exe
2010-07-11 17:38 . 2010-04-24 20:00    57344    ----a-w-    c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 17:38 . 2010-07-11 17:38    56765    ----a-w-    c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    57715    ----a-w-    c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    54153    ----a-w-    c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 17:22 . 2010-04-24 20:03    895256    ----a-w-    c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 17:22 . 2010-04-24 20:03    1062184    ----a-w-    c:\programdata\DivX\Setup\Resource.dll
.

------- Sigcheck -------

[-] 2010-03-30 . 1171B07E27991296D379472B12174349 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23    1385864    ----a-w-    c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"spc1030"="c:\windows\vspc1030.exe" [2008-02-22 684032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom USB Wireless LAN Utility.lnk - c:\program files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [2009-1-19 3477504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"{68657190-7121-20E8-42E7-B6B473543351}"=c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe
"userinit"=c:\users\Zandy\AppData\Roaming\sdra64.exe
"Windows Update"=c:\users\Zandy\AppData\Roaming\netssh.exe
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=c:\users\Zandy\AppData\Roaming\netssh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=c:\windows\vVX1000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"spc1030"=c:\windows\vspc1030.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PlayMovie"="d:\bearbeitungsprogramme\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"d-x10c"=c:\users\Zandy\AppData\Roaming\dx10ac\d-xdiag10c.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-01 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};d:\bearbeitungsprogramme\PlayMovie\000.fcl [2008-05-16 61424]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2006-02-11 48768]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2006-02-11 50560]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2006-02-11 122752]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\DRIVERS\spc1030.sys [2008-06-11 3035776]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\DRIVERS\zd1211u.sys [2004-07-05 233472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-08-31 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-13 16:51]

2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {38C40A29-A3EC-4951-93B1-95FA03AA6BE0} = 192.168.178.1,192.168.178.2
TCP: {5B175FDC-3A19-4105-AE85-EF088487102C} = 192.168.182.1,192.168.182.2
TCP: {9CE15D25-E061-4EA7-A67B-2FBB0BF7B106} = 192.168.182.1,192.168.182.2
TCP: {D08FD11B-68BB-4DB9-B05C-0694FD0A3F17} = 192.168.182.1,192.168.182.2
FF - ProfilePath - c:\users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-BMIMZMHMFM - c:\users\Zandy\AppData\Local\Temp\Rcx.exe
MSConfigStartUp-LosAlamos - c:\windows\system32\sshnas21.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-29 16:39
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\d:\bearbeitungsprogramme\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2780370485-2775809281-2979314199-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,e8,20,01,50,99,dc,33,e0,d7,a3,74,96,6b,73,2f,63,e9,c8,ba,12,
  f3,94,9a,85,38,7f,1e,00,c7,e6,a2,97,c4,5b,8c,b4,73,e9,1d,2b,65,19,a6,f9,6a,\
"rkeysecu"=hex:9b,5a,b7,02,6e,ed,18,d4,57,55,ba,a0,1e,c9,49,72

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\System32\guard32.dll

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2010-09-29  16:45:18
ComboFix-quarantined-files.txt  2010-09-29 14:45

Vor Suchlauf: 14 Verzeichnis(se), 56.898.908.160 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 56.724.508.672 Bytes frei

- - End Of File - - FCFE09711B073FE17FA14EB365969841
:D gab kleine anlaufschwierigkeiten aber am ende liefs wunderbar ;)

cosinus 30.09.2010 12:51
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Filelook::
c:\windows\System32\shsvcs.dll
c:\windows\system32\drivers\netbt.sys

Dirlook::
c:\program files\thriXXX

File::
c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe
c:\users\Zandy\AppData\Roaming\sdra64.exe
c:\users\Zandy\AppData\Roaming\netssh.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"{68657190-7121-20E8-42E7-B6B473543351}"=-
"userinit"=-
"Windows Update"=-
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=-
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ali321 30.09.2010 23:00
Ich hoffe mal ich hab alles richtig gemacht ;)
Code:
ComboFix 10-09-30.01 - Zandy 30.09.2010  23:38:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.3070.2086 [GMT 2:00]
ausgeführt von:: d:\allgemein\PC säubern\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Zandy\Desktop\CFScript.txt.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe"
"c:\users\Zandy\AppData\Roaming\netssh.exe"
"c:\users\Zandy\AppData\Roaming\sdra64.exe"
.

(((((((((((((((((((((((  Dateien erstellt von 2010-08-28 bis 2010-09-30  ))))))))))))))))))))))))))))))
.

2010-09-30 21:46 . 2010-09-30 21:46    --------    d-----w-    c:\users\Zandy\AppData\Local\temp
2010-09-30 21:46 . 2010-09-30 21:46    --------    d-----w-    c:\users\Public\AppData\Local\temp
2010-09-29 12:53 . 2010-09-29 12:53    --------    d-----w-    c:\program files\Logitech Touch Mouse Server
2010-09-28 19:42 . 2010-09-28 19:42    --------    d-----w-    C:\_OTL
2010-09-28 13:42 . 2010-09-28 13:48    --------    d-----w-    c:\users\Zandy\AppData\Roaming\FreeScreenToVideo
2010-09-28 13:42 . 2010-09-28 13:42    --------    d-----w-    c:\program files\Free Screen To Video
2010-09-27 11:59 . 2010-04-29 10:19    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 11:59 . 2010-09-27 11:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-09-27 11:59 . 2010-04-29 10:19    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-25 15:33 . 2010-09-25 15:33    --------    d-----w-    c:\program files\Orbitdownloader
2010-09-23 13:10 . 2010-09-25 11:59    --------    d-----w-    c:\program files\Duplicate Music Files Finder
2010-09-20 13:02 . 2010-09-20 13:02    --------    d-----w-    c:\program files\iPod
2010-09-20 13:02 . 2010-09-20 13:03    --------    d-----w-    c:\program files\iTunes
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Apple Software Update
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Bonjour
2010-09-18 16:25 . 2010-09-18 16:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\ProgSense
2010-09-17 21:27 . 2010-09-17 21:43    --------    d-----w-    c:\programdata\FLEXnet
2010-09-17 21:20 . 2010-09-17 21:20    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2010-09-17 19:25 . 2010-09-17 19:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Download Manager
2010-09-17 15:05 . 2010-09-17 15:05    --------    d-----w-    c:\users\Zandy\Deskto
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\programdata\Ableton
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Ableton
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Notepad++
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\program files\Notepad++
2010-09-02 18:42 . 2010-09-02 18:43    --------    d-----w-    c:\program files\QuickTime
2010-09-01 07:12 . 2010-09-01 07:12    73000    ----a-w-    c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 21:33 . 2008-09-20 17:02    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Skype
2010-09-30 21:10 . 2006-11-02 15:33    656262    ----a-w-    c:\windows\system32\perfh007.dat
2010-09-30 21:10 . 2006-11-02 15:33    121228    ----a-w-    c:\windows\system32\perfc007.dat
2010-09-30 21:09 . 2008-09-20 17:07    --------    d-----w-    c:\users\Zandy\AppData\Roaming\skypePM
2010-09-30 21:03 . 2010-02-16 15:35    12    ----a-w-    c:\windows\bthservsdp.dat
2010-09-29 13:11 . 2009-03-07 16:18    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Orbit
2010-09-28 13:57 . 2009-09-06 08:31    183112    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-09-26 13:15 . 2006-11-02 10:25    86016    ----a-w-    c:\windows\Inf\infstor.dat
2010-09-26 13:15 . 2006-11-02 10:25    51200    ----a-w-    c:\windows\Inf\infpub.dat
2010-09-26 13:15 . 2006-11-02 10:25    143360    ----a-w-    c:\windows\Inf\infstrng.dat
2010-09-25 15:16 . 2007-11-30 12:49    111616    ----a-w-    c:\users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 14:59 . 2009-09-26 21:56    --------    d-----w-    c:\program files\TeamViewer
2010-09-25 14:57 . 2008-12-14 11:29    --------    d-----w-    c:\program files\Common Files\DVDVideoSoft
2010-09-25 14:28 . 2008-01-02 16:42    8052    ----a-w-    c:\users\Zandy\AppData\Local\d3d9caps.dat
2010-09-25 11:52 . 2009-11-30 14:33    --------    d-----w-    c:\program files\trend micro
2010-09-24 21:14 . 2010-03-03 20:48    0    ----a-w-    c:\windows\system32\Access.dat
2010-09-24 15:05 . 2010-04-12 13:08    --------    d-----w-    c:\program files\JDownloader
2010-09-21 19:16 . 2010-04-15 15:45    --------    d-sh--r-    c:\users\Zandy\AppData\Roaming\dx10ac
2010-09-20 13:02 . 2009-01-30 21:42    --------    d-----w-    c:\program files\Common Files\Apple
2010-09-17 21:24 . 2007-05-23 12:24    --------    d-----w-    c:\program files\Common Files\Adobe
2010-09-17 21:06 . 2010-04-01 19:48    --------    d-----w-    c:\program files\Ask.com
2010-09-14 18:21 . 2010-07-08 15:04    --------    d-----w-    c:\users\Zandy\AppData\Roaming\PhotoScape
2010-09-13 15:08 . 2009-02-05 13:57    --------    d-----w-    c:\programdata\ArcSoft
2010-09-13 15:08 . 2007-05-23 11:06    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-13 15:07 . 2009-02-06 14:16    2564863    ----a-w-    c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-09-11 19:23 . 2007-11-30 14:50    --------    d-----w-    c:\users\Zandy\AppData\Roaming\dvdcss
2010-09-06 17:56 . 2008-02-17 09:00    --------    d-----w-    c:\users\Zandy\AppData\Roaming\StarOffice8
2010-09-04 12:19 . 2009-09-06 08:31    138184    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-08-30 20:19 . 2007-05-23 11:09    --------    d-----w-    c:\program files\Roxio
2010-08-28 16:20 . 2009-02-05 13:57    --------    d-----w-    c:\program files\ArcSoft
2010-08-28 16:19 . 2009-07-13 15:31    --------    d-----w-    c:\program files\ElcomSoft
2010-08-28 16:19 . 2008-09-20 17:01    --------    d-----r-    c:\program files\Skype
2010-08-28 16:17 . 2010-06-17 20:30    --------    d-----w-    c:\program files\thriXXX
2010-08-27 13:57 . 2007-05-23 11:09    --------    d-----w-    c:\programdata\Roxio
2010-08-24 18:44 . 2010-05-11 16:15    --------    d-sh--w-    c:\users\Zandy\AppData\Roaming\lowsec
2010-08-05 21:05 . 2009-03-03 20:42    --------    d-----w-    c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44    91424    ----a-w-    c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44    107808    ----a-w-    c:\windows\system32\dns-sd.exe
2010-07-11 17:38 . 2010-04-24 20:00    57344    ----a-w-    c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 17:38 . 2010-07-11 17:38    56765    ----a-w-    c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    57715    ----a-w-    c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    54153    ----a-w-    c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 17:22 . 2010-04-24 20:03    895256    ----a-w-    c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 17:22 . 2010-04-24 20:03    1062184    ----a-w-    c:\programdata\DivX\Setup\Resource.dll
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\netbt.sys ---
Company: Microsoft Corporation
File Description: MBT Transport driver
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: netbt.sys
File size: 184320
Created time: 2006-11-02 08:57
Modified time: 2006-11-02 08:57
MD5: E3A168912E7EEFC3BD3B814720D68B41
SHA1: BD7F554CDB56ACF7EA70060A8FAF1D8B450A3223


