Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC fährt nicht herunter,Programme hängen sich auf etc. (https://www.trojaner-board.de/91159-pc-faehrt-herunter-programme-haengen-etc.html)

ali321 26.09.2010 15:42
PC fährt nicht herunter,Programme hängen sich auf etc.
 
Hallo liebe Forumgemeinde :D,
(Habe schon die SuFu genutzt und einiges gefunden aber bin irgendwie nicht weiter..)
Ich hab mal wieder schöne neue Probleme auf meinem PC ...
Er fährt nicht ordentlich runter und bleibt bei "abmelden" stehen .
Hab ihn 2std. lang stehen lassen ohne Erfolg :(
habe PC Tools AntiVirus 10mal drüberlaufenlassen .
Anfangs mit 145 Infektionen und (keine Rückmeldung) also neustart und das ganze nochmal und später im abgesicherten Modus hat es dann funktioniert .
Leider besten Probleme wie (keine Rückmeldung und das mein Orbit Grab++ nicht mehr funktioniert weiterhin)
Habe mein HJACK Logfile mal bei der Auswertung hochgeladen und nette Sachen wie :
Code:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
etc. gefunden

Einmal den ganzen Log :
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:12:13, on 26.09.2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vspc1030.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools Security\pctsTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Zandy\Downloads\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.105.171 gs.apple.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [spc1030] C:\Windows\vspc1030.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Sitecom USB Wireless LAN Utility.lnk = C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Free YouTube Download - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}: NameServer = 192.168.178.1,192.168.178.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B175FDC-3A19-4105-AE85-EF088487102C}: NameServer = 192.168.182.1,192.168.182.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE15D25-E061-4EA7-A67B-2FBB0BF7B106}: NameServer = 192.168.182.1,192.168.182.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D08FD11B-68BB-4DB9-B05C-0694FD0A3F17}: NameServer = 192.168.182.1,192.168.182.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}: NameServer = 192.168.178.1,192.168.178.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}: NameServer = 192.168.178.1,192.168.178.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:  C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: RichiStudios Shutdown (RSShutdown) - Unknown owner - D:\hackie\service.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Unknown owner - C:\Program Files\Tunngle\TnglCtrl.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 10628 bytes
Warscheinlich werde ich gleich hören : "System neu aufsetzen" aber da habe ich grade keine Zeit zu ...
Gibt es auch eine Möglichkeit wie defragmentieren und einige Programme deinstallieren und Dateien löschen?

Ich bedanke mich schon einmal für schnelle Antworten :D

cosinus 26.09.2010 18:50
Zitat:
habe PC Tools AntiVirus 10mal drüberlaufenlassen .
Anfangs mit 145 Infektionen und (keine Rückmeldung) also neustart und das ganze nochmal und später im abgesicherten Modus hat es dann funktioniert .
Poste bitte alle Logs mit den Funden!

ali321 26.09.2010 19:29
Ich habe die Logs leider nicht gespeichert ...
Oder ich weiß nicht wo sie gespeichert werden :(
Konntest du sonst etwas in meinem Hjack log entdecken?

cosinus 26.09.2010 19:30
Die Logs sollten im Hauptmenü des Virenscanners unter Protokolle/Logdateien/Berichte oder so zu finden sein.

ali321 26.09.2010 19:58
find ich nicht ..
ich hab nur history gefnden wo steht :
Code:
PC Tools PC Tools AntiVirus Free
 
Date
   
Status
28.07.2010 12:34:30:100   
Service Started
PC Tools AntiVirus Free Service Application started
28.07.2010 12:34:30:100   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
28.07.2010 12:34:54:457   
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
28.07.2010 12:37:17:506   
Service Started
PC Tools AntiVirus Free Service Application started
28.07.2010 12:37:17:506   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
28.07.2010 12:37:47:636   
IntelliGuards status
All IntelliGuards were Enabled
28.07.2010 12:38:21:606   
Immunizer Results
ActiveX section has been immunized, Processed 5161 items.
28.07.2010 12:40:35:599   
Scan Started
Scan Type - Full Scan
28.07.2010 12:40:37:317   
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - adfarm1.adition.com/ adfarm1.adition.com
28.07.2010 12:40:37:456   
Scan Finished
Scan Type - Full Scan
Items Processed - 2
Threats Detected - 1
Infections Detected - 1
28.07.2010 12:41:18:606   
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - adfarm1.adition.com/ adfarm1.adition.com
28.07.2010 12:41:20:886   
Infections Quarantined/Removed Summary
Quarantined - 0
Quarantine Failed - 0
Removed - 1
Remove Failed - 0
28.07.2010 12:41:34:756   
Scan Started
Scan Type - Custom Scan
28.07.2010 12:41:35:537   
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - adtech.de/ adtech.de
28.07.2010 12:41:35:603   
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com
28.07.2010 12:41:35:633   
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - atdmt.com/ atdmt.com
28.07.2010 12:41:35:756   
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - bs.serving-sys.com/ bs.serving-sys.com
28.07.2010 12:41:35:990   
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - doubleclick.net/ doubleclick.net
28.07.2010 12:41:36:55   
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
28.07.2010 12:41:36:102   
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - mediaplex.com/ mediaplex.com
28.07.2010 12:41:36:629   
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - serving-sys.com/ serving-sys.com
28.07.2010 12:41:36:730   
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - tradedoubler.com/ tradedoubler.com
28.07.2010 12:41:36:753   
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - weborama.fr/ weborama.fr
28.07.2010 12:45:04:596   
Service Started
PC Tools AntiVirus Free Service Application started
28.07.2010 12:45:04:596   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
28.07.2010 12:45:04:656   
IntelliGuards status
All IntelliGuards were Enabled
28.07.2010 12:45:05:943   
Immunizer Results
ActiveX section has been immunized. No items were processed.
28.07.2010 12:45:34:812   
Scan Started
Scan Type - Intelli-Scan
28.07.2010 12:45:35:682   
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - adtech.de/ adtech.de
28.07.2010 12:45:35:750   
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - apmebf.com/ apmebf.com
28.07.2010 12:45:35:778   
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - atdmt.com/ atdmt.com
28.07.2010 12:45:35:901   
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - bs.serving-sys.com/ bs.serving-sys.com
28.07.2010 12:45:36:137   
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - doubleclick.net/ doubleclick.net
28.07.2010 12:45:36:201   
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
28.07.2010 12:45:36:245   
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - mediaplex.com/ mediaplex.com
28.07.2010 12:45:36:798   
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - serving-sys.com/ serving-sys.com
24.09.2010 08:04:53:156   
Service Started
PC Tools AntiVirus Free Service Application started
24.09.2010 08:04:53:157   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
24.09.2010 08:04:54:698   
IntelliGuards status
All IntelliGuards were Enabled
24.09.2010 08:04:56:87   
Immunizer Results
ActiveX section has been immunized, Processed 3 items.
24.09.2010 08:09:26:518   
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
24.09.2010 16:42:02:45   
Service Started
PC Tools AntiVirus Free Service Application started
24.09.2010 16:42:02:45   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
24.09.2010 16:42:02:215   
IntelliGuards status
All IntelliGuards were Enabled
24.09.2010 16:42:18:199   
Immunizer Results
ActiveX section has been immunized. No items were processed.
24.09.2010 16:55:02:342   
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
24.09.2010 17:08:46:686   
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
25.09.2010 13:50:00:585   
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 13:50:00:585   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 13:51:51:522   
Scan Started
Scan Type - Full Scan
25.09.2010 13:51:52:918   
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - ad.yieldmanager.com/ ad.yieldmanager.com
25.09.2010 13:51:53:566   
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - content.yieldmanager.com/ content.yieldmanager.com
25.09.2010 13:51:53:711   
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
25.09.2010 13:51:54:644   
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - statcounter.com/ statcounter.com
25.09.2010 16:28:54:348   
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 16:28:54:348   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 16:29:03:802   
Scan Started
Scan Type - Full Scan
25.09.2010 17:11:15:668   
Scan Finished
Scan Type - Full Scan
Items Processed - 154237
Threats Detected - 0
Infections Detected - 0
25.09.2010 17:11:19:942   
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
25.09.2010 17:13:37:590   
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 17:13:37:590   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 17:13:37:720   
IntelliGuards status
All IntelliGuards were Enabled
25.09.2010 17:13:39:770   
Immunizer Results
ActiveX section has been immunized. No items were processed.
25.09.2010 17:22:46:531   
Scan Started
Scan Type - Full Scan
25.09.2010 17:24:03:750   
Smart Update
Smart Update has successfully installed new updates.
25.09.2010 17:24:05:726   
Immunizer Results
ActiveX section has been immunized. No items were processed.
25.09.2010 18:00:09:971   
Scheduled Scan Skipped
Scheduled task Intelli-Scan of this computer skipped - another scan is already running.
25.09.2010 18:58:04:974   
Scan Finished
Scan Type - Full Scan
Items Processed - 179581
Threats Detected - 0
Infections Detected - 0
25.09.2010 20:08:20:657   
Service Started
PC Tools AntiVirus Free Service Application started
25.09.2010 20:08:20:657   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
25.09.2010 20:08:23:164   
IntelliGuards status
All IntelliGuards were Enabled
25.09.2010 20:08:25:232   
Immunizer Results
ActiveX section has been immunized. No items were processed.
25.09.2010 20:13:10:632   
Scan Started
Scan Type - Full Scan
25.09.2010 20:13:11:596   
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
25.09.2010 20:25:24:11   
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
25.09.2010 21:12:06:382   
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - File
Risk Level - Medium
Infection - C:\Users\Zandy\AppData\Local\Temp\jar_cache7233419809165430069.tmp
25.09.2010 22:15:10:454   
Scan Finished
Scan Type - Full Scan
Items Processed - 363540
Threats Detected - 2
Infections Detected - 2
25.09.2010 23:17:00:632   
Infection quarantined
Threat Name - Trojan.Generic
Type - File
Risk Level - Medium
Infection - C:\Users\Zandy\AppData\Local\Temp\jar_cache7233419809165430069.tmp
25.09.2010 23:17:00:672   
Infection cleaned
Threat Name - Trojan.Generic
Type - File
Risk Level - Medium
Infection - C:\Users\Zandy\AppData\Local\Temp\jar_cache7233419809165430069.tmp
25.09.2010 23:17:00:769   
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ivwbox.de/ ivwbox.de
25.09.2010 23:17:03:419   
Infections Quarantined/Removed Summary
Quarantined - 1
Quarantine Failed - 0
Removed - 2
Remove Failed - 0
26.09.2010 00:20:14:613   
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
26.09.2010 16:00:15:858   
Service Started
PC Tools AntiVirus Free Service Application started
26.09.2010 16:00:15:858   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26.09.2010 16:00:15:994   
IntelliGuards status
All IntelliGuards were Enabled
26.09.2010 16:00:20:716   
Immunizer Results
ActiveX section has been immunized. No items were processed.
26.09.2010 16:18:10:727   
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
26.09.2010 16:42:40:324   
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
26.09.2010 18:06:53:7   
Service Started
PC Tools AntiVirus Free Service Application started
26.09.2010 18:06:53:7   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26.09.2010 18:06:53:261   
IntelliGuards status
All IntelliGuards were Enabled
26.09.2010 18:07:11:49   
Immunizer Results
ActiveX section has been immunized. No items were processed.
26.09.2010 18:25:25:891   
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
26.09.2010 19:26:11:759   
Service Stopped
PC Tools AntiVirus Free Service Application Stopped
26.09.2010 20:25:17:525   
Service Started
PC Tools AntiVirus Free Service Application started
26.09.2010 20:25:17:525   
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
26.09.2010 20:25:17:805   
IntelliGuards status
All IntelliGuards were Enabled
26.09.2010 20:25:31:590   
Immunizer Results
ActiveX section has been immunized. No items were processed.
26.09.2010 20:37:30:978   
Smart Update
Smart Update has determined that PC Tools AntiVirus Free is up to date
aber das ist ja lange nicht alles und auch nicht der richtige logfile ....

cosinus 27.09.2010 10:16
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

ali321 27.09.2010 15:21
Ok habe alles so gemacht wie beschrieben :D

OTL files :
Code:
OTL logfile created on: 27.09.2010 14:07:34 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Users\Zandy\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,70 Gb Total Space | 53,15 Gb Free Space | 47,58% Space Free | Partition Type: NTFS
Drive D: | 111,43 Gb Total Space | 48,65 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 931,51 Gb Total Space | 669,33 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
 
Computer Name: MEINPC
Current User Name: Zandy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\mcupdate.exe (Microsoft Corporation)
PRC - C:\Windows\vspc1030.exe (Sonix)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe (Sitecom Europe BV)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll (COMODO)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe File not found
SRV - (RSShutdown) -- D:\hackie\service.exe File not found
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe File not found
SRV - (ACPService) --  File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\System32\drivers\spc1030.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- D:\Bearbeitungsprogramme\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (phaudlwr) -- C:\Windows\System32\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (MicNgTun) -- C:\Windows\System32\drivers\MicNgTun.sys (Micronas GmbH)
DRV - (MicNgCap) -- C:\Windows\System32\drivers\MicNgCap.sys (Micronas GmbH)
DRV - (MicNgBas) -- C:\Windows\System32\drivers\MicNgBas.sys (Micronas GmbH)
DRV - (ZD1211U(Sitecom)) Sitecom Wireless Network USB Adapter Driver(Sitecom) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.18 18:25:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.18 18:25:19 | 000,000,000 | ---D | M]
 
[2009.03.05 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Extensions
[2010.09.27 14:06:33 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions
[2010.09.25 17:01:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.24 22:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}
[2010.02.24 15:52:21 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.02.24 15:52:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.09.23 19:33:53 | 000,002,171 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\bing.xml
[2010.04.27 09:50:20 | 000,000,931 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\conduit.xml
[2010.01.01 20:55:34 | 000,002,055 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\daemon-search.xml
[2010.09.22 19:32:04 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-1.xml
[2009.08.13 08:55:58 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-2.xml
[2009.09.13 15:28:00 | 000,000,961 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-3.xml
[2009.06.22 08:30:30 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin.xml
[2010.09.18 18:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.03.11 15:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010.09.18 18:25:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.18 18:25:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.18 18:25:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.18 18:25:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.18 18:25:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.18 14:37:22 | 000,000,818 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 74.208.105.171 gs.apple.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [spc1030] C:\Windows\vspc1030.exe (Sonix)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.25 14:43:30 | 000,000,067 | ---- | M] () - Q:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.27 14:03:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe
[2010.09.27 13:59:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.27 13:59:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.27 13:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.25 17:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2010.09.23 15:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate Music Files Finder
[2010.09.20 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.09.20 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.09.20 15:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.09.20 15:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.09.19 22:25:17 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\iPod Photo Cache
[2010.09.19 22:07:37 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\Ipod Bilder
[2010.09.18 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\ProgSense
[2010.09.17 23:27:55 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Adobe
[2010.09.17 23:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.09.17 23:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.09.17 23:04:17 | 000,000,000 | -HSD | C] -- C:\Users\Zandy\.COMMgr
[2010.09.17 22:55:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.09.17 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\0088A80374DFA29FD31A2D1FEF24C182
[2010.09.17 21:25:01 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Download Manager
[2010.09.17 17:05:30 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Deskto
[2010.09.16 14:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2010.09.16 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Ableton
[2010.09.16 14:58:33 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Ableton
[2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Notepad++
[2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010.09.02 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009.02.05 15:53:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1030.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.27 14:12:15 | 004,980,736 | ---- | M] () -- C:\Users\Zandy\NTUSER.DAT
[2010.09.27 14:10:24 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
[2010.09.27 14:03:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe
[2010.09.27 14:01:06 | 001,491,156 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.27 14:01:06 | 000,656,262 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.27 14:01:06 | 000,614,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.27 14:01:06 | 000,121,228 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.27 14:01:06 | 000,108,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.27 13:56:49 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.27 13:55:45 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 13:55:45 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 13:55:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.27 13:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.27 13:55:15 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.26 21:40:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.26 21:40:41 | 002,976,619 | -H-- | M] () -- C:\Users\Zandy\AppData\Local\IconCache.db
[2010.09.26 21:20:44 | 001,579,830 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg
[2010.09.26 21:05:38 | 003,052,111 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG
[2010.09.26 20:43:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.26 14:51:19 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.09.25 17:16:51 | 000,111,616 | ---- | M] () -- C:\Users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.25 17:12:57 | 003,765,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.25 16:28:25 | 000,008,052 | ---- | M] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat
[2010.09.25 13:58:54 | 000,004,368 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg
[2010.09.25 12:52:00 | 000,168,448 | ---- | M] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 23:41:27 | 001,987,907 | ---- | M] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf
[2010.09.24 23:14:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2010.09.20 14:28:21 | 000,009,694 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg
[2010.09.18 18:42:14 | 000,032,738 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg
[2010.09.18 14:37:22 | 000,000,818 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.09.04 14:19:46 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.31 13:52:19 | 000,001,064 | -H-- | M] () -- C:\Windows\tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.26 21:20:34 | 001,579,830 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg
[2010.09.25 17:12:11 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.25 13:58:53 | 000,004,368 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg
[2010.09.24 23:41:27 | 001,987,907 | ---- | C] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf
[2010.09.21 21:45:58 | 003,052,111 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG
[2010.09.20 14:28:18 | 000,009,694 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg
[2010.09.18 18:42:10 | 000,032,738 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg
[2010.05.17 17:49:38 | 000,079,360 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePowerS.dll
[2010.05.17 17:49:05 | 000,180,736 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeOptix_ScreenCapS.dll
[2010.05.17 17:48:40 | 000,086,528 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeGetSteamS.dll
[2010.05.17 17:48:25 | 000,108,544 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePwS.dll
[2010.04.20 19:54:11 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.04.20 18:32:02 | 000,000,005 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt
[2010.04.15 17:45:31 | 000,000,614 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\nt.bat
[2010.03.30 21:20:22 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2010.02.25 20:48:43 | 000,157,184 | -HS- | C] () -- C:\Windows\System32\SCS.dll
[2010.01.01 19:53:27 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.09.06 10:31:45 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.03.10 23:58:11 | 000,000,168 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\AVSMediaPlayer.m3u
[2009.03.03 20:47:33 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.03.03 20:47:33 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.02.05 15:53:01 | 003,035,776 | ---- | C] () -- C:\Windows\System32\drivers\spc1030.sys
[2009.02.05 15:53:01 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll
[2009.02.05 15:53:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1030c.sys
[2009.02.05 15:53:01 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini
[2009.01.19 20:45:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2008.12.09 11:32:06 | 000,028,754 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\UserTile.png
[2008.09.20 19:07:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.06.15 19:28:39 | 000,000,628 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\wklnhst.dat
[2008.01.02 18:42:57 | 000,008,052 | ---- | C] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat
[2007.12.11 12:39:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.12.11 11:54:47 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.12.04 22:42:17 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.12.01 08:21:20 | 000,168,448 | ---- | C] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.30 16:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Zandy\AppData\Local\rx_image.Cache
[2007.06.27 03:50:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.05.23 21:39:26 | 000,000,689 | ---- | C] () -- C:\Windows\generic.ini
[2007.05.23 21:39:26 | 000,000,109 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.05.23 13:12:14 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007.05.23 13:12:12 | 000,000,163 | ---- | C] () -- C:\Windows\wininit.ini
[2007.05.23 13:07:36 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.05.19 00:23:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:F5454D0BF17D7B8D
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:7E95B6FD
< End of report >
Extras :
Code:
OTL Extras logfile created on: 27.09.2010 14:07:34 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Users\Zandy\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,70 Gb Total Space | 53,15 Gb Free Space | 47,58% Space Free | Partition Type: NTFS
Drive D: | 111,43 Gb Total Space | 48,65 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 931,51 Gb Total Space | 669,33 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
 
Computer Name: MEINPC
Current User Name: Zandy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Zandy\Desktop\Allgemein\BitTorrent\bittorrent.exe" = C:\Users\Zandy\Desktop\Allgemein\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"D:\AirRivals_DE\Launcher.atm" = D:\AirRivals_DE\Launcher.atm:Enabled:GameExe2 -- File not found
"D:\AirRivals_DE\Res-Voip\SCVoIP.exe" = D:\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B3A891-60F5-4DCB-B5C4-40859E111C32}" = rport=138 | protocol=17 | dir=out | app=system |
"{0104B14D-5906-4415-822B-EAB1893BEF44}" = lport=138 | protocol=17 | dir=in | app=system |
"{019FF6CB-E9E9-456C-B7D7-4D426BAAA06A}" = lport=5050 | protocol=6 | dir=in | name=5050 |
"{094908A9-4C64-493F-ACC4-4D821C3F2154}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2D9869FE-DAFA-441E-9AED-6A9558BF9344}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{31B860DA-73B5-4EDD-AD7E-9A4C28E974E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{353D86E6-EEBF-4363-A987-1AA4A108596D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{35C20EC4-DCD9-45B8-9363-3916C4BE4116}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4B348D8C-F25F-4DF0-9CA9-0D0E5089FEEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{59637524-E8C3-40A3-87CF-F64570690B26}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5BBE7987-32AC-4EF6-A0E0-CAB6579D46DB}" = rport=139 | protocol=6 | dir=out | app=system |
"{67CD75F9-2271-4C03-8B32-CFA5D21E96A3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C0027A4-EF84-46A4-92CA-0731201BD356}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6EC81507-C5BE-46EA-8AE5-42D0E4FD68C0}" = lport=13146 | protocol=6 | dir=in | name=azereus |
"{793B1A50-4816-4EC0-973D-3B8EFF5A78A6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7B4975F7-FB3F-4111-98EB-179FDD4E5AEF}" = rport=445 | protocol=6 | dir=out | app=system |
"{82A4166F-E314-40DD-A545-5B432F5413A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B7431A9-2BE0-4F39-8414-F30DA3DE39E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8DE40A60-D798-48F4-A153-3793A15FD50E}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8BD2364-3BB7-4E1F-8ACF-F636176028B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD75BEC7-A89D-4A9A-88C0-8A56D6CB0391}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0510FFD-31BD-4013-BA10-CCBF664E19F1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C4F8ABEA-7C0E-49F4-BA72-A7DC38BE971B}" = lport=139 | protocol=6 | dir=in | app=system |
"{D26B66A3-C331-4A18-8E2D-0E116B316EE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC359436-E112-4B1F-82F2-1F5EFA050736}" = lport=445 | protocol=6 | dir=in | app=system |
"{FC402580-9923-48BF-8384-E3ADCCDE65C3}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0037F6F1-2ED5-4758-A051-17534ADA50A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08BA8DA1-E50E-4338-BD57-6D004206509A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C09A92E-317A-49B4-ABE4-ACEB3D7CCEA2}" = dir=in | app=d:\bearbeitungsprogramme\playmovie\pmvservice.exe |
"{1E7B9E66-F410-4A0E-A2B3-C0C2EEC12345}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{246B7977-686F-4DA2-8196-22FF931E54FE}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{302621DD-9CB1-46D1-91A7-80B2DC5DCA8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{35519704-ADE4-48A5-85FD-7F294D47CD16}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{3D7BBBCB-C18E-4510-8083-6930FCD3C597}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3E3A4BD3-F48E-4EBB-9F11-AB947392FB2F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{416E957D-5107-4071-96D8-0BB207AFE0C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{454AD2B8-0EF2-4CA3-83CC-29132654F184}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{4B049494-498E-4177-B2A3-4000FBFA9021}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{53FAECCC-E85D-46B8-B54E-7DF1BC185EA0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{5412D00E-8A16-4123-88ED-CD6AA22D3F15}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5718ACAF-9DBA-4EE8-B019-33F145E49700}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{611110B8-EE89-4A21-8A2D-5053A5DC207F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{6EEC8F4A-FFFC-4C9E-98E6-FA1E30CC374C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{72E8576F-4E3B-4E2D-8211-E11912D746AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{826B0EDB-35C3-4342-B5E2-6481D15DA55E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{8DF272AA-F8A8-498B-8475-7BFEC2291493}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{94525E22-426E-4773-B5FF-9CFC91DFB5B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9DBE8352-2E24-4D17-873F-54B046C4A649}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{A3B4D216-2253-4C53-A46C-4749CDB21994}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AF4CA328-D47A-4200-8B2A-37ACFCF2FAD5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B3DCFAE8-4C34-4A69-9B52-84D14D5B2D5E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B8FE0290-2691-4776-A54D-0D777FD29E3A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD7E1CB9-2370-4198-A5CF-58651265180B}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{BE8FFDCD-A522-41A9-AAF6-ECFC19C373ED}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{C716D6EE-2123-4A8E-AE23-A79B12FBF6BE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{C852B588-B676-4AF6-B40D-C88F9F4A1E76}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{C9248B30-C2FC-4C22-AF04-EBA0EC6EAB6C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C9DD64A6-B8C2-4CFA-9EE7-5346473DF6F3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CAFDCF0A-3BD5-4D62-9EA7-886705B63F88}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{CBB355BB-7F9F-431A-BD40-DED8B265A51E}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{D74A9B68-6710-47C6-AA8B-7172A2C595BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1DCE130-9AE8-4B6E-A6F6-DEF37CE93D1A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E8598425-C28A-4D98-8681-1C8ED9393D3F}" = dir=in | app=d:\bearbeitungsprogramme\playmovie\playmovie.exe |
"TCP Query User{0104331B-692C-48A0-BF84-C512EEC82292}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{0A477EC7-C641-4608-9FD6-FC5E49F90E6E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{0F1933EC-9B6F-4A99-B4BD-CF696C3DFFD8}D:\halo 1 mp\haloce.exe" = protocol=6 | dir=in | app=d:\halo 1 mp\haloce.exe |
"TCP Query User{1290680D-7BBB-408C-96DD-E801324C324F}C:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe |
"TCP Query User{1BD25AC1-361A-4F9B-B730-F1A065A01627}Q:\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=q:\css\counter-strike source\hl2.exe |
"TCP Query User{236B5E77-B703-4EDF-BFFA-A84DB66322F6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{3DB97748-4353-45E5-960E-832E7E3A3FA8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{3FD9ECE9-2448-4656-8273-203C8D4D7995}D:\sniper\sniper elite\sniperelite.exe" = protocol=6 | dir=in | app=d:\sniper\sniper elite\sniperelite.exe |
"TCP Query User{41CC5285-8594-45D7-BFCD-F2A5E60ED7ED}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{44858294-7D0A-41D1-90B1-CD375AE6388B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5CCA4F48-6DC8-4629-992F-83652782F967}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{614F1BD6-42A4-485F-B305-5DB22E57D5D0}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{6C988A3C-433E-4BAE-BF35-2DEA4257CB89}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"TCP Query User{6F87A5C4-35E6-4C5A-B774-DEBE9F4BB11A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{6FE46B79-6652-426D-B3E5-E8868A14F8C5}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{747612FE-B0FD-4380-92A2-E4F603ACFA3B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{74D22B22-0777-41A9-98A8-697A99A123A8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{85CF08CE-B4C4-4B9E-AAAA-A527E385B164}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{8678D507-865D-41D1-B72A-BEC530C6B3DE}C:\users\zandy\downloads\halo\haloce.exe" = protocol=6 | dir=in | app=c:\users\zandy\downloads\halo\haloce.exe |
"TCP Query User{88D46B82-67FC-4C0D-95DB-E84DAEBE8BA6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8B5023F9-A317-4D02-9F91-A9B3D21481EC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9A7E8807-0E45-4EAC-BC6B-1D35DD8879DB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A4F53370-0BBD-4E21-B13C-C7F2D05D0F35}D:\need for speed\nfs.exe" = protocol=6 | dir=in | app=d:\need for speed\nfs.exe |
"TCP Query User{AD952BE4-E8E1-43B1-9434-433622534F17}Q:\cs 1.6\hl.exe" = protocol=6 | dir=in | app=q:\cs 1.6\hl.exe |
"TCP Query User{B44B4CCA-E5CD-47DB-ADAE-0DECDC5609EC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{BF56FD46-B7E2-4294-AD12-3E99608C0A2F}D:\bearbeitungsprogramme\loadhack\routerclient.exe" = protocol=6 | dir=in | app=d:\bearbeitungsprogramme\loadhack\routerclient.exe |
"TCP Query User{E1047DB5-342A-45B4-8562-312B3D2D5298}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{F126F394-586E-47D5-891F-CFA174224650}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F950DD31-0EF6-4891-9ABE-AF088477F7CB}C:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe |
"TCP Query User{FD8DBA90-91D9-409B-BC0D-5AEFB898AE9A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0C247432-04D7-4707-9295-7CE29ABE7385}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{1425068E-C074-41AA-8985-2452528E17B1}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{15041823-475F-4C85-AC4E-8E9BB7CE3450}Q:\cs 1.6\hl.exe" = protocol=17 | dir=in | app=q:\cs 1.6\hl.exe |
"UDP Query User{18EC5E5B-8F12-4158-931A-7FD2BBA084EB}C:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\alex32175\counter-strike source\hl2.exe |
"UDP Query User{201CECF7-61A5-49C6-BA2C-772B234E3ECE}D:\sniper\sniper elite\sniperelite.exe" = protocol=17 | dir=in | app=d:\sniper\sniper elite\sniperelite.exe |
"UDP Query User{27CC196D-6C95-4050-A374-C1DB6C1C334B}D:\need for speed\nfs.exe" = protocol=17 | dir=in | app=d:\need for speed\nfs.exe |
"UDP Query User{2CC72417-5567-4385-A059-49401B802D5A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{43E803C5-93B3-4C36-9AC9-3E2B39864976}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{4C5C2E2D-D415-4B03-9E38-D430ECA21AA5}D:\bearbeitungsprogramme\loadhack\routerclient.exe" = protocol=17 | dir=in | app=d:\bearbeitungsprogramme\loadhack\routerclient.exe |
"UDP Query User{73CFF006-447C-4F2D-8ED1-FFB8FAF3451C}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{960E48F2-FF8A-41B9-9891-A178A94F7109}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{AD03769E-A394-43F7-B2D3-5C52908A3438}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{AF65371D-F6BD-4DDE-8AF2-F2A392BEE142}D:\halo 1 mp\haloce.exe" = protocol=17 | dir=in | app=d:\halo 1 mp\haloce.exe |
"UDP Query User{BF115C25-8099-45E3-A60F-DDF649A953A7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C72D9B26-005A-4F83-A90D-DA88E92968F6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C773F02D-BAD9-4C8B-82F6-86A5047C6C77}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CABD8817-5C6F-4B50-9CC1-86792876A87B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CB1FFA80-09A3-46B5-9E14-663ADF8F4B03}C:\users\zandy\downloads\halo\haloce.exe" = protocol=17 | dir=in | app=c:\users\zandy\downloads\halo\haloce.exe |
"UDP Query User{CBDB7A5F-730B-4101-BB92-E1E6B3F4DF78}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D0DCD784-BC2B-4651-A787-60CF4016863F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{D14C7B62-1635-431C-8AAF-90943DFD5E6B}Q:\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=q:\css\counter-strike source\hl2.exe |
"UDP Query User{D948BBBA-B79D-4E3F-95FC-CE8AD92C22A9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DF291E2E-1199-438F-BD04-1C5AA8EAD9AA}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"UDP Query User{EA20067D-6D70-4395-B32F-A027D1B31CB0}C:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\alex32175\half-life 2 deathmatch\hl2.exe |
"UDP Query User{F5542E76-F618-47E2-B841-E62E13499F31}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{F832C6D6-25AD-442E-867F-3A85BD916708}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{F8CF76FC-166F-4DB8-9B34-A5A363B6A4C4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{FB2CD881-3CDB-47D5-BD79-7D35B223C7C5}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{FE0EDA0B-BAD7-4B14-92F1-C12F1C8F7327}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1491FF84-E32E-AA9C-C511-777375B77766}" = Catalyst Control Center Localization German
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D78B2E-7160-ABD1-0963-446FB828D1C3}" = Catalyst Control Center Graphics Previews Vista
"{1F649FD8-7201-FD89-F792-1B7D0C36A57C}" = Catalyst Control Center Graphics Previews Common
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CAFEE26-C4AF-6349-6D99-8B5230F47F5E}" = Skins
"{3F750653-FC3C-45A0-5304-615D63C74D07}" = Catalyst Control Center Core Implementation
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43F5AB70-4EDE-4AE8-A5DC-1C8C78868AFF}" = Sitecom Wireless Network USB Adapter 54G WL-113
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{479DCD93-4372-B11C-B727-D1D9A7AE344F}" = ccc-utility
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55FC05BC-5022-F24B-6309-FD5A95208F94}" = Catalyst Control Center Graphics Full Existing
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5623DF-7951-4D32-8897-73E0A6BC2AA7}" = Samsung PC Studio
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BECDEE0-7126-4F9B-8BE4-E72AEA79571B}" = ArcSoft WebCam Companion 2
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = MyDVD-VR Recorder
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8F371CCB-7EB9-DEE8-82F4-424A148F7DDB}" = CCC Help German
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7D9D2E0-8051-4FCD-DA16-5E44A5B89495}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACC901CB-12A9-4252-8535-4020803CD819}" = Sprachtrainer Découvertes 2
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C441197D-F750-4EFE-B3EC-885684D923DB}" = Sprachtrainer Découvertes 3
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD763478-5961-4022-961A-9FB3EA00038A}" = StarOffice 8
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE7A421-E272-FCEA-381A-ED4AACCAA165}" = ccc-core-static
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCFFB64E-A757-4430-A455-B947F029BFD4}" = Roxio WinOnCD 9 Basic
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E75055E0-085C-BD62-CD52-2398F3E84A86}" = Catalyst Control Center Graphics Full New
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6D5EED1-EB69-421C-A314-8998CA574C51}" = Philips SPC1030NC Webcam
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"10F7630C78CC9B1F315B5FA216ECB493C3ACD3E5" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (06/02/2008 1.0.5.12)
"45BC8B5D6014058D45855440C588F87C62D70673" = Windows-Treiberpaket - Philips (SPC1030) Image  (06/11/2008 5.8.8.042)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Free Studio_is1" = Free Studio version 4.8
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = Sonic MyDVD-VR
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"Spyware Doctor" = PC Tools AntiVirus Free
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
dann hab ich noch den Logfile von Malwarebytes :
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4702