--- c:\windows\System32\shsvcs.dll ---
Company: Microsoft Corporation
File Description: Windows-Shelldienste-DLL
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: SHSVCS.DLL.MUI
File size: 245248
Created time: 2006-11-02 08:46
Modified time: 2010-03-30 15:35
MD5: 1171B07E27991296D379472B12174349
SHA1: B98D961ED172581FDE7D26AAE6F0BCEF2F5FAD89

---- Directory of c:\program files\thriXXX ----

2010-06-17 20:28 . 2008-05-10 22:00    26624    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\fc3DSexVillaRun.DE.exe
2008-04-11 12:37 . 2008-04-11 12:37    1470    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\LibTheora License.txt
2007-10-09 13:15 . 2007-10-09 13:15    9326    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\app.ico
2007-09-03 05:55 . 2007-09-03 05:55    413696    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\OpenAL32.dll
2006-11-16 09:49 . 2006-11-16 09:49    2795    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\JasPer License.txt
2006-11-16 09:49 . 2006-11-16 09:49    3936    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\LibPNG License.txt
2006-11-16 09:49 . 2006-11-16 09:49    1475    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\OggVorbis Copying.txt
2006-11-16 09:49 . 2006-11-16 09:49    6406    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\OpenSSL License.txt
2006-11-16 09:49 . 2006-11-16 09:49    1116    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\zlib License.txt
2006-11-16 09:39 . 2006-11-16 09:39    53248    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\ogg.dll
2006-11-16 09:36 . 2006-11-16 09:36    1200128    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\vorbis.dll
2006-11-16 09:36 . 2006-11-16 09:36    77824    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\vorbisfile.dll
2006-07-11 17:35 . 2006-07-11 17:35    503808    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\msvcp71.dll
2006-07-11 17:35 . 2006-07-11 17:35    348160    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\msvcr71.dll


------- Sigcheck -------

[-] 2010-03-30 . 1171B07E27991296D379472B12174349 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23    1385864    ----a-w-    c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"spc1030"="c:\windows\vspc1030.exe" [2008-02-22 684032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom USB Wireless LAN Utility.lnk - c:\program files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [2009-1-19 3477504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"{68657190-7121-20E8-42E7-B6B473543351}"=c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe
"userinit"=c:\users\Zandy\AppData\Roaming\sdra64.exe
"Windows Update"=c:\users\Zandy\AppData\Roaming\netssh.exe
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=c:\users\Zandy\AppData\Roaming\netssh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=c:\windows\vVX1000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"spc1030"=c:\windows\vspc1030.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PlayMovie"="d:\bearbeitungsprogramme\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"d-x10c"=c:\users\Zandy\AppData\Roaming\dx10ac\d-xdiag10c.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-01 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};d:\bearbeitungsprogramme\PlayMovie\000.fcl [2008-05-16 61424]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2006-02-11 48768]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2006-02-11 50560]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2006-02-11 122752]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\DRIVERS\spc1030.sys [2008-06-11 3035776]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\DRIVERS\zd1211u.sys [2004-07-05 233472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-08-31 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-13 16:51]

2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {5B175FDC-3A19-4105-AE85-EF088487102C} = 192.168.182.1,192.168.182.2
TCP: {9CE15D25-E061-4EA7-A67B-2FBB0BF7B106} = 192.168.182.1,192.168.182.2
TCP: {D08FD11B-68BB-4DB9-B05C-0694FD0A3F17} = 192.168.182.1,192.168.182.2
FF - ProfilePath - c:\users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-30 23:46
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\d:\bearbeitungsprogramme\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2780370485-2775809281-2979314199-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,e8,20,01,50,99,dc,33,e0,d7,a3,74,96,6b,73,2f,63,e9,c8,ba,12,
  f3,94,9a,85,38,7f,1e,00,c7,e6,a2,97,c4,5b,8c,b4,73,e9,1d,2b,65,19,a6,f9,6a,\
"rkeysecu"=hex:9b,5a,b7,02,6e,ed,18,d4,57,55,ba,a0,1e,c9,49,72

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-30  23:50:04
ComboFix-quarantined-files.txt  2010-09-30 21:49
ComboFix2.txt  2010-09-29 14:45

Vor Suchlauf: 17 Verzeichnis(se), 64.094.289.920 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 63.968.358.400 Bytes frei

- - End Of File - - 50DFC7EFB31FAC0B6F4EB19F873C5B5C

cosinus 01.10.2010 08:23
Machs bitte nochmal aber mit diesem Script für CF:

Zitat:
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"{68657190-7121-20E8-42E7-B6B473543351}"=-
"userinit"=-
"Windows Update"=-
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=-

ali321 01.10.2010 14:10
:D bekomme ich mal ne zwischeninfo obs besser wird?
Code:
ComboFix 10-09-30.03 - Zandy 01.10.2010  14:31:50.3.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.3070.2008 [GMT 2:00]
ausgeführt von:: d:\allgemein\PC säubern\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Zandy\Desktop\CFScript.txt.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-09-01 bis 2010-10-01  ))))))))))))))))))))))))))))))
.

2010-10-01 12:39 . 2010-10-01 12:39    --------    d-----w-    c:\users\Zandy\AppData\Local\temp
2010-10-01 12:39 . 2010-10-01 12:39    --------    d-----w-    c:\users\Public\AppData\Local\temp
2010-10-01 12:10 . 2010-02-12 10:49    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2010-10-01 12:06 . 2010-02-20 23:54    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2010-10-01 12:06 . 2010-02-20 23:51    31232    ----a-w-    c:\windows\system32\httpapi.dll
2010-10-01 12:06 . 2010-02-20 21:30    396800    ----a-w-    c:\windows\system32\drivers\http.sys
2010-10-01 12:05 . 2010-01-23 08:05    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-09-29 12:53 . 2010-09-29 12:53    --------    d-----w-    c:\program files\Logitech Touch Mouse Server
2010-09-28 19:42 . 2010-09-28 19:42    --------    d-----w-    C:\_OTL
2010-09-28 13:42 . 2010-09-28 13:48    --------    d-----w-    c:\users\Zandy\AppData\Roaming\FreeScreenToVideo
2010-09-28 13:42 . 2010-09-28 13:42    --------    d-----w-    c:\program files\Free Screen To Video
2010-09-27 11:59 . 2010-04-29 10:19    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 11:59 . 2010-09-27 11:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-09-27 11:59 . 2010-04-29 10:19    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-25 15:33 . 2010-09-25 15:33    --------    d-----w-    c:\program files\Orbitdownloader
2010-09-23 13:10 . 2010-09-25 11:59    --------    d-----w-    c:\program files\Duplicate Music Files Finder
2010-09-20 13:02 . 2010-09-20 13:02    --------    d-----w-    c:\program files\iPod
2010-09-20 13:02 . 2010-09-20 13:03    --------    d-----w-    c:\program files\iTunes
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Apple Software Update
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Bonjour
2010-09-18 16:25 . 2010-09-18 16:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\ProgSense
2010-09-17 21:27 . 2010-09-17 21:43    --------    d-----w-    c:\programdata\FLEXnet
2010-09-17 21:20 . 2010-09-17 21:20    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2010-09-17 19:25 . 2010-09-17 19:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Download Manager
2010-09-17 15:05 . 2010-09-17 15:05    --------    d-----w-    c:\users\Zandy\Deskto
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\programdata\Ableton
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Ableton
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Notepad++
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\program files\Notepad++
2010-09-02 18:42 . 2010-09-02 18:43    --------    d-----w-    c:\program files\QuickTime