Windows 6.0.6000
Internet Explorer 7.0.6000.16916

27.09.2010 16:13:17
mbam-log-

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 308146
Laufzeit: 2 Stunde(n), 2 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (Hacked by Godzilla) Good: (Internet Explorer) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\SCS.dll (Trojan.Dropper.PGen) -> No action taken.
D:\Bearbeitungsprogramme\loadhack\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action taken.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> No action taken.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> No action taken.
C:\Users\Zandy\AppData\Local\Temp\0.5170452955694216.exe (Trojan.Dropper) -> No action taken.

cosinus 27.09.2010 15:57
D:\Bearbeitungsprogramme\loadhack\ocr\netload.in\asmCaptcha\test.exe

Wasndas? :wtf:

ali321 27.09.2010 19:13
ehm das war mal ein Programm was so ähnlich ist wie JDownloader
hat aber nicht funktioniert ...
Da könnte noch ein Virus drin sein ...
ich deinstallier /lösch den Ordner mal ;)

cosinus 27.09.2010 22:39
Du hast offensichtlich erst die OTL-Logs erstellt und dann Malwarebytes ausgeführt. Ich hab nicht geschrieben, dass die Reihenfolge egal ist, ich schrieb Malwarebytes und danach OTL. Ist aber nicht schlimm, mach einfach ein neues OTL.txt

ali321 28.09.2010 13:33
Ups :D
Code:
OTL logfile created on: 28.09.2010 14:25:29 - Run 2
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Users\Zandy\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,70 Gb Total Space | 53,02 Gb Free Space | 47,47% Space Free | Partition Type: NTFS
Drive D: | 111,43 Gb Total Space | 48,67 Gb Free Space | 43,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEINPC
Current User Name: Zandy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\vspc1030.exe (Sonix)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe (Sitecom Europe BV)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Zandy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll (COMODO)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe File not found
SRV - (RSShutdown) -- D:\hackie\service.exe File not found
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe File not found
SRV - (ACPService) --  File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\System32\drivers\spc1030.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- D:\Bearbeitungsprogramme\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (phaudlwr) -- C:\Windows\System32\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (MicNgTun) -- C:\Windows\System32\drivers\MicNgTun.sys (Micronas GmbH)
DRV - (MicNgCap) -- C:\Windows\System32\drivers\MicNgCap.sys (Micronas GmbH)
DRV - (MicNgBas) -- C:\Windows\System32\drivers\MicNgBas.sys (Micronas GmbH)
DRV - (ZD1211U(Sitecom)) Sitecom Wireless Network USB Adapter Driver(Sitecom) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.18 18:25:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.18 18:25:19 | 000,000,000 | ---D | M]
 
[2009.03.05 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Extensions
[2010.09.27 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions
[2010.09.25 17:01:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.24 22:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}
[2010.02.24 15:52:21 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.02.24 15:52:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Zandy\AppData\Roaming\mozilla\Firefox\Profiles\ffmk5zx8.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.09.23 19:33:53 | 000,002,171 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\bing.xml
[2010.04.27 09:50:20 | 000,000,931 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\conduit.xml
[2010.01.01 20:55:34 | 000,002,055 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\daemon-search.xml
[2010.09.22 19:32:04 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-1.xml
[2009.08.13 08:55:58 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-2.xml
[2009.09.13 15:28:00 | 000,000,961 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin-3.xml
[2009.06.22 08:30:30 | 000,000,950 | ---- | M] () -- C:\Users\Zandy\AppData\Roaming\Mozilla\FireFox\Profiles\ffmk5zx8.default\searchplugins\icqplugin.xml
[2010.09.18 18:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.03.11 15:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010.09.18 18:25:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.18 18:25:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.18 18:25:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.18 18:25:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.18 18:25:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.18 14:37:22 | 000,000,818 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 74.208.105.171 gs.apple.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [spc1030] C:\Windows\vspc1030.exe (Sonix)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zandy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.28 14:25:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe
[2010.09.27 13:59:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.27 13:59:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.27 13:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.25 17:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2010.09.23 15:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate Music Files Finder
[2010.09.20 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.09.20 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.09.20 15:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.09.20 15:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.09.19 22:25:17 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\iPod Photo Cache
[2010.09.19 22:07:37 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Desktop\Ipod Bilder
[2010.09.18 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\ProgSense
[2010.09.17 23:27:55 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Adobe
[2010.09.17 23:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.09.17 23:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.09.17 23:04:17 | 000,000,000 | -HSD | C] -- C:\Users\Zandy\.COMMgr
[2010.09.17 22:55:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.09.17 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\0088A80374DFA29FD31A2D1FEF24C182
[2010.09.17 21:25:01 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Download Manager
[2010.09.17 17:05:30 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Deskto
[2010.09.16 14:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2010.09.16 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Zandy\Documents\Ableton
[2010.09.16 14:58:33 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Ableton
[2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\Notepad++
[2010.09.07 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010.09.02 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009.02.05 15:53:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1030.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.28 14:29:37 | 004,980,736 | ---- | M] () -- C:\Users\Zandy\NTUSER.DAT
[2010.09.28 14:25:14 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
[2010.09.28 14:22:45 | 001,491,156 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.28 14:22:45 | 000,656,262 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.28 14:22:45 | 000,614,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.28 14:22:45 | 000,121,228 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.28 14:22:45 | 000,108,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.28 14:15:25 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.28 14:15:22 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.28 14:15:22 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.28 14:15:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.28 14:15:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.28 14:14:53 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.27 22:27:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.27 22:26:54 | 002,981,557 | -H-- | M] () -- C:\Users\Zandy\AppData\Local\IconCache.db
[2010.09.27 21:29:05 | 000,944,535 | ---- | M] () -- C:\Users\Zandy\Desktop\black and wihte.jpg
[2010.09.27 21:16:32 | 001,449,872 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg
[2010.09.27 14:03:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Zandy\Desktop\OTL.exe
[2010.09.26 21:05:38 | 003,052,111 | ---- | M] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG
[2010.09.26 20:43:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.26 14:51:19 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.09.25 17:16:51 | 000,111,616 | ---- | M] () -- C:\Users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.25 17:12:57 | 003,765,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.25 16:28:25 | 000,008,052 | ---- | M] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat
[2010.09.25 13:58:54 | 000,004,368 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg
[2010.09.25 12:52:00 | 000,168,448 | ---- | M] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 23:41:27 | 001,987,907 | ---- | M] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf
[2010.09.24 23:14:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2010.09.20 14:28:21 | 000,009,694 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg
[2010.09.18 18:42:14 | 000,032,738 | ---- | M] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg
[2010.09.18 14:37:22 | 000,000,818 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.09.04 14:19:46 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.31 13:52:19 | 000,001,064 | -H-- | M] () -- C:\Windows\tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.27 21:29:02 | 000,944,535 | ---- | C] () -- C:\Users\Zandy\Desktop\black and wihte.jpg
[2010.09.26 21:20:34 | 001,449,872 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_127d1.jpg
[2010.09.25 17:12:11 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.25 13:58:53 | 000,004,368 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100925_135829.reg
[2010.09.24 23:41:27 | 001,987,907 | ---- | C] () -- C:\Users\Zandy\Documents\eggetsberger-hypnose.pdf
[2010.09.21 21:45:58 | 003,052,111 | ---- | C] () -- C:\Users\Zandy\Desktop\IMG_1271.JPG
[2010.09.20 14:28:18 | 000,009,694 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100920_142816.reg
[2010.09.18 18:42:10 | 000,032,738 | ---- | C] () -- C:\Users\Zandy\Documents\cc_20100918_184208.reg
[2010.05.17 17:49:38 | 000,079,360 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePowerS.dll
[2010.05.17 17:49:05 | 000,180,736 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeOptix_ScreenCapS.dll
[2010.05.17 17:48:40 | 000,086,528 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exeGetSteamS.dll
[2010.05.17 17:48:25 | 000,108,544 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\netssh.exePwS.dll
[2010.04.20 19:54:11 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.04.20 18:32:02 | 000,000,005 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt
[2010.04.15 17:45:31 | 000,000,614 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\nt.bat
[2010.03.30 21:20:22 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2010.01.01 19:53:27 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.09.06 10:31:45 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.03.10 23:58:11 | 000,000,168 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\AVSMediaPlayer.m3u
[2009.03.03 20:47:33 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.03.03 20:47:33 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.02.05 15:53:01 | 003,035,776 | ---- | C] () -- C:\Windows\System32\drivers\spc1030.sys
[2009.02.05 15:53:01 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll
[2009.02.05 15:53:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1030c.sys
[2009.02.05 15:53:01 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini
[2009.01.19 20:45:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2008.12.09 11:32:06 | 000,028,754 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\UserTile.png
[2008.09.20 19:07:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.06.15 19:28:39 | 000,000,628 | ---- | C] () -- C:\Users\Zandy\AppData\Roaming\wklnhst.dat
[2008.01.02 18:42:57 | 000,008,052 | ---- | C] () -- C:\Users\Zandy\AppData\Local\d3d9caps.dat
[2007.12.11 12:39:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.12.11 11:54:47 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.12.04 22:42:17 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.12.01 08:21:20 | 000,168,448 | ---- | C] () -- C:\Users\Zandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.30 16:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Zandy\AppData\Local\rx_image.Cache
[2007.06.27 03:50:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.05.23 21:39:26 | 000,000,689 | ---- | C] () -- C:\Windows\generic.ini
[2007.05.23 21:39:26 | 000,000,109 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.05.23 13:12:14 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007.05.23 13:12:12 | 000,000,163 | ---- | C] () -- C:\Windows\wininit.ini
[2007.05.23 13:07:36 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.05.19 00:23:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:F5454D0BF17D7B8D
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:7E95B6FD
< End of report >

cosinus 28.09.2010 14:51
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe File not found
SRV - (RSShutdown) -- D:\hackie\service.exe File not found
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe File not found
SRV - (ACPService) --  File not found
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell - "" = AutoRun
O33 - MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
[2010.09.17 23:04:17 | 000,000,000 | -HSD | C] -- C:\Users\Zandy\.COMMgr
[2010.09.17 22:55:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.09.17 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Zandy\AppData\Roaming\0088A80374DFA29FD31A2D1FEF24C182
@Alternate Data Stream - 24 bytes -> C:\Windows:F5454D0BF17D7B8D
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:7E95B6FD
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

ali321 28.09.2010 20:50
Ehm kleines Problem ...
Habe alles zu füge den Fix ein klicke auf Fix ..
TaskLeiste verschwindet . Alles weg bis auf das OlT Fenster
dort ein kleiner Ladebalken der hin und her zuckt .. nach 1min
(keine Rückmeldung) und ich muss manuell neu starten :(

cosinus 28.09.2010 21:21
Probier es bitte nochmal aus

ali321 29.09.2010 13:51
Hat geklappt :D danke!
Code:
All processes killed
========== OTL ==========
Error: No service named TunngleService was found to stop!
Service\Driver key TunngleService not found.
File  C:\Program Files\Tunngle\TnglCtrl.exe File not found not found.
Error: No service named RSShutdown was found to stop!
Service\Driver key RSShutdown not found.
File  D:\hackie\service.exe File not found not found.
Error: No service named Browser Defender Update Service was found to stop!
Service\Driver key Browser Defender Update Service not found.
File  C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe File not found not found.
Error: No service named ACPService was found to stop!
Service\Driver key ACPService not found.
File  File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49696441-d1bc-11de-9148-000cf61398da}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49696441-d1bc-11de-9148-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49696441-d1bc-11de-9148-000cf61398da}\ not found.
File O:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f173ffd-6352-11de-ae4c-000cf61398da}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f173ffd-6352-11de-ae4c-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f173ffd-6352-11de-ae4c-000cf61398da}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7370f2b-fc9c-11de-bd86-000cf61398da}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7370f2b-fc9c-11de-bd86-000cf61398da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7370f2b-fc9c-11de-bd86-000cf61398da}\ not found.
File L:\LaunchU3.exe not found.
Folder C:\Users\Zandy\.COMMgr\ not found.
Folder C:\Users\Public\Documents\Server\ not found.
Folder C:\Users\Zandy\AppData\Roaming\0088A80374DFA29FD31A2D1FEF24C182\ not found.
Unable to delete ADS C:\Windows:F5454D0BF17D7B8D .
Unable to delete ADS C:\ProgramData\Temp:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\Temp:A8ADE5D8 .
Unable to delete ADS C:\ProgramData\Temp:430C6D84 .
Unable to delete ADS C:\ProgramData\Temp:7E95B6FD .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
 
User: Public
 
User: Zandy
->Temp folder emptied: 14187723 bytes
->Temporary Internet Files folder emptied: 1881655 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49038782 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 63549 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 36864 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1545920 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 64,00 mb
 
 
OTL by OldTimer - Version 3.2.14.1 log created on 09292010_144719

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
gibts nicht ! Grab++ geht wieder :D DANKE!!!! Mal gucken ob sich die Programme nicht mehr aufhängen :D bisher läuft alles :D
vielen vielen Dank!

cosinus 29.09.2010 14:04
Dann bitte jetzt CF ausführen :)

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ali321 29.09.2010 16:39
Code:
ComboFix 10-09-28.03 - Zandy 29.09.2010  16:27:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.3070.1963 [GMT 2:00]
ausgeführt von:: c:\users\Zandy\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
C:\start
c:\users\Zandy\AppData\Roaming\Aqdizi
c:\users\Zandy\AppData\Roaming\Aqdizi\ezoq.muu
c:\users\Zandy\AppData\Roaming\Desktopicon
c:\users\Zandy\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Zandy\AppData\Roaming\Desktopicon\uninst.exe

Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-28 bis 2010-09-29  ))))))))))))))))))))))))))))))
.

2010-09-29 14:39 . 2010-09-29 14:40    --------    d-----w-    c:\users\Zandy\AppData\Local\temp
2010-09-29 12:53 . 2010-09-29 12:53    --------    d-----w-    c:\program files\Logitech Touch Mouse Server
2010-09-28 19:42 . 2010-09-28 19:42    --------    d-----w-    C:\_OTL
2010-09-28 13:42 . 2010-09-28 13:48    --------    d-----w-    c:\users\Zandy\AppData\Roaming\FreeScreenToVideo
2010-09-28 13:42 . 2010-09-28 13:42    --------    d-----w-    c:\program files\Free Screen To Video
2010-09-27 11:59 . 2010-04-29 10:19    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 11:59 . 2010-09-27 11:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-09-27 11:59 . 2010-04-29 10:19    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-25 15:33 . 2010-09-25 15:33    --------    d-----w-    c:\program files\Orbitdownloader
2010-09-23 13:10 . 2010-09-25 11:59    --------    d-----w-    c:\program files\Duplicate Music Files Finder
2010-09-20 13:02 . 2010-09-20 13:02    --------    d-----w-    c:\program files\iPod
2010-09-20 13:02 . 2010-09-20 13:03    --------    d-----w-    c:\program files\iTunes
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Apple Software Update
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Bonjour
2010-09-18 16:25 . 2010-09-18 16:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\ProgSense
2010-09-17 21:27 . 2010-09-17 21:43    --------    d-----w-    c:\programdata\FLEXnet
2010-09-17 21:20 . 2010-09-17 21:20    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2010-09-17 19:25 . 2010-09-17 19:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Download Manager
2010-09-17 15:05 . 2010-09-17 15:05    --------    d-----w-    c:\users\Zandy\Deskto
2010-09-17 06:35 . 2010-09-16 15:20    28048    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED9EEC5D-C01E-4A04-8570-8884A14C9265}\mpasdlta.vdm
2010-09-17 06:35 . 2010-09-17 06:35    12300688    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED9EEC5D-C01E-4A04-8570-8884A14C9265}\mpasbase.vdm
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\programdata\Ableton
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Ableton
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Notepad++
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\program files\Notepad++
2010-09-02 18:42 . 2010-09-02 18:43    --------    d-----w-    c:\program files\QuickTime
2010-09-01 07:12 . 2010-09-01 07:12    73000    ----a-w-    c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 14:33 . 2006-11-02 15:33    656262    ----a-w-    c:\windows\system32\perfh007.dat
2010-09-29 14:33 . 2006-11-02 15:33    121228    ----a-w-    c:\windows\system32\perfc007.dat
2010-09-29 14:24 . 2010-02-16 15:35    12    ----a-w-    c:\windows\bthservsdp.dat
2010-09-29 14:18 . 2008-09-20 17:02    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Skype
2010-09-29 14:18 . 2008-09-20 17:07    --------    d-----w-    c:\users\Zandy\AppData\Roaming\skypePM
2010-09-29 13:11 . 2009-03-07 16:18    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Orbit
2010-09-28 13:57 . 2009-09-06 08:31    183112    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-09-25 15:16 . 2007-11-30 12:49    111616    ----a-w-    c:\users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 14:59 . 2009-09-26 21:56    --------    d-----w-    c:\program files\TeamViewer
2010-09-25 14:57 . 2008-12-14 11:29    --------    d-----w-    c:\program files\Common Files\DVDVideoSoft
2010-09-25 14:28 . 2008-01-02 16:42    8052    ----a-w-    c:\users\Zandy\AppData\Local\d3d9caps.dat
2010-09-25 11:52 . 2009-11-30 14:33    --------    d-----w-    c:\program files\trend micro
2010-09-24 21:14 . 2010-03-03 20:48    0    ----a-w-    c:\windows\system32\Access.dat
2010-09-24 15:05 . 2010-04-12 13:08    --------    d-----w-    c:\program files\JDownloader
2010-09-21 19:16 . 2010-04-15 15:45    --------    d-sh--r-    c:\users\Zandy\AppData\Roaming\dx10ac
2010-09-20 13:02 . 2009-01-30 21:42    --------    d-----w-    c:\program files\Common Files\Apple
2010-09-17 21:24 . 2007-05-23 12:24    --------    d-----w-    c:\program files\Common Files\Adobe
2010-09-17 21:06 . 2010-04-01 19:48    --------    d-----w-    c:\program files\Ask.com
2010-09-14 18:21 . 2010-07-08 15:04    --------    d-----w-    c:\users\Zandy\AppData\Roaming\PhotoScape
2010-09-14 14:41 . 2007-12-01 21:15    582544    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm
2010-09-13 15:08 . 2009-02-05 13:57    --------    d-----w-    c:\programdata\ArcSoft
2010-09-13 15:08 . 2007-05-23 11:06    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-13 15:07 . 2009-02-06 14:16    2564863    ----a-w-    c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-09-11 19:23 . 2007-11-30 14:50    --------    d-----w-    c:\users\Zandy\AppData\Roaming\dvdcss
2010-09-06 17:56 . 2008-02-17 09:00    --------    d-----w-    c:\users\Zandy\AppData\Roaming\StarOffice8
2010-09-04 12:19 . 2009-09-06 08:31    138184    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-08-30 20:19 . 2007-05-23 11:09    --------    d-----w-    c:\program files\Roxio
2010-08-28 16:20 . 2009-02-05 13:57    --------    d-----w-    c:\program files\ArcSoft
2010-08-28 16:19 . 2009-07-13 15:31    --------    d-----w-    c:\program files\ElcomSoft
2010-08-28 16:19 . 2008-09-20 17:01    --------    d-----r-    c:\program files\Skype
2010-08-28 16:17 . 2010-06-17 20:30    --------    d-----w-    c:\program files\thriXXX
2010-08-27 13:57 . 2007-05-23 11:09    --------    d-----w-    c:\programdata\Roxio
2010-08-24 18:44 . 2010-05-11 16:15    --------    d-sh--w-    c:\users\Zandy\AppData\Roaming\lowsec
2010-08-24 13:00 . 2007-12-01 21:15    12120464    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasbase.vdm
2010-08-05 21:05 . 2009-03-03 20:42    --------    d-----w-    c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44    91424    ----a-w-    c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44    107808    ----a-w-    c:\windows\system32\dns-sd.exe
2010-07-11 17:38 . 2010-04-24 20:00    57344    ----a-w-    c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 17:38 . 2010-07-11 17:38    56765    ----a-w-    c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    57715    ----a-w-    c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    54153    ----a-w-    c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 17:22 . 2010-04-24 20:03    895256    ----a-w-    c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 17:22 . 2010-04-24 20:03    1062184    ----a-w-    c:\programdata\DivX\Setup\Resource.dll
.

------- Sigcheck -------

[-] 2010-03-30 . 1171B07E27991296D379472B12174349 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23    1385864    ----a-w-    c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"spc1030"="c:\windows\vspc1030.exe" [2008-02-22 684032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom USB Wireless LAN Utility.lnk - c:\program files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [2009-1-19 3477504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"{68657190-7121-20E8-42E7-B6B473543351}"=c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe
"userinit"=c:\users\Zandy\AppData\Roaming\sdra64.exe
"Windows Update"=c:\users\Zandy\AppData\Roaming\netssh.exe
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=c:\users\Zandy\AppData\Roaming\netssh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=c:\windows\vVX1000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"spc1030"=c:\windows\vspc1030.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PlayMovie"="d:\bearbeitungsprogramme\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"d-x10c"=c:\users\Zandy\AppData\Roaming\dx10ac\d-xdiag10c.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-01 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};d:\bearbeitungsprogramme\PlayMovie\000.fcl [2008-05-16 61424]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2006-02-11 48768]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2006-02-11 50560]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2006-02-11 122752]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\DRIVERS\spc1030.sys [2008-06-11 3035776]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\DRIVERS\zd1211u.sys [2004-07-05 233472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-08-31 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-13 16:51]

2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {38C40A29-A3EC-4951-93B1-95FA03AA6BE0} = 192.168.178.1,192.168.178.2
TCP: {5B175FDC-3A19-4105-AE85-EF088487102C} = 192.168.182.1,192.168.182.2
TCP: {9CE15D25-E061-4EA7-A67B-2FBB0BF7B106} = 192.168.182.1,192.168.182.2
TCP: {D08FD11B-68BB-4DB9-B05C-0694FD0A3F17} = 192.168.182.1,192.168.182.2
FF - ProfilePath - c:\users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-BMIMZMHMFM - c:\users\Zandy\AppData\Local\Temp\Rcx.exe
MSConfigStartUp-LosAlamos - c:\windows\system32\sshnas21.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-29 16:39
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\d:\bearbeitungsprogramme\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2780370485-2775809281-2979314199-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,e8,20,01,50,99,dc,33,e0,d7,a3,74,96,6b,73,2f,63,e9,c8,ba,12,
  f3,94,9a,85,38,7f,1e,00,c7,e6,a2,97,c4,5b,8c,b4,73,e9,1d,2b,65,19,a6,f9,6a,\
"rkeysecu"=hex:9b,5a,b7,02,6e,ed,18,d4,57,55,ba,a0,1e,c9,49,72

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\System32\guard32.dll

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2010-09-29  16:45:18
ComboFix-quarantined-files.txt  2010-09-29 14:45

Vor Suchlauf: 14 Verzeichnis(se), 56.898.908.160 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 56.724.508.672 Bytes frei

- - End Of File - - FCFE09711B073FE17FA14EB365969841
:D gab kleine anlaufschwierigkeiten aber am ende liefs wunderbar ;)

cosinus 30.09.2010 12:51
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Filelook::
c:\windows\System32\shsvcs.dll
c:\windows\system32\drivers\netbt.sys

Dirlook::
c:\program files\thriXXX

File::
c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe
c:\users\Zandy\AppData\Roaming\sdra64.exe
c:\users\Zandy\AppData\Roaming\netssh.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"{68657190-7121-20E8-42E7-B6B473543351}"=-
"userinit"=-
"Windows Update"=-
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=-
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ali321 30.09.2010 23:00
Ich hoffe mal ich hab alles richtig gemacht ;)
Code:
ComboFix 10-09-30.01 - Zandy 30.09.2010  23:38:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.3070.2086 [GMT 2:00]
ausgeführt von:: d:\allgemein\PC säubern\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Zandy\Desktop\CFScript.txt.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe"
"c:\users\Zandy\AppData\Roaming\netssh.exe"
"c:\users\Zandy\AppData\Roaming\sdra64.exe"
.

(((((((((((((((((((((((  Dateien erstellt von 2010-08-28 bis 2010-09-30  ))))))))))))))))))))))))))))))
.