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 12:29 . 2006-11-02 15:33    656262    ----a-w-    c:\windows\system32\perfh007.dat
2010-10-01 12:29 . 2006-11-02 15:33    121228    ----a-w-    c:\windows\system32\perfc007.dat
2010-10-01 12:24 . 2008-09-20 17:02    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Skype
2010-10-01 12:21 . 2009-11-29 17:22    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-10-01 12:20 . 2010-02-16 15:35    12    ----a-w-    c:\windows\bthservsdp.dat
2010-10-01 11:55 . 2008-09-20 17:07    --------    d-----w-    c:\users\Zandy\AppData\Roaming\skypePM
2010-09-29 13:11 . 2009-03-07 16:18    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Orbit
2010-09-28 13:57 . 2009-09-06 08:31    183112    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-09-26 13:15 . 2006-11-02 10:25    86016    ----a-w-    c:\windows\Inf\infstor.dat
2010-09-26 13:15 . 2006-11-02 10:25    51200    ----a-w-    c:\windows\Inf\infpub.dat
2010-09-26 13:15 . 2006-11-02 10:25    143360    ----a-w-    c:\windows\Inf\infstrng.dat
2010-09-25 15:16 . 2007-11-30 12:49    111616    ----a-w-    c:\users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 14:59 . 2009-09-26 21:56    --------    d-----w-    c:\program files\TeamViewer
2010-09-25 14:57 . 2008-12-14 11:29    --------    d-----w-    c:\program files\Common Files\DVDVideoSoft
2010-09-25 14:28 . 2008-01-02 16:42    8052    ----a-w-    c:\users\Zandy\AppData\Local\d3d9caps.dat
2010-09-25 11:52 . 2009-11-30 14:33    --------    d-----w-    c:\program files\trend micro
2010-09-24 21:14 . 2010-03-03 20:48    0    ----a-w-    c:\windows\system32\Access.dat
2010-09-24 15:05 . 2010-04-12 13:08    --------    d-----w-    c:\program files\JDownloader
2010-09-21 19:16 . 2010-04-15 15:45    --------    d-sh--r-    c:\users\Zandy\AppData\Roaming\dx10ac
2010-09-20 13:02 . 2009-01-30 21:42    --------    d-----w-    c:\program files\Common Files\Apple
2010-09-17 21:24 . 2007-05-23 12:24    --------    d-----w-    c:\program files\Common Files\Adobe
2010-09-17 21:06 . 2010-04-01 19:48    --------    d-----w-    c:\program files\Ask.com
2010-09-14 18:21 . 2010-07-08 15:04    --------    d-----w-    c:\users\Zandy\AppData\Roaming\PhotoScape
2010-09-13 15:08 . 2009-02-05 13:57    --------    d-----w-    c:\programdata\ArcSoft
2010-09-13 15:08 . 2007-05-23 11:06    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-13 15:07 . 2009-02-06 14:16    2564863    ----a-w-    c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-09-11 19:23 . 2007-11-30 14:50    --------    d-----w-    c:\users\Zandy\AppData\Roaming\dvdcss
2010-09-06 17:56 . 2008-02-17 09:00    --------    d-----w-    c:\users\Zandy\AppData\Roaming\StarOffice8
2010-09-04 12:19 . 2009-09-06 08:31    138184    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-09-01 07:12 . 2010-09-01 07:12    73000    ----a-w-    c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-30 20:19 . 2007-05-23 11:09    --------    d-----w-    c:\program files\Roxio
2010-08-28 16:20 . 2009-02-05 13:57    --------    d-----w-    c:\program files\ArcSoft
2010-08-28 16:19 . 2009-07-13 15:31    --------    d-----w-    c:\program files\ElcomSoft
2010-08-28 16:19 . 2008-09-20 17:01    --------    d-----r-    c:\program files\Skype
2010-08-28 16:17 . 2010-06-17 20:30    --------    d-----w-    c:\program files\thriXXX
2010-08-27 13:57 . 2007-05-23 11:09    --------    d-----w-    c:\programdata\Roxio
2010-08-24 18:44 . 2010-05-11 16:15    --------    d-sh--w-    c:\users\Zandy\AppData\Roaming\lowsec
2010-08-05 21:05 . 2009-03-03 20:42    --------    d-----w-    c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44    91424    ----a-w-    c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44    107808    ----a-w-    c:\windows\system32\dns-sd.exe
2010-07-11 17:38 . 2010-04-24 20:00    57344    ----a-w-    c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 17:38 . 2010-07-11 17:38    56765    ----a-w-    c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    57715    ----a-w-    c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    54153    ----a-w-    c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 17:22 . 2010-04-24 20:03    895256    ----a-w-    c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 17:22 . 2010-04-24 20:03    1062184    ----a-w-    c:\programdata\DivX\Setup\Resource.dll
.

------- Sigcheck -------

[-] 2010-03-30 . 1171B07E27991296D379472B12174349 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23    1385864    ----a-w-    c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"spc1030"="c:\windows\vspc1030.exe" [2008-02-22 684032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom USB Wireless LAN Utility.lnk - c:\program files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [2009-1-19 3477504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=c:\windows\vVX1000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"spc1030"=c:\windows\vspc1030.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PlayMovie"="d:\bearbeitungsprogramme\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"d-x10c"=c:\users\Zandy\AppData\Roaming\dx10ac\d-xdiag10c.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-01 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};d:\bearbeitungsprogramme\PlayMovie\000.fcl [2008-05-16 61424]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2006-02-11 48768]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2006-02-11 50560]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2006-02-11 122752]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\DRIVERS\spc1030.sys [2008-06-11 3035776]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\DRIVERS\zd1211u.sys [2004-07-05 233472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-08-31 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-13 16:51]

2010-10-01 c:\windows\Tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {5B175FDC-3A19-4105-AE85-EF088487102C} = 192.168.182.1,192.168.182.2
TCP: {9CE15D25-E061-4EA7-A67B-2FBB0BF7B106} = 192.168.182.1,192.168.182.2
TCP: {D08FD11B-68BB-4DB9-B05C-0694FD0A3F17} = 192.168.182.1,192.168.182.2
FF - ProfilePath - c:\users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-01 14:39
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\d:\bearbeitungsprogramme\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2780370485-2775809281-2979314199-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,e8,20,01,50,99,dc,33,e0,d7,a3,74,96,6b,73,2f,63,e9,c8,ba,12,
  f3,94,9a,85,38,7f,1e,00,c7,e6,a2,97,c4,5b,8c,b4,73,e9,1d,2b,65,19,a6,f9,6a,\
"rkeysecu"=hex:9b,5a,b7,02,6e,ed,18,d4,57,55,ba,a0,1e,c9,49,72

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-10-01  14:43:08
ComboFix-quarantined-files.txt  2010-10-01 12:43
ComboFix2.txt  2010-09-30 21:50
ComboFix3.txt  2010-09-29 14:45

Vor Suchlauf: 17 Verzeichnis(se), 61.247.483.904 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 61.206.691.840 Bytes frei

- - End Of File - - 3E8205DD5EEF9639B18A2F97AAF5D987

cosinus 01.10.2010 14:45
So, es wird langsam besser.

Zitat:
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
Das Teil bitte deinstallieren. Es ist sinnfrei bis kontraproduktiv. Sag Bescheid wenn Du fertig bist. Nutz die Windows-Firewall statt einer sinnfreien PFW.

ali321 01.10.2010 19:35
OK ist runter
was jetzt? :D

cosinus 01.10.2010 20:14
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

ali321 02.10.2010 09:32
Ich hoffe ,dass ich alles richtig gemacht hab aber beim remover bin ich mir nich so sicher :D

Bootkit:
Code:
.\debug.cpp(238) : Debug log started at 02.10.2010 - 08:29:29
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition (build 6000), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x83000000 0x003a1000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x833a1000 0x00034000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x802c6000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x80266000 0x00060000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8025d000 0x00009000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x80255000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x8021a000 0x0003b000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x8051f000 0x000e1000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x804a4000 0x0007b000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8020d000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x80461000 0x00043000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x80204000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x80459000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x8044a000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x80425000 0x00025000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x80415000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8040e000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0x80400000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x807b6000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x807ae000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x80790000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x8075f000 0x00031000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8074f000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x80738000 0x00017000 "\SystemRoot\System32\Drivers\DRVMCDB.SYS"
.\debug.cpp(256) : 0x8072f000 0x00009000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
.\debug.cpp(256) : 0x8062b000 0x00104000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x80600000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x8b1c7000 0x00039000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8b0bf000 0x00108000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8b055000 0x0006a000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8b04d000 0x00008000 "\SystemRoot\system32\DRIVERS\wd.sys"
.\debug.cpp(256) : 0x8b017000 0x00036000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8b00f000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8b000000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x8b3f1000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8b3cc000 0x00025000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x8b3bb000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x8b39a000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8b392000 0x00008000 "\SystemRoot\system32\DRIVERS\AtiPcie.sys"
.\debug.cpp(256) : 0x8b389000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x8c034000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x91970000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x8c026000 0x0000e000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x91eff000 0x00701000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x91803000 0x0009d000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x8c019000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8c007000 0x00012000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8c0df000 0x0000c000 "\SystemRoot\system32\drivers\MicNgBas.sys"
.\debug.cpp(256) : 0x91bcc000 0x00034000 "\SystemRoot\system32\DRIVERS\yk60x86.sys"
.\debug.cpp(256) : 0x8c0fb000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x91b8f000 0x0003d000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x91b81000 0x0000e000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8c1bb000 0x00002000 "\SystemRoot\System32\Drivers\DLACDBHM.SYS"
.\debug.cpp(256) : 0x91b69000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x91910000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x8bd24000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys"
.\debug.cpp(256) : 0x91b0b000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0x91b00000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0x91ae6000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x91adc000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x91ac4000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0x91a99000 0x0002b000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x91a59000 0x00040000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x91a4e000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x91a37000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x91a2c000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x91a09000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8bdd8000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x91eec000 0x00013000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x91ed0000 0x0000f000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x91ec5000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x91eba000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8c1ad000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x91e90000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x91e86000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x91edf000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x92730000 0x0000d000 "\SystemRoot\system32\drivers\MicNgCap.sys"
.\debug.cpp(256) : 0x91e68000 0x0001e000 "\SystemRoot\system32\drivers\MicNgTun.sys"
.\debug.cpp(256) : 0x8c07e000 0x00003000 "\SystemRoot\system32\drivers\BdaSup.SYS"
.\debug.cpp(256) : 0x91e34000 0x00034000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x91e2a000 0x0000a000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0x8bcd4000 0x00010000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x926b1000 0x0003f000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x92684000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x91e05000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x92857000 0x001a9000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
.\debug.cpp(256) : 0x9198b000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x91902000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8c04a000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x91934000 0x00006000 "\SystemRoot\System32\Drivers\DLARTL_M.SYS"
.\debug.cpp(256) : 0x918a7000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x92668000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x92647000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8c16d000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8c175000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x9261c000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x9260e000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x919a6000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x92b2b000 0x000d5000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x9283e000 0x00019000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x92829000 0x00015000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x92815000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x92aa4000 0x00047000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x92a72000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x92a5c000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x92600000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x92802000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x92a21000 0x0003b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x92a17000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x92a00000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x9273d000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x8c03f000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x8c13d000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x8bde7000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x8bcb4000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x8c1a1000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x92ecb000 0x00039000 "\SystemRoot\system32\DRIVERS\zd1211u.sys"
.\debug.cpp(256) : 0x91994000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x9b400000 0x00200000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x92ec1000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x92e65000 0x00012000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0x92f4d000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x9c91a000 0x002e6000 "\SystemRoot\system32\DRIVERS\spc1030.sys"
.\debug.cpp(256) : 0x927a5000 0x0000d000 "\SystemRoot\system32\DRIVERS\STREAM.SYS"
.\debug.cpp(256) : 0x918a0000 0x00007000 "\SystemRoot\system32\DRIVERS\spc1030c.SYS"
.\debug.cpp(256) : 0x92f37000 0x00016000 "\SystemRoot\system32\DRIVERS\phaudlwr.sys"
.\debug.cpp(256) : 0x92f25000 0x00012000 "\SystemRoot\system32\drivers\usbaudio.sys"
.\debug.cpp(256) : 0x8c115000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x9bb4c000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x9d200000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x9d220000 0x0004c000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x9d210000 0x0000e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x9cee5000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x9ba76000 0x0000b000 "\SystemRoot\System32\Drivers\DRVNDDM.SYS"
.\debug.cpp(256) : 0x9b619000 0x00001000 "\SystemRoot\System32\DLA\DLADResM.SYS"
.\debug.cpp(256) : 0x9cecd000 0x00018000 "\SystemRoot\System32\DLA\DLAIFS_M.SYS"
.\debug.cpp(256) : 0x91b46000 0x00005000 "\SystemRoot\System32\DLA\DLAOPIOM.SYS"
.\debug.cpp(256) : 0x8c1bd000 0x00002000 "\SystemRoot\System32\DLA\DLAPoolM.SYS"
.\debug.cpp(256) : 0x918c3000 0x00007000 "\SystemRoot\System32\DLA\DLABMFSM.SYS"
.\debug.cpp(256) : 0x918ca000 0x00007000 "\SystemRoot\System32\DLA\DLABOIOM.SYS"
.\debug.cpp(256) : 0x9ce77000 0x00016000 "\SystemRoot\System32\DLA\DLAUDFAM.SYS"
.\debug.cpp(256) : 0x9ce60000 0x00017000 "\SystemRoot\System32\DLA\DLAUDF_M.SYS"
.\debug.cpp(256) : 0xa0b72000 0x0008e000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0x8bcf4000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0xa0b47000 0x0002b000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x9b663000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa068a000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0xa1797000 0x00069000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0xa0a45000 0x0001b000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xa177e000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0xa176a000 0x00014000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0xa171b000 0x0001e000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xa16e2000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0xa16d0000 0x00012000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0xa16ac000 0x00024000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xa165b000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x918f4000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
.\debug.cpp(256) : 0xa160a000 0x00011000 "\??\C:\Acer\Empowering Technology\eRecovery\int15.sys"
.\debug.cpp(256) : 0xa3322000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x9baad000 0x0000b000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xa3281000 0x00021000 "\??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl"
.\debug.cpp(256) : 0xa320c000 0x00015000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
.\debug.cpp(256) : 0xa3fee000 0x00012000 "\SystemRoot\system32\DRIVERS\WUDFPf.sys"
.\debug.cpp(256) : 0xa3e48000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0x9bace000 0x0000b000 "\SystemRoot\system32\drivers\tdtcp.sys"
.\debug.cpp(256) : 0x9b6bd000 0x0000c000 "\SystemRoot\System32\DRIVERS\tssecsrv.sys"
.\debug.cpp(256) : 0xa47d2000 0x0002e000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
.\debug.cpp(256) : 0xafb0a000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x9eed0000 0x00002000 "\SystemRoot\system32\drivers\MSPQM.sys"
.\debug.cpp(256) : 0x9beca000 0x0000e000 "\SystemRoot\System32\Drivers\usbaapl.sys"
.\debug.cpp(256) : 0x77040000 0x0011e000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureCFF86ED3Offset7E00Length270987600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col04#6&32c0fdeb&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000069"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9c0-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) :  Destination "\Device\UMDFCtrlDev-9118b9c0-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :  Destination "\Device\Ndis"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :  Destination "\Device\Video0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000003a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :  Destination "\Device\Video1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000003b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4386&SUBSYS_73261462&REV_00#3&18d45aa6&0&9D#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_SD_Reader&Rev_1.00#2004888&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\0000006e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9589&SUBSYS_E410174B&REV_00#4&251b81e2&0&0010#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :  Destination "\Device\Video2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureCFF86ED3Offset1E5D265E00Length1BDB64A400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col03#6&32c0fdeb&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000068"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) :  Destination "\Device\00000080"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :  Destination "\Device\Video3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9}"
.\debug.cpp(400) :  Destination "\Device\NDMP10"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000039"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{85C69119-7207-4748-A699-0E9CE24E48CE}"
.\debug.cpp(400) :  Destination "\Device\NDMP4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) :  Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9bc-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) :  Destination "\Device\UMDFCtrlDev-9118b9bc-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :  Destination "\Device\Video4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04D9&PID_1603#6&21f54182&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-10"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) :  Destination "\Device\RaidPort0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62}"
.\debug.cpp(400) :  Destination "\Device\NDMP7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) :  Destination "\Device\Tun0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000003"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) :  Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) :  Destination "\Device\VolMgrControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_00#7&9e9fb24&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000076"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) :  Destination "\Device\ParallelVdm0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&12e4806&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4364&SUBSYS_326C1462&REV_12#4&22548594&0&0030#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :  Destination "\Device\00000062"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&30aef2a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_CF_Reader&Rev_1.01#2004888&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice"
.\debug.cpp(400) :  Destination "\Device\SpDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :  Destination "\Device\WMIDataDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05E3&PID_0604#5&31a2d3ea&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) :  Destination "\Device\Serial0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4364&SUBSYS_326C1462&REV_12#4&22548594&0&0030#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d453-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) :  Destination "\Device\PEAuth"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :  Destination "\Device\NamedPipe"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C019#6&21f54182&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-12"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000044"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :  Destination "\Device\Mup"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) :  Destination "\Device\IPNAT"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_02#7&9e9fb24&0&0002#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000077"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) :  Destination "\Device\Psched"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1dc8c19c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :  Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomATAPI_DVD_A__DH16A1P____________________RA11____#5&33acd2ad&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP2T0L0-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) :  Destination "\Device\00000081"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) :  Destination "\Device\00000080"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col01#6&32c0fdeb&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000066"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :  Destination "\Device\USBFDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :  Destination "\Device\Tcp"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000003"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_1299#1b12e90f6c7cbabc40b4712bccbce334d5f7d50f#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-13"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomATAPI_DVD_A__DH16A1P____________________RA11____#5&33acd2ad&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP2T0L0-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_058F&PID_9360#2004888#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-9"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :  Destination "\Device\USBFDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000004"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_MS_Reader&Rev_1.03#2004888&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9589&SUBSYS_E410174B&REV_00#4&251b81e2&0&0010#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :  Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :  Destination "\DosDevices\LPT1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :  Destination "\Device\USBFDO-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\0000004b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) :  Destination "\Device\00000082"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) :  Destination "\Device\Harddisk1\DR1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :  Destination "\Device\00000041"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}"
.\debug.cpp(400) :  Destination "\Device\NDMP12"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :  Destination "\Device\FsWrap"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :  Destination "\Device\USBFDO-3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) :  Destination "\Device\Harddisk2\DR2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :  Destination "\Device\0000007f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) :  Destination "\Device\USBFDO-4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B45C5B79-FD9B-42BA-AD49-AA05C2EBEA71}"
.\debug.cpp(400) :  Destination "\Device\NDMP5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B13E7DBC-720A-4675-871F-5184F828F0AA}"
.\debug.cpp(400) :  Destination "\Device\NDMP3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000042"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7127f36d-652f-11dc-91fa-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\Floppy0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"
.\debug.cpp(400) :  Destination "\Device\Harddisk3\DR3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C019#7&4a3376c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000079"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col01#6&32c0fdeb&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000066"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_00#7&9e9fb24&0&0000#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"
.\debug.cpp(400) :  Destination "\Device\00000076"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000007"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) :  Destination "\Device\USBFDO-5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_438A&SUBSYS_73261462&REV_00#3&18d45aa6&0&9B#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5C07C928-4C63-4DC2-992D-4C11BE77AABC}"
.\debug.cpp(400) :  Destination "\Device\NDMP2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{73BF05A7-BDEA-4E1E-BA2A-6E3488B39C4C}"
.\debug.cpp(400) :  Destination "\Device\NDMP1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :  Destination "\GLOBAL??"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d341-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4"
.\debug.cpp(400) :  Destination "\Device\Harddisk4\DR4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) :  Destination "\clfs"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvnddm"
.\debug.cpp(400) :  Destination "\Device\drvnddm"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000062"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :  Destination "\Device\00000062"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\0000004e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) :  Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ngene#VEN_18C3&DEV_0720&SUBSYS_1167153B&REV_00&Tuner#5&118ec3d9&0&2#{71985f48-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) :  Destination "\Device\00000059"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000047"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_CF_Reader&Rev_1.01#2004888&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\0000006f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0DF6&PID_9071#5&1ff220ae&0&10#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :  Destination "\Device\00000062"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&7894f0a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&12645949&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1128df1b&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\PciIde1Channel1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\int15"
.\debug.cpp(400) :  Destination "\Device\int15"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ngene#VEN_18C3&DEV_0720&SUBSYS_1167153B&REV_00&Capture#5&118ec3d9&0&4#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) :  Destination "\Device\0000005a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_13EC&PID_0006#5&513c5b&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-8"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000004"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_00#8&995f03&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000007a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000003b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :  Destination "\Device\0000004e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}Test"
.\debug.cpp(400) :  Destination "\Device\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000045"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&27748934&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :  Destination "\Device\MountPointManager"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d456-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d454-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d33f-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_SM_Reader&Rev_1.02#2004888&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) :  Destination "\Device\00000083"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000039"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000038"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) :  Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) :  Destination "\Device\Nsi"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\K:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_01&Col01#8&29040ccc&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000007b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :  Destination "\Device\WANARP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036#6&21f54182&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-11"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{700fa1b0-a050-11dc-b3a7-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_MS_Reader&Rev_1.03#2004888&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000071"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) :  Destination "\Device\NXTIPSEC"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_00#7&9e9fb24&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000076"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F}"
.\debug.cpp(400) :  Destination "\Device\NDMP11"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000038"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureCFF86ED3Offset27098F400Length1BEC8D6A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) :  Destination "\Device\Floppy0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) :  Destination "\Device\WFP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :  Destination "\Device\NDMP8"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_02#7&9e9fb24&0&0002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000077"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) :  Destination "\Device\WANARPV6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000048"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col02#6&32c0fdeb&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000067"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9ba-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) :  Destination "\Device\UMDFCtrlDev-9118b9ba-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :  Destination "\Device\0000007e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2759c99a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) :  Destination "\Device\1394BUS0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&160ddd18&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\FloppyPDO0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_1299#1b12e90f6c7cbabc40b4712bccbce334d5f7d50f#{f0b32be3-6678-4879-9230-e43845d805ee}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-13"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C019#7&4a3376c&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000079"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#1#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) :  Destination "\Device\0000004f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A9E0DE49-0213-4FF4-8392-54FDA59E5FCE}"
.\debug.cpp(400) :  Destination "\Device\NDMP6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) :  Destination "\Device\00000083"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col05#6&32c0fdeb&0&0004#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000006a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : Device "\GLOBAL??\DLAIFS"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :  Destination "\Device\NdisWan"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0DF6&PID_9071#5&1ff220ae&0&10#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) :  Destination "\Device\Parallel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_438B&SUBSYS_73261462&REV_00#3&18d45aa6&0&9C#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4387&SUBSYS_73261462&REV_00#3&18d45aa6&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d340-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) :  Destination "\Device\00000082"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) :  Destination "\Device\MPS"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvmcdb"
.\debug.cpp(400) :  Destination "\Device\drvmcdb"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_SD_Reader&Rev_1.00#2004888&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_01&Col02#8&29040ccc&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000007c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) :  Destination "\Device\00000081"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#ACR0009#5&13a1b096&0&UID268435460#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) :  Destination "\Device\0000007d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#ACR0009#5&13a1b096&0&UID268435460#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) :  Destination "\Device\0000007d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8024&SUBSYS_326D1462&REV_00#4&35e69562&0&10A4#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4388&SUBSYS_73261462&REV_00#3&18d45aa6&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1128df1b&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\PciIde1Channel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&27748934&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :  Destination "\Device\VolMgrControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :  Destination "\Device\MailSlot"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000062"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :  Destination "\DosDevices\COM1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&1d62032d&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) :  Destination "\Device\Parallel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) :  Destination "\Device\NDMP9"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&160ddd18&0&0#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\FloppyPDO0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_SM_Reader&Rev_1.02#2004888&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000070"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col06#6&32c0fdeb&0&0005#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000006b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :  Destination ""
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :  Destination "\Device\Null"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9c4-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) :  Destination "\Device\UMDFCtrlDev-9118b9c4-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :  Destination "\Device\Ndisuio"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000003e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9c8-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) :  Destination "\Device\UMDFCtrlDev-9118b9c8-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) :  Destination "\Device\WfpAle"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000003d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AudioLowerFilter"
.\debug.cpp(400) :  Destination "\Device\AudioLowerFilter"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0DF6&PID_9071#5&1ff220ae&0&10#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4389&SUBSYS_73261462&REV_00#3&18d45aa6&0&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d455-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3250820AS_____________________________3.AAD___#5&26bb45c4&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP0T1L0-7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_00#8&995f03&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000007a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000003a"
.\debug.cpp(409) :  --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`7098f400
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 10db723421b4c67663b09f7c08e4d4c6
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1062) :  --------------------------------------------
.\boot_cleaner.cpp(1106) :    232 GB  \\.\PhysicalDrive0  Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;
OSAM:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:28:03 on 02.10.2010