2010-09-30 21:46 . 2010-09-30 21:46    --------    d-----w-    c:\users\Zandy\AppData\Local\temp
2010-09-30 21:46 . 2010-09-30 21:46    --------    d-----w-    c:\users\Public\AppData\Local\temp
2010-09-29 12:53 . 2010-09-29 12:53    --------    d-----w-    c:\program files\Logitech Touch Mouse Server
2010-09-28 19:42 . 2010-09-28 19:42    --------    d-----w-    C:\_OTL
2010-09-28 13:42 . 2010-09-28 13:48    --------    d-----w-    c:\users\Zandy\AppData\Roaming\FreeScreenToVideo
2010-09-28 13:42 . 2010-09-28 13:42    --------    d-----w-    c:\program files\Free Screen To Video
2010-09-27 11:59 . 2010-04-29 10:19    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 11:59 . 2010-09-27 11:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-09-27 11:59 . 2010-04-29 10:19    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-25 15:33 . 2010-09-25 15:33    --------    d-----w-    c:\program files\Orbitdownloader
2010-09-23 13:10 . 2010-09-25 11:59    --------    d-----w-    c:\program files\Duplicate Music Files Finder
2010-09-20 13:02 . 2010-09-20 13:02    --------    d-----w-    c:\program files\iPod
2010-09-20 13:02 . 2010-09-20 13:03    --------    d-----w-    c:\program files\iTunes
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Apple Software Update
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Bonjour
2010-09-18 16:25 . 2010-09-18 16:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\ProgSense
2010-09-17 21:27 . 2010-09-17 21:43    --------    d-----w-    c:\programdata\FLEXnet
2010-09-17 21:20 . 2010-09-17 21:20    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2010-09-17 19:25 . 2010-09-17 19:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Download Manager
2010-09-17 15:05 . 2010-09-17 15:05    --------    d-----w-    c:\users\Zandy\Deskto
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\programdata\Ableton
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Ableton
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Notepad++
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\program files\Notepad++
2010-09-02 18:42 . 2010-09-02 18:43    --------    d-----w-    c:\program files\QuickTime
2010-09-01 07:12 . 2010-09-01 07:12    73000    ----a-w-    c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 21:33 . 2008-09-20 17:02    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Skype
2010-09-30 21:10 . 2006-11-02 15:33    656262    ----a-w-    c:\windows\system32\perfh007.dat
2010-09-30 21:10 . 2006-11-02 15:33    121228    ----a-w-    c:\windows\system32\perfc007.dat
2010-09-30 21:09 . 2008-09-20 17:07    --------    d-----w-    c:\users\Zandy\AppData\Roaming\skypePM
2010-09-30 21:03 . 2010-02-16 15:35    12    ----a-w-    c:\windows\bthservsdp.dat
2010-09-29 13:11 . 2009-03-07 16:18    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Orbit
2010-09-28 13:57 . 2009-09-06 08:31    183112    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-09-26 13:15 . 2006-11-02 10:25    86016    ----a-w-    c:\windows\Inf\infstor.dat
2010-09-26 13:15 . 2006-11-02 10:25    51200    ----a-w-    c:\windows\Inf\infpub.dat
2010-09-26 13:15 . 2006-11-02 10:25    143360    ----a-w-    c:\windows\Inf\infstrng.dat
2010-09-25 15:16 . 2007-11-30 12:49    111616    ----a-w-    c:\users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 14:59 . 2009-09-26 21:56    --------    d-----w-    c:\program files\TeamViewer
2010-09-25 14:57 . 2008-12-14 11:29    --------    d-----w-    c:\program files\Common Files\DVDVideoSoft
2010-09-25 14:28 . 2008-01-02 16:42    8052    ----a-w-    c:\users\Zandy\AppData\Local\d3d9caps.dat
2010-09-25 11:52 . 2009-11-30 14:33    --------    d-----w-    c:\program files\trend micro
2010-09-24 21:14 . 2010-03-03 20:48    0    ----a-w-    c:\windows\system32\Access.dat
2010-09-24 15:05 . 2010-04-12 13:08    --------    d-----w-    c:\program files\JDownloader
2010-09-21 19:16 . 2010-04-15 15:45    --------    d-sh--r-    c:\users\Zandy\AppData\Roaming\dx10ac
2010-09-20 13:02 . 2009-01-30 21:42    --------    d-----w-    c:\program files\Common Files\Apple
2010-09-17 21:24 . 2007-05-23 12:24    --------    d-----w-    c:\program files\Common Files\Adobe
2010-09-17 21:06 . 2010-04-01 19:48    --------    d-----w-    c:\program files\Ask.com
2010-09-14 18:21 . 2010-07-08 15:04    --------    d-----w-    c:\users\Zandy\AppData\Roaming\PhotoScape
2010-09-13 15:08 . 2009-02-05 13:57    --------    d-----w-    c:\programdata\ArcSoft
2010-09-13 15:08 . 2007-05-23 11:06    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-13 15:07 . 2009-02-06 14:16    2564863    ----a-w-    c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-09-11 19:23 . 2007-11-30 14:50    --------    d-----w-    c:\users\Zandy\AppData\Roaming\dvdcss
2010-09-06 17:56 . 2008-02-17 09:00    --------    d-----w-    c:\users\Zandy\AppData\Roaming\StarOffice8
2010-09-04 12:19 . 2009-09-06 08:31    138184    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-08-30 20:19 . 2007-05-23 11:09    --------    d-----w-    c:\program files\Roxio
2010-08-28 16:20 . 2009-02-05 13:57    --------    d-----w-    c:\program files\ArcSoft
2010-08-28 16:19 . 2009-07-13 15:31    --------    d-----w-    c:\program files\ElcomSoft
2010-08-28 16:19 . 2008-09-20 17:01    --------    d-----r-    c:\program files\Skype
2010-08-28 16:17 . 2010-06-17 20:30    --------    d-----w-    c:\program files\thriXXX
2010-08-27 13:57 . 2007-05-23 11:09    --------    d-----w-    c:\programdata\Roxio
2010-08-24 18:44 . 2010-05-11 16:15    --------    d-sh--w-    c:\users\Zandy\AppData\Roaming\lowsec
2010-08-05 21:05 . 2009-03-03 20:42    --------    d-----w-    c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44    91424    ----a-w-    c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44    107808    ----a-w-    c:\windows\system32\dns-sd.exe
2010-07-11 17:38 . 2010-04-24 20:00    57344    ----a-w-    c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 17:38 . 2010-07-11 17:38    56765    ----a-w-    c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    57715    ----a-w-    c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    54153    ----a-w-    c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 17:22 . 2010-04-24 20:03    895256    ----a-w-    c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 17:22 . 2010-04-24 20:03    1062184    ----a-w-    c:\programdata\DivX\Setup\Resource.dll
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\netbt.sys ---
Company: Microsoft Corporation
File Description: MBT Transport driver
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: netbt.sys
File size: 184320
Created time: 2006-11-02 08:57
Modified time: 2006-11-02 08:57
MD5: E3A168912E7EEFC3BD3B814720D68B41
SHA1: BD7F554CDB56ACF7EA70060A8FAF1D8B450A3223


--- c:\windows\System32\shsvcs.dll ---
Company: Microsoft Corporation
File Description: Windows-Shelldienste-DLL
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: SHSVCS.DLL.MUI
File size: 245248
Created time: 2006-11-02 08:46
Modified time: 2010-03-30 15:35
MD5: 1171B07E27991296D379472B12174349
SHA1: B98D961ED172581FDE7D26AAE6F0BCEF2F5FAD89

---- Directory of c:\program files\thriXXX ----

2010-06-17 20:28 . 2008-05-10 22:00    26624    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\fc3DSexVillaRun.DE.exe
2008-04-11 12:37 . 2008-04-11 12:37    1470    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\LibTheora License.txt
2007-10-09 13:15 . 2007-10-09 13:15    9326    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\app.ico
2007-09-03 05:55 . 2007-09-03 05:55    413696    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\OpenAL32.dll
2006-11-16 09:49 . 2006-11-16 09:49    2795    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\JasPer License.txt
2006-11-16 09:49 . 2006-11-16 09:49    3936    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\LibPNG License.txt
2006-11-16 09:49 . 2006-11-16 09:49    1475    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\OggVorbis Copying.txt
2006-11-16 09:49 . 2006-11-16 09:49    6406    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\OpenSSL License.txt
2006-11-16 09:49 . 2006-11-16 09:49    1116    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\zlib License.txt
2006-11-16 09:39 . 2006-11-16 09:39    53248    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\ogg.dll
2006-11-16 09:36 . 2006-11-16 09:36    1200128    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\vorbis.dll
2006-11-16 09:36 . 2006-11-16 09:36    77824    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\vorbisfile.dll
2006-07-11 17:35 . 2006-07-11 17:35    503808    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\msvcp71.dll
2006-07-11 17:35 . 2006-07-11 17:35    348160    ----a-w-    c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\msvcr71.dll


------- Sigcheck -------

[-] 2010-03-30 . 1171B07E27991296D379472B12174349 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23    1385864    ----a-w-    c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"spc1030"="c:\windows\vspc1030.exe" [2008-02-22 684032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom USB Wireless LAN Utility.lnk - c:\program files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [2009-1-19 3477504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"{68657190-7121-20E8-42E7-B6B473543351}"=c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe
"userinit"=c:\users\Zandy\AppData\Roaming\sdra64.exe
"Windows Update"=c:\users\Zandy\AppData\Roaming\netssh.exe
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=c:\users\Zandy\AppData\Roaming\netssh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=c:\windows\vVX1000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"spc1030"=c:\windows\vspc1030.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PlayMovie"="d:\bearbeitungsprogramme\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"d-x10c"=c:\users\Zandy\AppData\Roaming\dx10ac\d-xdiag10c.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-01 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};d:\bearbeitungsprogramme\PlayMovie\000.fcl [2008-05-16 61424]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2006-02-11 48768]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2006-02-11 50560]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2006-02-11 122752]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\DRIVERS\spc1030.sys [2008-06-11 3035776]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\DRIVERS\zd1211u.sys [2004-07-05 233472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-08-31 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-13 16:51]

2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {5B175FDC-3A19-4105-AE85-EF088487102C} = 192.168.182.1,192.168.182.2
TCP: {9CE15D25-E061-4EA7-A67B-2FBB0BF7B106} = 192.168.182.1,192.168.182.2
TCP: {D08FD11B-68BB-4DB9-B05C-0694FD0A3F17} = 192.168.182.1,192.168.182.2
FF - ProfilePath - c:\users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-30 23:46
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\d:\bearbeitungsprogramme\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2780370485-2775809281-2979314199-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,e8,20,01,50,99,dc,33,e0,d7,a3,74,96,6b,73,2f,63,e9,c8,ba,12,
  f3,94,9a,85,38,7f,1e,00,c7,e6,a2,97,c4,5b,8c,b4,73,e9,1d,2b,65,19,a6,f9,6a,\
"rkeysecu"=hex:9b,5a,b7,02,6e,ed,18,d4,57,55,ba,a0,1e,c9,49,72

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-30  23:50:04
ComboFix-quarantined-files.txt  2010-09-30 21:49
ComboFix2.txt  2010-09-29 14:45

Vor Suchlauf: 17 Verzeichnis(se), 64.094.289.920 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 63.968.358.400 Bytes frei

- - End Of File - - 50DFC7EFB31FAC0B6F4EB19F873C5B5C

cosinus 01.10.2010 08:23
Machs bitte nochmal aber mit diesem Script für CF:

Zitat:
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"{68657190-7121-20E8-42E7-B6B473543351}"=-
"userinit"=-
"Windows Update"=-
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=-

ali321 01.10.2010 14:10
:D bekomme ich mal ne zwischeninfo obs besser wird?
Code:
ComboFix 10-09-30.03 - Zandy 01.10.2010  14:31:50.3.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.3070.2008 [GMT 2:00]
ausgeführt von:: d:\allgemein\PC säubern\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Zandy\Desktop\CFScript.txt.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-09-01 bis 2010-10-01  ))))))))))))))))))))))))))))))
.

2010-10-01 12:39 . 2010-10-01 12:39    --------    d-----w-    c:\users\Zandy\AppData\Local\temp
2010-10-01 12:39 . 2010-10-01 12:39    --------    d-----w-    c:\users\Public\AppData\Local\temp
2010-10-01 12:10 . 2010-02-12 10:49    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2010-10-01 12:06 . 2010-02-20 23:54    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2010-10-01 12:06 . 2010-02-20 23:51    31232    ----a-w-    c:\windows\system32\httpapi.dll
2010-10-01 12:06 . 2010-02-20 21:30    396800    ----a-w-    c:\windows\system32\drivers\http.sys
2010-10-01 12:05 . 2010-01-23 08:05    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-09-29 12:53 . 2010-09-29 12:53    --------    d-----w-    c:\program files\Logitech Touch Mouse Server
2010-09-28 19:42 . 2010-09-28 19:42    --------    d-----w-    C:\_OTL
2010-09-28 13:42 . 2010-09-28 13:48    --------    d-----w-    c:\users\Zandy\AppData\Roaming\FreeScreenToVideo
2010-09-28 13:42 . 2010-09-28 13:42    --------    d-----w-    c:\program files\Free Screen To Video
2010-09-27 11:59 . 2010-04-29 10:19    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 11:59 . 2010-09-27 11:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-09-27 11:59 . 2010-04-29 10:19    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-25 15:33 . 2010-09-25 15:33    --------    d-----w-    c:\program files\Orbitdownloader
2010-09-23 13:10 . 2010-09-25 11:59    --------    d-----w-    c:\program files\Duplicate Music Files Finder
2010-09-20 13:02 . 2010-09-20 13:02    --------    d-----w-    c:\program files\iPod
2010-09-20 13:02 . 2010-09-20 13:03    --------    d-----w-    c:\program files\iTunes
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Apple Software Update
2010-09-20 13:00 . 2010-09-20 13:00    --------    d-----w-    c:\program files\Bonjour
2010-09-18 16:25 . 2010-09-18 16:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\ProgSense
2010-09-17 21:27 . 2010-09-17 21:43    --------    d-----w-    c:\programdata\FLEXnet
2010-09-17 21:20 . 2010-09-17 21:20    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2010-09-17 19:25 . 2010-09-17 19:25    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Download Manager
2010-09-17 15:05 . 2010-09-17 15:05    --------    d-----w-    c:\users\Zandy\Deskto
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\programdata\Ableton
2010-09-16 12:58 . 2010-09-16 12:58    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Ableton
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Notepad++
2010-09-07 13:52 . 2010-09-25 14:57    --------    d-----w-    c:\program files\Notepad++
2010-09-02 18:42 . 2010-09-02 18:43    --------    d-----w-    c:\program files\QuickTime