OS: Windows Vista Home Premium Edition (Build 6000), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.10

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - ? - C:\Windows\System32\guard32.dll  (File not found)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job" - ? - C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Advanced SCSI Programming Interface Driver" (ASPI) - ? - C:\Windows\System32\DRIVERS\ASPI32.sys
"catchme" (catchme) - ? - C:\Users\Zandy\AppData\Local\Temp\catchme.sys  (File not found)
"Cinergy 2400i DT Base Driver" (MicNgBas) - "Micronas GmbH" - C:\Windows\System32\drivers\MicNgBas.sys
"Cinergy 2400i DT Capture Driver" (MicNgCap) - "Micronas GmbH" - C:\Windows\System32\drivers\MicNgCap.sys
"Cinergy 2400i DT Tuner Driver" (MicNgTun) - "Micronas GmbH" - C:\Windows\System32\drivers\MicNgTun.sys
"DLABMFSM" (DLABMFSM) - "Roxio" - C:\Windows\System32\DLA\DLABMFSM.SYS
"DLABOIOM" (DLABOIOM) - "Roxio" - C:\Windows\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Roxio" - C:\Windows\System32\Drivers\DLACDBHM.SYS
"DLADResM" (DLADResM) - "Roxio" - C:\Windows\System32\DLA\DLADResM.SYS
"DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\Windows\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\Windows\System32\DLA\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Roxio" - C:\Windows\System32\DLA\DLAPoolM.SYS
"DLARTL_M" (DLARTL_M) - "Roxio" - C:\Windows\System32\Drivers\DLARTL_M.SYS
"DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\Windows\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\Windows\System32\DLA\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\Windows\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Roxio" - C:\Windows\System32\Drivers\DRVNDDM.SYS
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120" (libusb0) - "hxxp://libusb-win32.sourceforge.net" - C:\Windows\System32\DRIVERS\libusb0.sys
"nvlddmkm" (nvlddmkm) - "NVIDIA Corporation" - C:\Windows\System32\DRIVERS\nvlddmkm.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - D:\Bearbeitungsprogramme\PlayMovie\000.fcl

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{41E300E0-78B6-11ce-849B-444553540000} "Display Effects CPL Extension" - "Microsoft Corporation" - C:\Windows\system32\themeui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? -  (File not found | COM-object registry key not found)
{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
{5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{32099AAC-C132-4136-9E9A-4E364A424E17}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{472734EA-242A-422B-ADF8-83D1E48CC825}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\Windows\Downloaded Program Files\gp.ocx / hxxp://www.adobe.com/products/acrobat/nos/gp.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_12.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\Windows\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\Director\swdir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech Touch Mouse Server.lnk" - "Logitech, Inc." - C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Sitecom USB Wireless LAN Utility.lnk" - "Sitecom Europe BV" - C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\shsvcs.dll,-12288" (ShellHWDetection) - "Microsoft Corporation" - C:\Windows\System32\shsvcs.dll
"@%SystemRoot%\System32\shsvcs.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\shsvcs.dll
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - ? - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS32.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
GMER (hat beim 1. Versuch geklappt aber bestimmt 2std. gebraucht ^^) :
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-02 00:35:55
Windows 6.0.6000
Running: 9bt4rf9k.exe; Driver: C:\Users\Zandy\AppData\Local\Temp\kxldypog.sys


---- Kernel code sections - GMER 1.0.15 ----

      D:\Bearbeitungsprogramme\PlayMovie\000.fcl                                                                          entry point in "" section [0xA96CC41C]
.clc  D:\Bearbeitungsprogramme\PlayMovie\000.fcl                                                                          unknown last code section [0xA96CD000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceExA                              774C92DD 7 Bytes  JMP 2806CE30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceA                                774C93BB 5 Bytes  JMP 2806CDA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceW                                774D33FE 5 Bytes  JMP 2806CCA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!SizeofResource                              774D341C 7 Bytes  JMP 2806CF70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!CreateEventA                                774F7B60 5 Bytes  JMP 2806C900 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!LockResource                                774FD5DF 5 Bytes  JMP 2806CFE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceExW                              774FD673 7 Bytes  JMP 2806CD20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!LoadResource                                774FD74B 7 Bytes  JMP 2806CEC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ADVAPI32.dll!CryptDeriveKey                              771ED229 7 Bytes  JMP 2806C410 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ADVAPI32.dll!CryptDecrypt                                771ED359 7 Bytes  JMP 2806C470 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!SetWindowPlacement                            776774E1 5 Bytes  JMP 28070480 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!TrackPopupMenuEx                              7767C76F 5 Bytes  JMP 2806F590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!LoadImageW                                    7767D3D5 5 Bytes  JMP 28070C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!SetWindowRgn                                  7767E016 7 Bytes  JMP 28070520 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!CreateWindowExW                                776885F8 5 Bytes  JMP 2806E4A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!LoadIconW                                      776886E0 5 Bytes  JMP 28070DE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!GetWindowLongW                                7769250E 7 Bytes  JMP 28070F10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!PeekMessageW                                  776925BC 5 Bytes  JMP 2806EF10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!MessageBoxIndirectW                            7769F1B3 5 Bytes  JMP 28070800 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!CreateDialogParamW                            776AA500 5 Bytes  JMP 280705D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!closesocket                                    777E3847 5 Bytes  JMP 280754A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!send                                          777E3A8A 5 Bytes  JMP 28075160 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!recv                                          777E4ABD 5 Bytes  JMP 28074E80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!WSASend                                        777E4EE9 5 Bytes  JMP 280752D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!WSARecv                                        777E72B5 5 Bytes  JMP 28074FB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] SHELL32.dll!Shell_NotifyIconW                            76753114 5 Bytes  JMP 2806DC10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ole32.dll!CoRegisterClassObject                          779139AC 5 Bytes  JMP 2806D340 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ole32.dll!CoInitializeEx                                  7794885D 5 Bytes  JMP 2806D240 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ole32.dll!CoCreateInstance                                7794DD8F 5 Bytes  JMP 2806D5C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!InternetCloseHandle                          77824261 5 Bytes  JMP 280741D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!HttpOpenRequestA                              7782AA7B 5 Bytes  JMP 28073F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!InternetReadFile                              778313D4 5 Bytes  JMP 28074090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!HttpSendRequestA                              77833558 5 Bytes  JMP 28074130 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [7496FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [7493B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [7492A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [7492CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                            [74928AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                    [7493CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [74927D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                            [74927CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [74926A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                      [749BC1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                        [74947F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [749290CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [74932179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                    [749321A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                              [74937F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [74937D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                [749683D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5028b1                                       
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5028b1@60d0a94da812                            0x4D 0xFD 0x50 0x35 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xF2 0x70 0x83 0xAE ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x3B 0x7F 0x72 0xB0 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xA4 0xCF 0xA6 0x66 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x6F 0xC0 0x42 0x77 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd5028b1 (not active ControlSet)                   
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd5028b1@60d0a94da812                                0x4D 0xFD 0x50 0x35 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xF2 0x70 0x83 0xAE ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x3B 0x7F 0x72 0xB0 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xA4 0xCF 0xA6 0x66 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x6F 0xC0 0x42 0x77 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                            0x70 0xB1 0xA5 0x07 ...

---- EOF - GMER 1.0.15 ----
aja und ich hatte msn noch auf als ich gescannt hab sorry...

cosinus 03.10.2010 12:51
Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

ali321 03.10.2010 13:35
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:           
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        (build 6000), 32-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Phoenix Technologies, LTD
System Manufacturer:        Acer
System Product Name:        Aspire M3610
Logical Drives Mask:        0x0001079d

Kernel Drivers (total 171):
  0x83000000 \SystemRoot\system32\ntkrnlpa.exe
  0x833A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8025D000 \SystemRoot\system32\PSHED.dll
  0x80255000 \SystemRoot\system32\BOOTVID.dll
  0x8021A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80461000 \SystemRoot\system32\drivers\acpi.sys
  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80425000 \SystemRoot\system32\drivers\pci.sys
  0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8040E000 \SystemRoot\system32\drivers\pciide.sys
  0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807AE000 \SystemRoot\system32\drivers\atapi.sys
  0x80790000 \SystemRoot\system32\drivers\ataport.SYS
  0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
  0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8062B000 \SystemRoot\system32\drivers\ndis.sys
  0x80600000 \SystemRoot\system32\drivers\msrpc.sys
  0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
  0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
  0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
  0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8C034000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x91970000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8C026000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91EFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x91803000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8C019000 \SystemRoot\System32\drivers\watchdog.sys
  0x8C007000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8C0DF000 \SystemRoot\system32\drivers\MicNgBas.sys
  0x91BCC000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x8C0FB000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x91B8F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x91B81000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C1BB000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0x91B69000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x91910000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8BD24000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x91B0B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x91B00000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x91AE6000 \SystemRoot\system32\DRIVERS\serial.sys
  0x91ADC000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x91AC4000 \SystemRoot\system32\DRIVERS\parport.sys
  0x91A99000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x91A59000 \SystemRoot\system32\DRIVERS\storport.sys
  0x91A4E000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x91A37000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x91A2C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x91A09000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BDD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x91EEC000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x91ED0000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x91EC5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x91EBA000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C1AD000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x91E90000 \SystemRoot\system32\DRIVERS\ks.sys
  0x91E86000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x91EDF000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x92730000 \SystemRoot\system32\drivers\MicNgCap.sys
  0x91E68000 \SystemRoot\system32\drivers\MicNgTun.sys
  0x8C07E000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x91E34000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x91E2A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8BCD4000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x926B1000 \SystemRoot\system32\drivers\HdAudio.sys
  0x92684000 \SystemRoot\system32\drivers\portcls.sys
  0x91E05000 \SystemRoot\system32\drivers\drmk.sys
  0x92857000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x9198B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x91902000 \SystemRoot\System32\Drivers\Null.SYS
  0x8C04A000 \SystemRoot\System32\Drivers\Beep.SYS
  0x91934000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0x918A7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x92668000 \SystemRoot\System32\drivers\vga.sys
  0x92647000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C16D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C175000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x9261C000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x9260E000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x919A6000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x92B2B000 \SystemRoot\System32\drivers\tcpip.sys
  0x9283E000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x92829000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x92815000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92AA4000 \SystemRoot\system32\drivers\afd.sys
  0x92A72000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92A5C000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92600000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92802000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92A21000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92A17000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92A00000 \SystemRoot\System32\Drivers\dfsc.sys
  0x9273D000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C03F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8C13D000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x8BDE7000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BCB4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8C1A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x92ECB000 \SystemRoot\system32\DRIVERS\zd1211u.sys
  0x91994000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x9B400000 \SystemRoot\System32\win32k.sys
  0x92EC1000 \SystemRoot\System32\drivers\Dxapi.sys
  0x92E65000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x92F4D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9C91A000 \SystemRoot\system32\DRIVERS\spc1030.sys
  0x927A5000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x918A0000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
  0x92F37000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
  0x92F25000 \SystemRoot\system32\drivers\usbaudio.sys
  0x8C115000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9BB4C000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9D200000 \SystemRoot\System32\TSDDD.dll
  0x9D220000 \SystemRoot\System32\ATMFD.DLL
  0x9D210000 \SystemRoot\System32\cdd.dll
  0x9CEE5000 \SystemRoot\system32\drivers\luafv.sys
  0x9BA76000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0x9B619000 \SystemRoot\System32\DLA\DLADResM.SYS
  0x9CECD000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0x91B46000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0x8C1BD000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0x918C3000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0x918CA000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0x9CE77000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0x9CE60000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0xA0B72000 \SystemRoot\system32\drivers\spsys.sys
  0x8BCF4000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA0B47000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9B663000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA068A000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA1797000 \SystemRoot\system32\drivers\HTTP.sys
  0xA0A45000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA177E000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA176A000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA171B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA16E2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA16D0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA16AC000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA165B000 \SystemRoot\System32\DRIVERS\srv.sys
  0x918F4000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA160A000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xA3322000 \SystemRoot\system32\drivers\peauth.sys
  0x9BAAD000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA3281000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
  0xA320C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA3FEE000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA3E48000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0x9BACE000 \SystemRoot\system32\drivers\tdtcp.sys
  0x9B6BD000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xA47D2000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xAFB0A000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x9EED0000 \SystemRoot\system32\drivers\MSPQM.sys
  0xC9640000 \SystemRoot\System32\Drivers\usbaapl.sys
  0x77040000 \Windows\System32\ntdll.dll