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 12:29 . 2006-11-02 15:33    656262    ----a-w-    c:\windows\system32\perfh007.dat
2010-10-01 12:29 . 2006-11-02 15:33    121228    ----a-w-    c:\windows\system32\perfc007.dat
2010-10-01 12:24 . 2008-09-20 17:02    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Skype
2010-10-01 12:21 . 2009-11-29 17:22    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-10-01 12:20 . 2010-02-16 15:35    12    ----a-w-    c:\windows\bthservsdp.dat
2010-10-01 11:55 . 2008-09-20 17:07    --------    d-----w-    c:\users\Zandy\AppData\Roaming\skypePM
2010-09-29 13:11 . 2009-03-07 16:18    --------    d-----w-    c:\users\Zandy\AppData\Roaming\Orbit
2010-09-28 13:57 . 2009-09-06 08:31    183112    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-09-26 13:15 . 2006-11-02 10:25    86016    ----a-w-    c:\windows\Inf\infstor.dat
2010-09-26 13:15 . 2006-11-02 10:25    51200    ----a-w-    c:\windows\Inf\infpub.dat
2010-09-26 13:15 . 2006-11-02 10:25    143360    ----a-w-    c:\windows\Inf\infstrng.dat
2010-09-25 15:16 . 2007-11-30 12:49    111616    ----a-w-    c:\users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 14:59 . 2009-09-26 21:56    --------    d-----w-    c:\program files\TeamViewer
2010-09-25 14:57 . 2008-12-14 11:29    --------    d-----w-    c:\program files\Common Files\DVDVideoSoft
2010-09-25 14:28 . 2008-01-02 16:42    8052    ----a-w-    c:\users\Zandy\AppData\Local\d3d9caps.dat
2010-09-25 11:52 . 2009-11-30 14:33    --------    d-----w-    c:\program files\trend micro
2010-09-24 21:14 . 2010-03-03 20:48    0    ----a-w-    c:\windows\system32\Access.dat
2010-09-24 15:05 . 2010-04-12 13:08    --------    d-----w-    c:\program files\JDownloader
2010-09-21 19:16 . 2010-04-15 15:45    --------    d-sh--r-    c:\users\Zandy\AppData\Roaming\dx10ac
2010-09-20 13:02 . 2009-01-30 21:42    --------    d-----w-    c:\program files\Common Files\Apple
2010-09-17 21:24 . 2007-05-23 12:24    --------    d-----w-    c:\program files\Common Files\Adobe
2010-09-17 21:06 . 2010-04-01 19:48    --------    d-----w-    c:\program files\Ask.com
2010-09-14 18:21 . 2010-07-08 15:04    --------    d-----w-    c:\users\Zandy\AppData\Roaming\PhotoScape
2010-09-13 15:08 . 2009-02-05 13:57    --------    d-----w-    c:\programdata\ArcSoft
2010-09-13 15:08 . 2007-05-23 11:06    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-13 15:07 . 2009-02-06 14:16    2564863    ----a-w-    c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-09-11 19:23 . 2007-11-30 14:50    --------    d-----w-    c:\users\Zandy\AppData\Roaming\dvdcss
2010-09-06 17:56 . 2008-02-17 09:00    --------    d-----w-    c:\users\Zandy\AppData\Roaming\StarOffice8
2010-09-04 12:19 . 2009-09-06 08:31    138184    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-09-01 07:12 . 2010-09-01 07:12    73000    ----a-w-    c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-30 20:19 . 2007-05-23 11:09    --------    d-----w-    c:\program files\Roxio
2010-08-28 16:20 . 2009-02-05 13:57    --------    d-----w-    c:\program files\ArcSoft
2010-08-28 16:19 . 2009-07-13 15:31    --------    d-----w-    c:\program files\ElcomSoft
2010-08-28 16:19 . 2008-09-20 17:01    --------    d-----r-    c:\program files\Skype
2010-08-28 16:17 . 2010-06-17 20:30    --------    d-----w-    c:\program files\thriXXX
2010-08-27 13:57 . 2007-05-23 11:09    --------    d-----w-    c:\programdata\Roxio
2010-08-24 18:44 . 2010-05-11 16:15    --------    d-sh--w-    c:\users\Zandy\AppData\Roaming\lowsec
2010-08-05 21:05 . 2009-03-03 20:42    --------    d-----w-    c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44    91424    ----a-w-    c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44    107808    ----a-w-    c:\windows\system32\dns-sd.exe
2010-07-11 17:38 . 2010-04-24 20:00    57344    ----a-w-    c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 17:38 . 2010-07-11 17:38    56765    ----a-w-    c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    57715    ----a-w-    c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38    54153    ----a-w-    c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 17:22 . 2010-04-24 20:03    895256    ----a-w-    c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 17:22 . 2010-04-24 20:03    1062184    ----a-w-    c:\programdata\DivX\Setup\Resource.dll
.

------- Sigcheck -------

[-] 2010-03-30 . 1171B07E27991296D379472B12174349 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23    1385864    ----a-w-    c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"spc1030"="c:\windows\vspc1030.exe" [2008-02-22 684032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom USB Wireless LAN Utility.lnk - c:\program files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [2009-1-19 3477504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=c:\windows\vVX1000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"spc1030"=c:\windows\vspc1030.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PlayMovie"="d:\bearbeitungsprogramme\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"d-x10c"=c:\users\Zandy\AppData\Roaming\dx10ac\d-xdiag10c.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-01 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};d:\bearbeitungsprogramme\PlayMovie\000.fcl [2008-05-16 61424]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2006-02-11 48768]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2006-02-11 50560]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2006-02-11 122752]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\DRIVERS\spc1030.sys [2008-06-11 3035776]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\DRIVERS\zd1211u.sys [2004-07-05 233472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]

2010-08-31 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-13 16:51]

2010-10-01 c:\windows\Tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {5B175FDC-3A19-4105-AE85-EF088487102C} = 192.168.182.1,192.168.182.2
TCP: {9CE15D25-E061-4EA7-A67B-2FBB0BF7B106} = 192.168.182.1,192.168.182.2
TCP: {D08FD11B-68BB-4DB9-B05C-0694FD0A3F17} = 192.168.182.1,192.168.182.2
FF - ProfilePath - c:\users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-01 14:39
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\d:\bearbeitungsprogramme\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2780370485-2775809281-2979314199-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,e8,20,01,50,99,dc,33,e0,d7,a3,74,96,6b,73,2f,63,e9,c8,ba,12,
  f3,94,9a,85,38,7f,1e,00,c7,e6,a2,97,c4,5b,8c,b4,73,e9,1d,2b,65,19,a6,f9,6a,\
"rkeysecu"=hex:9b,5a,b7,02,6e,ed,18,d4,57,55,ba,a0,1e,c9,49,72

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-10-01  14:43:08
ComboFix-quarantined-files.txt  2010-10-01 12:43
ComboFix2.txt  2010-09-30 21:50
ComboFix3.txt  2010-09-29 14:45

Vor Suchlauf: 17 Verzeichnis(se), 61.247.483.904 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 61.206.691.840 Bytes frei

- - End Of File - - 3E8205DD5EEF9639B18A2F97AAF5D987

cosinus 01.10.2010 14:45
So, es wird langsam besser.

Zitat:
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
Das Teil bitte deinstallieren. Es ist sinnfrei bis kontraproduktiv. Sag Bescheid wenn Du fertig bist. Nutz die Windows-Firewall statt einer sinnfreien PFW.

ali321 01.10.2010 19:35
OK ist runter
was jetzt? :D

cosinus 01.10.2010 20:14
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

ali321 02.10.2010 09:32
Ich hoffe ,dass ich alles richtig gemacht hab aber beim remover bin ich mir nich so sicher :D

Bootkit:
Code:
.\debug.cpp(238) : Debug log started at 02.10.2010 - 08:29:29
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition (build 6000), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x83000000 0x003a1000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x833a1000 0x00034000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x802c6000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x80266000 0x00060000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8025d000 0x00009000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x80255000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x8021a000 0x0003b000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x8051f000 0x000e1000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x804a4000 0x0007b000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8020d000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x80461000 0x00043000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x80204000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x80459000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x8044a000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x80425000 0x00025000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x80415000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8040e000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0x80400000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x807b6000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x807ae000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x80790000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x8075f000 0x00031000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8074f000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x80738000 0x00017000 "\SystemRoot\System32\Drivers\DRVMCDB.SYS"
.\debug.cpp(256) : 0x8072f000 0x00009000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
.\debug.cpp(256) : 0x8062b000 0x00104000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x80600000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x8b1c7000 0x00039000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8b0bf000 0x00108000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8b055000 0x0006a000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8b04d000 0x00008000 "\SystemRoot\system32\DRIVERS\wd.sys"
.\debug.cpp(256) : 0x8b017000 0x00036000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8b00f000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8b000000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x8b3f1000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8b3cc000 0x00025000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x8b3bb000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x8b39a000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8b392000 0x00008000 "\SystemRoot\system32\DRIVERS\AtiPcie.sys"
.\debug.cpp(256) : 0x8b389000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x8c034000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x91970000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x8c026000 0x0000e000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x91eff000 0x00701000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x91803000 0x0009d000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x8c019000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8c007000 0x00012000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8c0df000 0x0000c000 "\SystemRoot\system32\drivers\MicNgBas.sys"
.\debug.cpp(256) : 0x91bcc000 0x00034000 "\SystemRoot\system32\DRIVERS\yk60x86.sys"
.\debug.cpp(256) : 0x8c0fb000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x91b8f000 0x0003d000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x91b81000 0x0000e000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8c1bb000 0x00002000 "\SystemRoot\System32\Drivers\DLACDBHM.SYS"
.\debug.cpp(256) : 0x91b69000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x91910000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x8bd24000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys"
.\debug.cpp(256) : 0x91b0b000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0x91b00000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0x91ae6000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x91adc000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x91ac4000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0x91a99000 0x0002b000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x91a59000 0x00040000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x91a4e000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x91a37000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x91a2c000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x91a09000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8bdd8000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x91eec000 0x00013000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x91ed0000 0x0000f000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x91ec5000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x91eba000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8c1ad000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x91e90000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x91e86000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x91edf000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x92730000 0x0000d000 "\SystemRoot\system32\drivers\MicNgCap.sys"
.\debug.cpp(256) : 0x91e68000 0x0001e000 "\SystemRoot\system32\drivers\MicNgTun.sys"
.\debug.cpp(256) : 0x8c07e000 0x00003000 "\SystemRoot\system32\drivers\BdaSup.SYS"
.\debug.cpp(256) : 0x91e34000 0x00034000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x91e2a000 0x0000a000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0x8bcd4000 0x00010000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x926b1000 0x0003f000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x92684000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x91e05000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x92857000 0x001a9000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
.\debug.cpp(256) : 0x9198b000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x91902000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8c04a000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x91934000 0x00006000 "\SystemRoot\System32\Drivers\DLARTL_M.SYS"
.\debug.cpp(256) : 0x918a7000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x92668000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x92647000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8c16d000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8c175000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x9261c000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x9260e000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x919a6000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x92b2b000 0x000d5000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x9283e000 0x00019000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x92829000 0x00015000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x92815000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x92aa4000 0x00047000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x92a72000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x92a5c000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x92600000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x92802000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x92a21000 0x0003b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x92a17000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x92a00000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x9273d000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x8c03f000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x8c13d000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x8bde7000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x8bcb4000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x8c1a1000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x92ecb000 0x00039000 "\SystemRoot\system32\DRIVERS\zd1211u.sys"
.\debug.cpp(256) : 0x91994000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x9b400000 0x00200000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x92ec1000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x92e65000 0x00012000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0x92f4d000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x9c91a000 0x002e6000 "\SystemRoot\system32\DRIVERS\spc1030.sys"
.\debug.cpp(256) : 0x927a5000 0x0000d000 "\SystemRoot\system32\DRIVERS\STREAM.SYS"
.\debug.cpp(256) : 0x918a0000 0x00007000 "\SystemRoot\system32\DRIVERS\spc1030c.SYS"
.\debug.cpp(256) : 0x92f37000 0x00016000 "\SystemRoot\system32\DRIVERS\phaudlwr.sys"
.\debug.cpp(256) : 0x92f25000 0x00012000 "\SystemRoot\system32\drivers\usbaudio.sys"
.\debug.cpp(256) : 0x8c115000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x9bb4c000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x9d200000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x9d220000 0x0004c000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x9d210000 0x0000e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x9cee5000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x9ba76000 0x0000b000 "\SystemRoot\System32\Drivers\DRVNDDM.SYS"
.\debug.cpp(256) : 0x9b619000 0x00001000 "\SystemRoot\System32\DLA\DLADResM.SYS"
.\debug.cpp(256) : 0x9cecd000 0x00018000 "\SystemRoot\System32\DLA\DLAIFS_M.SYS"
.\debug.cpp(256) : 0x91b46000 0x00005000 "\SystemRoot\System32\DLA\DLAOPIOM.SYS"
.\debug.cpp(256) : 0x8c1bd000 0x00002000 "\SystemRoot\System32\DLA\DLAPoolM.SYS"
.\debug.cpp(256) : 0x918c3000 0x00007000 "\SystemRoot\System32\DLA\DLABMFSM.SYS"
.\debug.cpp(256) : 0x918ca000 0x00007000 "\SystemRoot\System32\DLA\DLABOIOM.SYS"
.\debug.cpp(256) : 0x9ce77000 0x00016000 "\SystemRoot\System32\DLA\DLAUDFAM.SYS"
.\debug.cpp(256) : 0x9ce60000 0x00017000 "\SystemRoot\System32\DLA\DLAUDF_M.SYS"
.\debug.cpp(256) : 0xa0b72000 0x0008e000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0x8bcf4000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0xa0b47000 0x0002b000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x9b663000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa068a000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0xa1797000 0x00069000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0xa0a45000 0x0001b000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xa177e000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0xa176a000 0x00014000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0xa171b000 0x0001e000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xa16e2000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0xa16d0000 0x00012000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0xa16ac000 0x00024000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xa165b000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x918f4000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
.\debug.cpp(256) : 0xa160a000 0x00011000 "\??\C:\Acer\Empowering Technology\eRecovery\int15.sys"
.\debug.cpp(256) : 0xa3322000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x9baad000 0x0000b000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xa3281000 0x00021000 "\??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl"
.\debug.cpp(256) : 0xa320c000 0x00015000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
.\debug.cpp(256) : 0xa3fee000 0x00012000 "\SystemRoot\system32\DRIVERS\WUDFPf.sys"
.\debug.cpp(256) : 0xa3e48000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0x9bace000 0x0000b000 "\SystemRoot\system32\drivers\tdtcp.sys"
.\debug.cpp(256) : 0x9b6bd000 0x0000c000 "\SystemRoot\System32\DRIVERS\tssecsrv.sys"
.\debug.cpp(256) : 0xa47d2000 0x0002e000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
.\debug.cpp(256) : 0xafb0a000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x9eed0000 0x00002000 "\SystemRoot\system32\drivers\MSPQM.sys"
.\debug.cpp(256) : 0x9beca000 0x0000e000 "\SystemRoot\System32\Drivers\usbaapl.sys"
.\debug.cpp(256) : 0x77040000 0x0011e000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureCFF86ED3Offset7E00Length270987600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col04#6&32c0fdeb&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000069"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9c0-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) :  Destination "\Device\UMDFCtrlDev-9118b9c0-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :  Destination "\Device\Ndis"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :  Destination "\Device\Video0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000003a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :  Destination "\Device\Video1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000003b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4386&SUBSYS_73261462&REV_00#3&18d45aa6&0&9D#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_SD_Reader&Rev_1.00#2004888&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\0000006e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9589&SUBSYS_E410174B&REV_00#4&251b81e2&0&0010#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :  Destination "\Device\Video2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureCFF86ED3Offset1E5D265E00Length1BDB64A400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col03#6&32c0fdeb&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000068"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) :  Destination "\Device\00000080"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :  Destination "\Device\Video3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9}"
.\debug.cpp(400) :  Destination "\Device\NDMP10"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000039"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{85C69119-7207-4748-A699-0E9CE24E48CE}"
.\debug.cpp(400) :  Destination "\Device\NDMP4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) :  Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9bc-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) :  Destination "\Device\UMDFCtrlDev-9118b9bc-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :  Destination "\Device\Video4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04D9&PID_1603#6&21f54182&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-10"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) :  Destination "\Device\RaidPort0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62}"
.\debug.cpp(400) :  Destination "\Device\NDMP7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) :  Destination "\Device\Tun0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000003"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) :  Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) :  Destination "\Device\VolMgrControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_00#7&9e9fb24&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000076"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) :  Destination "\Device\ParallelVdm0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&12e4806&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4364&SUBSYS_326C1462&REV_12#4&22548594&0&0030#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :  Destination "\Device\00000062"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&30aef2a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_CF_Reader&Rev_1.01#2004888&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice"
.\debug.cpp(400) :  Destination "\Device\SpDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :  Destination "\Device\WMIDataDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05E3&PID_0604#5&31a2d3ea&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) :  Destination "\Device\Serial0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4364&SUBSYS_326C1462&REV_12#4&22548594&0&0030#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d453-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) :  Destination "\Device\PEAuth"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :  Destination "\Device\NamedPipe"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C019#6&21f54182&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-12"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000044"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :  Destination "\Device\Mup"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) :  Destination "\Device\IPNAT"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_02#7&9e9fb24&0&0002#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000077"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) :  Destination "\Device\Psched"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1dc8c19c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :  Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomATAPI_DVD_A__DH16A1P____________________RA11____#5&33acd2ad&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP2T0L0-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) :  Destination "\Device\00000081"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) :  Destination "\Device\00000080"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col01#6&32c0fdeb&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000066"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :  Destination "\Device\USBFDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :  Destination "\Device\Tcp"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000003"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_1299#1b12e90f6c7cbabc40b4712bccbce334d5f7d50f#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-13"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomATAPI_DVD_A__DH16A1P____________________RA11____#5&33acd2ad&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP2T0L0-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_058F&PID_9360#2004888#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-9"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :  Destination "\Device\USBFDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000004"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_MS_Reader&Rev_1.03#2004888&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9589&SUBSYS_E410174B&REV_00#4&251b81e2&0&0010#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :  Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :  Destination "\DosDevices\LPT1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :  Destination "\Device\USBFDO-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\0000004b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) :  Destination "\Device\00000082"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) :  Destination "\Device\Harddisk1\DR1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :  Destination "\Device\00000041"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}"
.\debug.cpp(400) :  Destination "\Device\NDMP12"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :  Destination "\Device\FsWrap"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :  Destination "\Device\USBFDO-3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) :  Destination "\Device\Harddisk2\DR2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :  Destination "\Device\0000007f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) :  Destination "\Device\USBFDO-4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B45C5B79-FD9B-42BA-AD49-AA05C2EBEA71}"
.\debug.cpp(400) :  Destination "\Device\NDMP5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B13E7DBC-720A-4675-871F-5184F828F0AA}"
.\debug.cpp(400) :  Destination "\Device\NDMP3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000042"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7127f36d-652f-11dc-91fa-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\Floppy0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"
.\debug.cpp(400) :  Destination "\Device\Harddisk3\DR3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C019#7&4a3376c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000079"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col01#6&32c0fdeb&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000066"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_00#7&9e9fb24&0&0000#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"
.\debug.cpp(400) :  Destination "\Device\00000076"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000007"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) :  Destination "\Device\USBFDO-5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_438A&SUBSYS_73261462&REV_00#3&18d45aa6&0&9B#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5C07C928-4C63-4DC2-992D-4C11BE77AABC}"
.\debug.cpp(400) :  Destination "\Device\NDMP2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{73BF05A7-BDEA-4E1E-BA2A-6E3488B39C4C}"
.\debug.cpp(400) :  Destination "\Device\NDMP1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :  Destination "\GLOBAL??"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d341-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4"
.\debug.cpp(400) :  Destination "\Device\Harddisk4\DR4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) :  Destination "\clfs"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvnddm"
.\debug.cpp(400) :  Destination "\Device\drvnddm"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000062"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :  Destination "\Device\00000062"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\0000004e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) :  Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ngene#VEN_18C3&DEV_0720&SUBSYS_1167153B&REV_00&Tuner#5&118ec3d9&0&2#{71985f48-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) :  Destination "\Device\00000059"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000047"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_CF_Reader&Rev_1.01#2004888&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\0000006f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0DF6&PID_9071#5&1ff220ae&0&10#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :  Destination "\Device\00000062"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&7894f0a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&12645949&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1128df1b&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\PciIde1Channel1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\int15"
.\debug.cpp(400) :  Destination "\Device\int15"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ngene#VEN_18C3&DEV_0720&SUBSYS_1167153B&REV_00&Capture#5&118ec3d9&0&4#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) :  Destination "\Device\0000005a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_13EC&PID_0006#5&513c5b&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-8"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000004"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_00#8&995f03&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000007a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000003b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :  Destination "\Device\0000004e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}Test"
.\debug.cpp(400) :  Destination "\Device\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000045"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&27748934&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :  Destination "\Device\MountPointManager"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d456-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d454-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d33f-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_SM_Reader&Rev_1.02#2004888&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) :  Destination "\Device\00000083"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000039"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000038"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) :  Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) :  Destination "\Device\Nsi"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\K:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_01&Col01#8&29040ccc&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000007b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :  Destination "\Device\WANARP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036#6&21f54182&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-11"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{700fa1b0-a050-11dc-b3a7-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_MS_Reader&Rev_1.03#2004888&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000071"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) :  Destination "\Device\NXTIPSEC"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_00#7&9e9fb24&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000076"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F}"
.\debug.cpp(400) :  Destination "\Device\NDMP11"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000038"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureCFF86ED3Offset27098F400Length1BEC8D6A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) :  Destination "\Device\Floppy0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) :  Destination "\Device\WFP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :  Destination "\Device\NDMP8"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_02#7&9e9fb24&0&0002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000077"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) :  Destination "\Device\WANARPV6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000048"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col02#6&32c0fdeb&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\00000067"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9ba-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) :  Destination "\Device\UMDFCtrlDev-9118b9ba-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :  Destination "\Device\0000007e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2759c99a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) :  Destination "\Device\1394BUS0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&160ddd18&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\FloppyPDO0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_1299#1b12e90f6c7cbabc40b4712bccbce334d5f7d50f#{f0b32be3-6678-4879-9230-e43845d805ee}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-13"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C019#7&4a3376c&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000079"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#1#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) :  Destination "\Device\0000004f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A9E0DE49-0213-4FF4-8392-54FDA59E5FCE}"
.\debug.cpp(400) :  Destination "\Device\NDMP6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) :  Destination "\Device\00000083"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col05#6&32c0fdeb&0&0004#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000006a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : Device "\GLOBAL??\DLAIFS"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :  Destination "\Device\NdisWan"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0DF6&PID_9071#5&1ff220ae&0&10#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) :  Destination "\Device\Parallel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_438B&SUBSYS_73261462&REV_00#3&18d45aa6&0&9C#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4387&SUBSYS_73261462&REV_00#3&18d45aa6&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d340-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) :  Destination "\Device\00000082"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) :  Destination "\Device\MPS"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvmcdb"
.\debug.cpp(400) :  Destination "\Device\drvmcdb"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_SD_Reader&Rev_1.00#2004888&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_01&Col02#8&29040ccc&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000007c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) :  Destination "\Device\00000081"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#ACR0009#5&13a1b096&0&UID268435460#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) :  Destination "\Device\0000007d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#ACR0009#5&13a1b096&0&UID268435460#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) :  Destination "\Device\0000007d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8024&SUBSYS_326D1462&REV_00#4&35e69562&0&10A4#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4388&SUBSYS_73261462&REV_00#3&18d45aa6&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1128df1b&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\PciIde1Channel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&27748934&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :  Destination "\Device\VolMgrControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :  Destination "\Device\MailSlot"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000062"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :  Destination "\DosDevices\COM1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&1d62032d&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) :  Destination "\Device\Parallel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) :  Destination "\Device\NDMP9"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&160ddd18&0&0#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\FloppyPDO0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_SM_Reader&Rev_1.02#2004888&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000070"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col06#6&32c0fdeb&0&0005#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000006b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :  Destination ""
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :  Destination "\Device\Null"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9c4-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) :  Destination "\Device\UMDFCtrlDev-9118b9c4-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :  Destination "\Device\Ndisuio"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000003e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9c8-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) :  Destination "\Device\UMDFCtrlDev-9118b9c8-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) :  Destination "\Device\WfpAle"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000003d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AudioLowerFilter"
.\debug.cpp(400) :  Destination "\Device\AudioLowerFilter"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0DF6&PID_9071#5&1ff220ae&0&10#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4389&SUBSYS_73261462&REV_00#3&18d45aa6&0&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d455-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3250820AS_____________________________3.AAD___#5&26bb45c4&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP0T1L0-7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_00#8&995f03&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\0000007a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000003a"
.\debug.cpp(409) :  --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`7098f400
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 10db723421b4c67663b09f7c08e4d4c6
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1062) :  --------------------------------------------
.\boot_cleaner.cpp(1106) :    232 GB  \\.\PhysicalDrive0  Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;
OSAM:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:28:03 on 02.10.2010

OS: Windows Vista Home Premium Edition (Build 6000), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.10

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - ? - C:\Windows\System32\guard32.dll  (File not found)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job" - ? - C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Advanced SCSI Programming Interface Driver" (ASPI) - ? - C:\Windows\System32\DRIVERS\ASPI32.sys
"catchme" (catchme) - ? - C:\Users\Zandy\AppData\Local\Temp\catchme.sys  (File not found)
"Cinergy 2400i DT Base Driver" (MicNgBas) - "Micronas GmbH" - C:\Windows\System32\drivers\MicNgBas.sys
"Cinergy 2400i DT Capture Driver" (MicNgCap) - "Micronas GmbH" - C:\Windows\System32\drivers\MicNgCap.sys
"Cinergy 2400i DT Tuner Driver" (MicNgTun) - "Micronas GmbH" - C:\Windows\System32\drivers\MicNgTun.sys
"DLABMFSM" (DLABMFSM) - "Roxio" - C:\Windows\System32\DLA\DLABMFSM.SYS
"DLABOIOM" (DLABOIOM) - "Roxio" - C:\Windows\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Roxio" - C:\Windows\System32\Drivers\DLACDBHM.SYS
"DLADResM" (DLADResM) - "Roxio" - C:\Windows\System32\DLA\DLADResM.SYS
"DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\Windows\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\Windows\System32\DLA\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Roxio" - C:\Windows\System32\DLA\DLAPoolM.SYS
"DLARTL_M" (DLARTL_M) - "Roxio" - C:\Windows\System32\Drivers\DLARTL_M.SYS
"DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\Windows\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\Windows\System32\DLA\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\Windows\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Roxio" - C:\Windows\System32\Drivers\DRVNDDM.SYS
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120" (libusb0) - "hxxp://libusb-win32.sourceforge.net" - C:\Windows\System32\DRIVERS\libusb0.sys
"nvlddmkm" (nvlddmkm) - "NVIDIA Corporation" - C:\Windows\System32\DRIVERS\nvlddmkm.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - D:\Bearbeitungsprogramme\PlayMovie\000.fcl

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{41E300E0-78B6-11ce-849B-444553540000} "Display Effects CPL Extension" - "Microsoft Corporation" - C:\Windows\system32\themeui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? -  (File not found | COM-object registry key not found)
{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll
{5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{32099AAC-C132-4136-9E9A-4E364A424E17}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{472734EA-242A-422B-ADF8-83D1E48CC825}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\Windows\Downloaded Program Files\gp.ocx / hxxp://www.adobe.com/products/acrobat/nos/gp.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_12.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\Windows\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\Director\swdir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech Touch Mouse Server.lnk" - "Logitech, Inc." - C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Sitecom USB Wireless LAN Utility.lnk" - "Sitecom Europe BV" - C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\shsvcs.dll,-12288" (ShellHWDetection) - "Microsoft Corporation" - C:\Windows\System32\shsvcs.dll
"@%SystemRoot%\System32\shsvcs.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\shsvcs.dll
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - ? - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS32.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
GMER (hat beim 1. Versuch geklappt aber bestimmt 2std. gebraucht ^^) :
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-02 00:35:55
Windows 6.0.6000
Running: 9bt4rf9k.exe; Driver: C:\Users\Zandy\AppData\Local\Temp\kxldypog.sys


---- Kernel code sections - GMER 1.0.15 ----

      D:\Bearbeitungsprogramme\PlayMovie\000.fcl                                                                          entry point in "" section [0xA96CC41C]
.clc  D:\Bearbeitungsprogramme\PlayMovie\000.fcl                                                                          unknown last code section [0xA96CD000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceExA                              774C92DD 7 Bytes  JMP 2806CE30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceA                                774C93BB 5 Bytes  JMP 2806CDA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceW                                774D33FE 5 Bytes  JMP 2806CCA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!SizeofResource                              774D341C 7 Bytes  JMP 2806CF70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!CreateEventA                                774F7B60 5 Bytes  JMP 2806C900 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!LockResource                                774FD5DF 5 Bytes  JMP 2806CFE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceExW                              774FD673 7 Bytes  JMP 2806CD20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!LoadResource                                774FD74B 7 Bytes  JMP 2806CEC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ADVAPI32.dll!CryptDeriveKey                              771ED229 7 Bytes  JMP 2806C410 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ADVAPI32.dll!CryptDecrypt                                771ED359 7 Bytes  JMP 2806C470 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!SetWindowPlacement                            776774E1 5 Bytes  JMP 28070480 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!TrackPopupMenuEx                              7767C76F 5 Bytes  JMP 2806F590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!LoadImageW                                    7767D3D5 5 Bytes  JMP 28070C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!SetWindowRgn                                  7767E016 7 Bytes  JMP 28070520 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!CreateWindowExW                                776885F8 5 Bytes  JMP 2806E4A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!LoadIconW                                      776886E0 5 Bytes  JMP 28070DE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!GetWindowLongW                                7769250E 7 Bytes  JMP 28070F10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!PeekMessageW                                  776925BC 5 Bytes  JMP 2806EF10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!MessageBoxIndirectW                            7769F1B3 5 Bytes  JMP 28070800 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!CreateDialogParamW                            776AA500 5 Bytes  JMP 280705D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!closesocket                                    777E3847 5 Bytes  JMP 280754A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!send                                          777E3A8A 5 Bytes  JMP 28075160 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!recv                                          777E4ABD 5 Bytes  JMP 28074E80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!WSASend                                        777E4EE9 5 Bytes  JMP 280752D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!WSARecv                                        777E72B5 5 Bytes  JMP 28074FB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] SHELL32.dll!Shell_NotifyIconW                            76753114 5 Bytes  JMP 2806DC10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ole32.dll!CoRegisterClassObject                          779139AC 5 Bytes  JMP 2806D340 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ole32.dll!CoInitializeEx                                  7794885D 5 Bytes  JMP 2806D240 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ole32.dll!CoCreateInstance                                7794DD8F 5 Bytes  JMP 2806D5C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!InternetCloseHandle                          77824261 5 Bytes  JMP 280741D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!HttpOpenRequestA                              7782AA7B 5 Bytes  JMP 28073F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!InternetReadFile                              778313D4 5 Bytes  JMP 28074090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text  C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!HttpSendRequestA                              77833558 5 Bytes  JMP 28074130 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [7496FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [7493B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [7492A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [7492CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                            [74928AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                    [7493CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [74927D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                            [74927CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [74926A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                      [749BC1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                        [74947F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [749290CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [74932179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                    [749321A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                              [74937F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [74937D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                [749683D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5028b1                                       
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5028b1@60d0a94da812                            0x4D 0xFD 0x50 0x35 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xF2 0x70 0x83 0xAE ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x3B 0x7F 0x72 0xB0 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xA4 0xCF 0xA6 0x66 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x6F 0xC0 0x42 0x77 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd5028b1 (not active ControlSet)                   
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd5028b1@60d0a94da812                                0x4D 0xFD 0x50 0x35 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xF2 0x70 0x83 0xAE ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x3B 0x7F 0x72 0xB0 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xA4 0xCF 0xA6 0x66 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x6F 0xC0 0x42 0x77 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                            0x70 0xB1 0xA5 0x07 ...