Processes (total 69):
      0 System Idle Process
      4 System
    420 C:\Windows\System32\smss.exe
    528 csrss.exe
    592 C:\Windows\System32\wininit.exe
    604 csrss.exe
    636 C:\Windows\System32\services.exe
    652 C:\Windows\System32\lsass.exe
    660 C:\Windows\System32\lsm.exe
    796 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\winlogon.exe
    920 C:\Windows\System32\svchost.exe
    956 C:\Windows\System32\svchost.exe
    1004 C:\Windows\System32\Ati2evxx.exe
    1024 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\audiodg.exe
    1296 C:\Windows\System32\svchost.exe
    1320 C:\Windows\System32\SLsvc.exe
    1356 C:\Windows\System32\svchost.exe
    1436 C:\Windows\System32\Ati2evxx.exe
    1576 C:\Windows\System32\svchost.exe
    1788 C:\Windows\System32\spoolsv.exe
    1816 C:\Windows\System32\svchost.exe
    608 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    1252 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1340 C:\Program Files\Bonjour\mDNSResponder.exe
    1544 C:\Windows\System32\svchost.exe
    1584 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    1060 C:\Windows\System32\PnkBstrA.exe
    2020 C:\Windows\System32\svchost.exe
    500 C:\Program Files\Google\Update\GoogleUpdate.exe
    412 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    2236 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2268 C:\Windows\System32\svchost.exe
    2316 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    2340 C:\Windows\System32\svchost.exe
    2368 C:\Windows\System32\SearchIndexer.exe
    2464 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    2736 WUDFHost.exe
    2928 C:\Windows\System32\taskeng.exe
    2948 C:\Windows\System32\alg.exe
    4072 C:\Windows\System32\taskeng.exe
    2356 C:\Windows\System32\dwm.exe
    860 C:\Windows\explorer.exe
    3284 C:\Windows\RtHDVCpl.exe
    3292 C:\Windows\vspc1030.exe
    3344 C:\Program Files\iTunes\iTunesHelper.exe
    3368 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    3376 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
    3556 C:\Program Files\iPod\bin\iPodService.exe
    1944 C:\Windows\ehome\ehsched.exe
    2136 C:\Windows\ehome\ehrecvr.exe
    2292 C:\Windows\System32\wuauclt.exe
    5484 C:\Windows\System32\conime.exe
    6032 C:\Program Files\QuickTime\QuickTimePlayer.exe
    1416 C:\Windows\System32\taskeng.exe
    5420 C:\Program Files\iTunes\iTunes.exe
    5148 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    4220 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    4824 C:\Windows\System32\mobsync.exe
    4336 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    3540 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    3132 C:\Program Files\DVDVideoSoft\Free Studio\Free YouTube to Mp3 Converter\FreeYouTubeToMP3Converter.exe
    4004 C:\Program Files\Java\jre6\bin\javaw.exe
    3408 C:\Windows\System32\SearchProtocolHost.exe
    5952 C:\Windows\System32\SearchFilterHost.exe
    3876 C:\Users\Zandy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00  (NTFS)
\\.\Q: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD 
PhysicalDrive5 Model Number: SeagateFreeAgent, Rev: 0138

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
    931 GB  \\.\PhysicalDrive5  MBR Code Faked!
            SHA1: 31ABC6F76EA6A7FD5B12BF4901243A3546141C86


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice:

Done!
Ok :D ich bin erstmal ne Woche im Urlaub aber wir schreiben in ner Woche ;)

cosinus 03.10.2010 13:39
Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 0
  • Please select the MBR code to write to this drive: 3 (für Vista)
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu auf.
Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten


Das gleiche machst Du für die andere Platte in Deinem Rechner also:
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 5
  • Please select the MBR code to write to this drive: 3 (für Vista)

ali321 09.10.2010 11:19
Okey ales gemacht :D
Beim Zweiten gabs Probleme ... naja siehs dir an :
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:           
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        (build 6000), 32-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Phoenix Technologies, LTD
System Manufacturer:        Acer
System Product Name:        Aspire M3610
Logical Drives Mask:        0x0000e7dd

Kernel Drivers (total 172):
  0x83000000 \SystemRoot\system32\ntkrnlpa.exe
  0x833A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8025D000 \SystemRoot\system32\PSHED.dll
  0x80255000 \SystemRoot\system32\BOOTVID.dll
  0x8021A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80461000 \SystemRoot\system32\drivers\acpi.sys
  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80425000 \SystemRoot\system32\drivers\pci.sys
  0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8040E000 \SystemRoot\system32\drivers\pciide.sys
  0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807AE000 \SystemRoot\system32\drivers\atapi.sys
  0x80790000 \SystemRoot\system32\drivers\ataport.SYS
  0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
  0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8062B000 \SystemRoot\system32\drivers\ndis.sys
  0x80600000 \SystemRoot\system32\drivers\msrpc.sys
  0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
  0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
  0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
  0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
  0x91620000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x91740000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x91612000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91AFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x91A62000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x91605000 \SystemRoot\System32\drivers\watchdog.sys
  0x91689000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x9167D000 \SystemRoot\system32\drivers\MicNgBas.sys
  0x91A2E000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x91673000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x925C3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x91A20000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C0C9000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0x91A08000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x916EB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8BDC0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x92505000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x924FA000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x924E0000 \SystemRoot\system32\DRIVERS\serial.sys
  0x924D6000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x924BE000 \SystemRoot\system32\DRIVERS\parport.sys
  0x92493000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x92453000 \SystemRoot\system32\DRIVERS\storport.sys
  0x92448000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x92431000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x92426000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x92403000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8C10A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x927ED000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8C119000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x927E2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x927CA000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C0C3000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x927A0000 \SystemRoot\system32\DRIVERS\ks.sys
  0x92796000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x927D5000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x926C6000 \SystemRoot\system32\drivers\MicNgCap.sys
  0x926A8000 \SystemRoot\system32\drivers\MicNgTun.sys
  0x91727000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x92674000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x9266A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8BD64000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x9262B000 \SystemRoot\system32\drivers\HdAudio.sys
  0x929D3000 \SystemRoot\system32\drivers\portcls.sys
  0x92606000 \SystemRoot\system32\drivers\drmk.sys
  0x9282A000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x91764000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x9166A000 \SystemRoot\System32\Drivers\Null.SYS
  0x916FC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x925B7000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0x91632000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x9281E000 \SystemRoot\System32\drivers\vga.sys
  0x92B9F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C037000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C047000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x92813000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x92805000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x91776000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x92AAA000 \SystemRoot\System32\drivers\tcpip.sys
  0x92A91000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x92A7C000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x92A68000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92A21000 \SystemRoot\system32\drivers\afd.sys
  0x92DCE000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92A0B000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92DC0000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92DAD000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92D72000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92A01000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92D5B000 \SystemRoot\System32\Drivers\dfsc.sys
  0x926D3000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x916F1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8C09F000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x917C7000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BCC4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8C0C7000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8BDE7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x9AFEE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x9AFB5000 \SystemRoot\system32\DRIVERS\zd1211u.sys
  0x9B800000 \SystemRoot\System32\win32k.sys
  0x92C01000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9AF4D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9C91A000 \SystemRoot\system32\DRIVERS\spc1030.sys
  0x926E0000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x91655000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
  0x9AF37000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
  0x9AF25000 \SystemRoot\system32\drivers\usbaudio.sys
  0x8C02F000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8C173000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9D800000 \SystemRoot\System32\TSDDD.dll
  0x9D820000 \SystemRoot\System32\ATMFD.DLL
  0x9D810000 \SystemRoot\System32\cdd.dll
  0x9C82F000 \SystemRoot\system32\drivers\luafv.sys
  0x92C56000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0x9C854000 \SystemRoot\System32\DLA\DLADResM.SYS
  0x9C817000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0x92545000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0x8C0D1000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0x9165C000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0x91663000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0x9F4BE000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0x9F4A7000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0xA0AF2000 \SystemRoot\system32\drivers\spsys.sys
  0x8BD44000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA1379000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9F2D7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA1366000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA1233000 \SystemRoot\system32\drivers\HTTP.sys
  0xA1218000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA15A7000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA1204000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA1589000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA1550000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA153E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA151A000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA1489000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9F355000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA8F56000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xA9522000 \SystemRoot\system32\drivers\peauth.sys
  0x92CB9000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA9003000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
  0xA9121000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA8EA2000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA9240000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0x92C61000 \SystemRoot\system32\drivers\tdtcp.sys
  0x9AE65000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xA928D000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xA913C000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA8E4F000 \SystemRoot\system32\drivers\MSPQM.sys
  0x9BAE6000 \SystemRoot\System32\Drivers\usbaapl.sys
  0xA90F9000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x77A40000 \Windows\System32\ntdll.dll

Processes (total 66):
      0 System Idle Process
      4 System
    464 C:\Windows\System32\smss.exe
    528 csrss.exe
    592 C:\Windows\System32\wininit.exe
    600 csrss.exe
    636 C:\Windows\System32\services.exe
    652 C:\Windows\System32\lsass.exe
    660 C:\Windows\System32\lsm.exe
    792 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\winlogon.exe
    916 C:\Windows\System32\svchost.exe
    956 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\Ati2evxx.exe
    1036 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\audiodg.exe
    1288 C:\Windows\System32\svchost.exe
    1332 C:\Windows\System32\SLsvc.exe
    1384 C:\Windows\System32\Ati2evxx.exe
    1404 C:\Windows\System32\svchost.exe
    1564 C:\Windows\System32\svchost.exe
    1740 C:\Windows\System32\spoolsv.exe
    1764 C:\Windows\System32\svchost.exe
    584 C:\Windows\System32\dwm.exe
    1256 C:\Windows\explorer.exe
    1860 C:\Windows\RtHDVCpl.exe
    1984 C:\Windows\vspc1030.exe
    2040 C:\Program Files\iTunes\iTunesHelper.exe
    2036 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    788 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
    1576 C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
    2824 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    2844 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2872 C:\Program Files\Bonjour\mDNSResponder.exe
    2892 C:\Windows\System32\svchost.exe
    3072 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    3168 C:\Windows\System32\PnkBstrA.exe
    3192 C:\Windows\System32\svchost.exe
    3208 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    3272 C:\Program Files\Google\Update\GoogleUpdate.exe
    3408 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    3440 C:\Windows\System32\svchost.exe
    3508 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    3536 C:\Windows\System32\svchost.exe
    3680 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    4084 WUDFHost.exe
    2624 C:\Program Files\iPod\bin\iPodService.exe
    1820 C:\Windows\System32\taskeng.exe
    1328 C:\Windows\System32\alg.exe
    2172 C:\Windows\System32\taskeng.exe
    5780 C:\Windows\ehome\ehsched.exe
    5832 C:\Windows\ehome\ehrecvr.exe
    4596 C:\Windows\System32\wuauclt.exe
    4120 C:\Program Files\iTunes\iTunes.exe
    6056 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    6140 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    6068 C:\Windows\System32\SearchIndexer.exe
    2732 C:\Windows\System32\taskeng.exe
    2424 C:\Windows\System32\SearchProtocolHost.exe
    5940 C:\Windows\System32\SearchFilterHost.exe
    2464 C:\Users\Zandy\Desktop\MBRCheck.exe
    2468 C:\Windows\System32\conime.exe
    2700 C:\Program Files\Mozilla Firefox\firefox.exe
    5528 C:\Program Files\Mozilla Firefox\plugin-container.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00  (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD 

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
 [ 0] Default (Windows Vista)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Code:
1ÀŽÐ¼ |ûPPü¾|¿PW¹åó¤Ë¿ 1À²€ÍsOtëóëþ½ˆ€~ ZtTø¸–³Írù  t+ø¸–³Írù tø¸–³Írù u$ø¸ÊÍ€út¾¾±8,|uÆ âô‰õéo éi ½¾f‹^`h  h  fSh  h |h h ´B²€‰æÍaasOt0ä²€ÍëÍè{ ½¾ÆF €ÆF ÆF  ÆF*‰¨t€N$*‰¨t€N4èr h  h |˽Îf‹^`h  h  fSh  h |h h ´B²€‰æÍaasOt0ä²€ÍëÍè ½¾€~'tºÆF'è% 뱿 1ÀŽÀ» ~¸µ ±¶ ²€Ís    Ot0äÍ
ëÞÿ 1ÀŽÀ» ~¸µ ±¶ ²€Ís    Ot0äÍ
ëÞà Acer.3  system                                      ÓnøÏ    'þÿÿ?  ;L8€þÿÿþÿÿzL8µFö
 þÿÿþÿÿ/“.R²í
                Uª
wie öffne ich denn ne BAK datei wenn nicht mit dem Editor? :D
ehm ja ^^ komische Zeichen aber :

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:           
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        (build 6000), 32-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Phoenix Technologies, LTD
System Manufacturer:        Acer
System Product Name:        Aspire M3610
Logical Drives Mask:        0x0000e7dd

Kernel Drivers (total 172):
  0x83000000 \SystemRoot\system32\ntkrnlpa.exe
  0x833A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8025D000 \SystemRoot\system32\PSHED.dll
  0x80255000 \SystemRoot\system32\BOOTVID.dll
  0x8021A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80461000 \SystemRoot\system32\drivers\acpi.sys
  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80425000 \SystemRoot\system32\drivers\pci.sys
  0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8040E000 \SystemRoot\system32\drivers\pciide.sys
  0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807AE000 \SystemRoot\system32\drivers\atapi.sys
  0x80790000 \SystemRoot\system32\drivers\ataport.SYS
  0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
  0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8062B000 \SystemRoot\system32\drivers\ndis.sys
  0x80600000 \SystemRoot\system32\drivers\msrpc.sys
  0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
  0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
  0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
  0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
  0x91905000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8C028000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x918F7000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91CFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x9185A000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x9184D000 \SystemRoot\System32\drivers\watchdog.sys
  0x91836000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x9182A000 \SystemRoot\system32\drivers\MicNgBas.sys
  0x91CCB000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x8C188000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x91C8E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x9181C000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C1A0000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0x91804000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8C000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8BD54000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x91C30000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x91C25000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x91C0B000 \SystemRoot\system32\DRIVERS\serial.sys
  0x91C01000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x92588000 \SystemRoot\system32\DRIVERS\parport.sys
  0x9255D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x9251D000 \SystemRoot\system32\DRIVERS\storport.sys
  0x91C83000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x92506000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x924FB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x924D8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BDD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x924C5000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x924A9000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x9249E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x92493000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C19E000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x92469000 \SystemRoot\system32\DRIVERS\ks.sys
  0x9245F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x924B8000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x92452000 \SystemRoot\system32\drivers\MicNgCap.sys
  0x92434000 \SystemRoot\system32\drivers\MicNgTun.sys
  0x919E4000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x92400000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x927F6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8BC74000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x927B7000 \SystemRoot\system32\drivers\HdAudio.sys
  0x9278A000 \SystemRoot\system32\drivers\portcls.sys
  0x92765000 \SystemRoot\system32\drivers\drmk.sys
  0x92857000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8C04C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x9194F000 \SystemRoot\System32\Drivers\Null.SYS
  0x91956000 \SystemRoot\System32\Drivers\Beep.SYS
  0x925EE000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0x91964000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x92709000 \SystemRoot\System32\drivers\vga.sys
  0x926E8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C140000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C148000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x926BD000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x926AF000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8C067000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x92B2B000 \SystemRoot\System32\drivers\tcpip.sys
  0x92696000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x92681000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x9266D000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92626000 \SystemRoot\system32\drivers\afd.sys
  0x92825000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92610000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92602000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92812000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92AF0000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92808000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92AD9000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8C01B000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C006000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8C110000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x9B600000 \SystemRoot\System32\win32k.sys
  0x92E9A000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9CBE4000 \SystemRoot\System32\Drivers\usbaapl.sys
  0x8C1AE000 \SystemRoot\System32\Drivers\USBD.SYS
  0x9C2F6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x8C082000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BCD4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x9E9EE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x9E9B5000 \SystemRoot\system32\DRIVERS\zd1211u.sys
  0x8C08B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x9E99E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9ED1A000 \SystemRoot\system32\DRIVERS\spc1030.sys
  0x92F64000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x91910000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
  0x9E988000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
  0x9E976000 \SystemRoot\system32\drivers\usbaudio.sys
  0x9CAB0000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9F800000 \SystemRoot\System32\TSDDD.dll
  0x9F820000 \SystemRoot\System32\ATMFD.DLL
  0x9F810000 \SystemRoot\System32\cdd.dll
  0x9ECBF000 \SystemRoot\system32\drivers\luafv.sys
  0x92E0C000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0x9B86F000 \SystemRoot\System32\DLA\DLADResM.SYS
  0xA0DE8000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0x91C5C000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0x9CA82000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0x9196B000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0x91972000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0x9E860000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0xA0DD1000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0xA2572000 \SystemRoot\system32\drivers\spsys.sys
  0x9E810000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA2488000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x92EEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA2475000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA2931000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA28C8000 \SystemRoot\system32\drivers\HTTP.sys
  0xA286D000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA2823000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA2421000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA2805000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA31C7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA31B5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA3191000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA3140000 \SystemRoot\System32\DRIVERS\srv.sys
  0x91948000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA33AF000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xA32D1000 \SystemRoot\system32\drivers\peauth.sys
  0x9EC93000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA46BF000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
  0xA46AA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA4698000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA50DA000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0x9EC0F000 \SystemRoot\system32\drivers\tdtcp.sys
  0x9B892000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xA506C000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0x9CA80000 \SystemRoot\system32\drivers\MSPQM.sys
  0xA4602000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x77EE0000 \Windows\System32\ntdll.dll

Processes (total 71):
      0 System Idle Process
      4 System
    472 C:\Windows\System32\smss.exe
    536 csrss.exe
    600 C:\Windows\System32\wininit.exe
    612 csrss.exe
    644 C:\Windows\System32\services.exe
    660 C:\Windows\System32\lsass.exe
    668 C:\Windows\System32\lsm.exe
    792 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\winlogon.exe
    920 C:\Windows\System32\svchost.exe
    952 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\Ati2evxx.exe
    1024 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\audiodg.exe
    1288 C:\Windows\System32\svchost.exe
    1320 C:\Windows\System32\SLsvc.exe
    1352 C:\Windows\System32\svchost.exe
    1512 C:\Windows\System32\Ati2evxx.exe
    1552 C:\Windows\System32\svchost.exe
    1776 C:\Windows\System32\spoolsv.exe
    1800 C:\Windows\System32\svchost.exe
    636 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    592 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1072 C:\Program Files\Bonjour\mDNSResponder.exe
    1252 C:\Windows\System32\svchost.exe
    124 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    756 C:\Windows\System32\PnkBstrA.exe
    2004 C:\Windows\System32\svchost.exe
    328 C:\Program Files\Google\Update\GoogleUpdate.exe
    2052 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    2260 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2292 C:\Windows\System32\svchost.exe
    2340 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    2380 C:\Windows\System32\svchost.exe
    2416 C:\Windows\System32\SearchIndexer.exe
    2532 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    2700 WmiPrvSE.exe
    2780 WUDFHost.exe
    3012 C:\Windows\System32\taskeng.exe
    3024 C:\Windows\System32\alg.exe
    3960 C:\Windows\ehome\ehsched.exe
    4028 C:\Windows\ehome\ehrecvr.exe
    3460 WmiPrvSE.exe
    3224 C:\Windows\System32\dwm.exe
    3444 C:\Windows\System32\taskeng.exe
    2172 C:\Windows\System32\taskeng.exe
    2112 C:\Windows\explorer.exe
    3876 C:\Windows\RtHDVCpl.exe
    3360 C:\Windows\vspc1030.exe
    3760 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    3344 C:\Program Files\iTunes\iTunesHelper.exe
    3908 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    3940 C:\Program Files\Skype\Phone\Skype.exe
    2992 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    3504 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
    3512 C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
    1216 C:\Program Files\iPod\bin\iPodService.exe
    2212 C:\Windows\System32\wuauclt.exe
    4304 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    4996 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    5020 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    5072 C:\Windows\System32\SearchProtocolHost.exe
    5084 C:\Windows\System32\SearchFilterHost.exe
    5300 C:\Program Files\Mozilla Firefox\firefox.exe
    5416 C:\Program Files\Mozilla Firefox\plugin-container.exe
    5848 C:\Users\Zandy\Desktop\MBRCheck.exe
    5864 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00  (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD 

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 5Available MBR codes:
 [ 0] Default (Windows Vista)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Out of memory!Could not read disk!


Done!

cosinus 09.10.2010 18:17
Das zweite mal ist für Deine ext. Platte! Die muss angeschlossen sein beim MBRfix! Bitte wiederholen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:43 Uhr.
Seite 2 von 5 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131