---- EOF - GMER 1.0.15 ----
aja und ich hatte msn noch auf als ich gescannt hab sorry...

cosinus 03.10.2010 12:51
Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

ali321 03.10.2010 13:35
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:           
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        (build 6000), 32-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Phoenix Technologies, LTD
System Manufacturer:        Acer
System Product Name:        Aspire M3610
Logical Drives Mask:        0x0001079d

Kernel Drivers (total 171):
  0x83000000 \SystemRoot\system32\ntkrnlpa.exe
  0x833A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8025D000 \SystemRoot\system32\PSHED.dll
  0x80255000 \SystemRoot\system32\BOOTVID.dll
  0x8021A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80461000 \SystemRoot\system32\drivers\acpi.sys
  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80425000 \SystemRoot\system32\drivers\pci.sys
  0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8040E000 \SystemRoot\system32\drivers\pciide.sys
  0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807AE000 \SystemRoot\system32\drivers\atapi.sys
  0x80790000 \SystemRoot\system32\drivers\ataport.SYS
  0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
  0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8062B000 \SystemRoot\system32\drivers\ndis.sys
  0x80600000 \SystemRoot\system32\drivers\msrpc.sys
  0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
  0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
  0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
  0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8C034000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x91970000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8C026000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91EFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x91803000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8C019000 \SystemRoot\System32\drivers\watchdog.sys
  0x8C007000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8C0DF000 \SystemRoot\system32\drivers\MicNgBas.sys
  0x91BCC000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x8C0FB000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x91B8F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x91B81000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C1BB000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0x91B69000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x91910000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8BD24000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x91B0B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x91B00000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x91AE6000 \SystemRoot\system32\DRIVERS\serial.sys
  0x91ADC000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x91AC4000 \SystemRoot\system32\DRIVERS\parport.sys
  0x91A99000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x91A59000 \SystemRoot\system32\DRIVERS\storport.sys
  0x91A4E000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x91A37000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x91A2C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x91A09000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BDD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x91EEC000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x91ED0000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x91EC5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x91EBA000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C1AD000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x91E90000 \SystemRoot\system32\DRIVERS\ks.sys
  0x91E86000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x91EDF000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x92730000 \SystemRoot\system32\drivers\MicNgCap.sys
  0x91E68000 \SystemRoot\system32\drivers\MicNgTun.sys
  0x8C07E000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x91E34000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x91E2A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8BCD4000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x926B1000 \SystemRoot\system32\drivers\HdAudio.sys
  0x92684000 \SystemRoot\system32\drivers\portcls.sys
  0x91E05000 \SystemRoot\system32\drivers\drmk.sys
  0x92857000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x9198B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x91902000 \SystemRoot\System32\Drivers\Null.SYS
  0x8C04A000 \SystemRoot\System32\Drivers\Beep.SYS
  0x91934000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0x918A7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x92668000 \SystemRoot\System32\drivers\vga.sys
  0x92647000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C16D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C175000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x9261C000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x9260E000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x919A6000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x92B2B000 \SystemRoot\System32\drivers\tcpip.sys
  0x9283E000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x92829000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x92815000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92AA4000 \SystemRoot\system32\drivers\afd.sys
  0x92A72000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92A5C000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92600000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92802000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92A21000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92A17000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92A00000 \SystemRoot\System32\Drivers\dfsc.sys
  0x9273D000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C03F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8C13D000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x8BDE7000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BCB4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8C1A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x92ECB000 \SystemRoot\system32\DRIVERS\zd1211u.sys
  0x91994000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x9B400000 \SystemRoot\System32\win32k.sys
  0x92EC1000 \SystemRoot\System32\drivers\Dxapi.sys
  0x92E65000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x92F4D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9C91A000 \SystemRoot\system32\DRIVERS\spc1030.sys
  0x927A5000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x918A0000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
  0x92F37000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
  0x92F25000 \SystemRoot\system32\drivers\usbaudio.sys
  0x8C115000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9BB4C000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9D200000 \SystemRoot\System32\TSDDD.dll
  0x9D220000 \SystemRoot\System32\ATMFD.DLL
  0x9D210000 \SystemRoot\System32\cdd.dll
  0x9CEE5000 \SystemRoot\system32\drivers\luafv.sys
  0x9BA76000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0x9B619000 \SystemRoot\System32\DLA\DLADResM.SYS
  0x9CECD000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0x91B46000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0x8C1BD000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0x918C3000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0x918CA000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0x9CE77000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0x9CE60000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0xA0B72000 \SystemRoot\system32\drivers\spsys.sys
  0x8BCF4000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA0B47000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9B663000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA068A000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA1797000 \SystemRoot\system32\drivers\HTTP.sys
  0xA0A45000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA177E000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA176A000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA171B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA16E2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA16D0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA16AC000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA165B000 \SystemRoot\System32\DRIVERS\srv.sys
  0x918F4000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA160A000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xA3322000 \SystemRoot\system32\drivers\peauth.sys
  0x9BAAD000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA3281000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
  0xA320C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA3FEE000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA3E48000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0x9BACE000 \SystemRoot\system32\drivers\tdtcp.sys
  0x9B6BD000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xA47D2000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xAFB0A000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x9EED0000 \SystemRoot\system32\drivers\MSPQM.sys
  0xC9640000 \SystemRoot\System32\Drivers\usbaapl.sys
  0x77040000 \Windows\System32\ntdll.dll

Processes (total 69):
      0 System Idle Process
      4 System
    420 C:\Windows\System32\smss.exe
    528 csrss.exe
    592 C:\Windows\System32\wininit.exe
    604 csrss.exe
    636 C:\Windows\System32\services.exe
    652 C:\Windows\System32\lsass.exe
    660 C:\Windows\System32\lsm.exe
    796 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\winlogon.exe
    920 C:\Windows\System32\svchost.exe
    956 C:\Windows\System32\svchost.exe
    1004 C:\Windows\System32\Ati2evxx.exe
    1024 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\audiodg.exe
    1296 C:\Windows\System32\svchost.exe
    1320 C:\Windows\System32\SLsvc.exe
    1356 C:\Windows\System32\svchost.exe
    1436 C:\Windows\System32\Ati2evxx.exe
    1576 C:\Windows\System32\svchost.exe
    1788 C:\Windows\System32\spoolsv.exe
    1816 C:\Windows\System32\svchost.exe
    608 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    1252 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1340 C:\Program Files\Bonjour\mDNSResponder.exe
    1544 C:\Windows\System32\svchost.exe
    1584 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    1060 C:\Windows\System32\PnkBstrA.exe
    2020 C:\Windows\System32\svchost.exe
    500 C:\Program Files\Google\Update\GoogleUpdate.exe
    412 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    2236 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2268 C:\Windows\System32\svchost.exe
    2316 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    2340 C:\Windows\System32\svchost.exe
    2368 C:\Windows\System32\SearchIndexer.exe
    2464 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    2736 WUDFHost.exe
    2928 C:\Windows\System32\taskeng.exe
    2948 C:\Windows\System32\alg.exe
    4072 C:\Windows\System32\taskeng.exe
    2356 C:\Windows\System32\dwm.exe
    860 C:\Windows\explorer.exe
    3284 C:\Windows\RtHDVCpl.exe
    3292 C:\Windows\vspc1030.exe
    3344 C:\Program Files\iTunes\iTunesHelper.exe
    3368 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    3376 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
    3556 C:\Program Files\iPod\bin\iPodService.exe
    1944 C:\Windows\ehome\ehsched.exe
    2136 C:\Windows\ehome\ehrecvr.exe
    2292 C:\Windows\System32\wuauclt.exe
    5484 C:\Windows\System32\conime.exe
    6032 C:\Program Files\QuickTime\QuickTimePlayer.exe
    1416 C:\Windows\System32\taskeng.exe
    5420 C:\Program Files\iTunes\iTunes.exe
    5148 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    4220 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    4824 C:\Windows\System32\mobsync.exe
    4336 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    3540 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    3132 C:\Program Files\DVDVideoSoft\Free Studio\Free YouTube to Mp3 Converter\FreeYouTubeToMP3Converter.exe
    4004 C:\Program Files\Java\jre6\bin\javaw.exe
    3408 C:\Windows\System32\SearchProtocolHost.exe
    5952 C:\Windows\System32\SearchFilterHost.exe
    3876 C:\Users\Zandy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00  (NTFS)
\\.\Q: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD 
PhysicalDrive5 Model Number: SeagateFreeAgent, Rev: 0138

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
    931 GB  \\.\PhysicalDrive5  MBR Code Faked!
            SHA1: 31ABC6F76EA6A7FD5B12BF4901243A3546141C86


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice:

Done!
Ok :D ich bin erstmal ne Woche im Urlaub aber wir schreiben in ner Woche ;)

cosinus 03.10.2010 13:39
Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 0
  • Please select the MBR code to write to this drive: 3 (für Vista)
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu auf.
Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten


Das gleiche machst Du für die andere Platte in Deinem Rechner also:
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 5
  • Please select the MBR code to write to this drive: 3 (für Vista)

ali321 09.10.2010 11:19
Okey ales gemacht :D
Beim Zweiten gabs Probleme ... naja siehs dir an :
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:           
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        (build 6000), 32-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Phoenix Technologies, LTD
System Manufacturer:        Acer
System Product Name:        Aspire M3610
Logical Drives Mask:        0x0000e7dd

Kernel Drivers (total 172):
  0x83000000 \SystemRoot\system32\ntkrnlpa.exe
  0x833A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8025D000 \SystemRoot\system32\PSHED.dll
  0x80255000 \SystemRoot\system32\BOOTVID.dll
  0x8021A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80461000 \SystemRoot\system32\drivers\acpi.sys
  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80425000 \SystemRoot\system32\drivers\pci.sys
  0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8040E000 \SystemRoot\system32\drivers\pciide.sys
  0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807AE000 \SystemRoot\system32\drivers\atapi.sys
  0x80790000 \SystemRoot\system32\drivers\ataport.SYS
  0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
  0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8062B000 \SystemRoot\system32\drivers\ndis.sys
  0x80600000 \SystemRoot\system32\drivers\msrpc.sys
  0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
  0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
  0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
  0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
  0x91620000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x91740000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x91612000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91AFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x91A62000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x91605000 \SystemRoot\System32\drivers\watchdog.sys
  0x91689000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x9167D000 \SystemRoot\system32\drivers\MicNgBas.sys
  0x91A2E000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x91673000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x925C3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x91A20000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C0C9000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0x91A08000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x916EB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8BDC0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x92505000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x924FA000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x924E0000 \SystemRoot\system32\DRIVERS\serial.sys
  0x924D6000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x924BE000 \SystemRoot\system32\DRIVERS\parport.sys
  0x92493000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x92453000 \SystemRoot\system32\DRIVERS\storport.sys
  0x92448000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x92431000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x92426000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x92403000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8C10A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x927ED000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8C119000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x927E2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x927CA000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C0C3000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x927A0000 \SystemRoot\system32\DRIVERS\ks.sys
  0x92796000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x927D5000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x926C6000 \SystemRoot\system32\drivers\MicNgCap.sys
  0x926A8000 \SystemRoot\system32\drivers\MicNgTun.sys
  0x91727000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x92674000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x9266A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8BD64000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x9262B000 \SystemRoot\system32\drivers\HdAudio.sys
  0x929D3000 \SystemRoot\system32\drivers\portcls.sys
  0x92606000 \SystemRoot\system32\drivers\drmk.sys
  0x9282A000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x91764000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x9166A000 \SystemRoot\System32\Drivers\Null.SYS
  0x916FC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x925B7000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0x91632000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x9281E000 \SystemRoot\System32\drivers\vga.sys
  0x92B9F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C037000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C047000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x92813000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x92805000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x91776000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x92AAA000 \SystemRoot\System32\drivers\tcpip.sys
  0x92A91000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x92A7C000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x92A68000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92A21000 \SystemRoot\system32\drivers\afd.sys
  0x92DCE000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92A0B000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92DC0000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92DAD000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92D72000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92A01000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92D5B000 \SystemRoot\System32\Drivers\dfsc.sys
  0x926D3000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x916F1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8C09F000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x917C7000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BCC4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8C0C7000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8BDE7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x9AFEE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x9AFB5000 \SystemRoot\system32\DRIVERS\zd1211u.sys
  0x9B800000 \SystemRoot\System32\win32k.sys
  0x92C01000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9AF4D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9C91A000 \SystemRoot\system32\DRIVERS\spc1030.sys
  0x926E0000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x91655000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
  0x9AF37000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
  0x9AF25000 \SystemRoot\system32\drivers\usbaudio.sys
  0x8C02F000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8C173000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9D800000 \SystemRoot\System32\TSDDD.dll
  0x9D820000 \SystemRoot\System32\ATMFD.DLL
  0x9D810000 \SystemRoot\System32\cdd.dll
  0x9C82F000 \SystemRoot\system32\drivers\luafv.sys
  0x92C56000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0x9C854000 \SystemRoot\System32\DLA\DLADResM.SYS
  0x9C817000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0x92545000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0x8C0D1000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0x9165C000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0x91663000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0x9F4BE000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0x9F4A7000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0xA0AF2000 \SystemRoot\system32\drivers\spsys.sys
  0x8BD44000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA1379000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9F2D7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA1366000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA1233000 \SystemRoot\system32\drivers\HTTP.sys
  0xA1218000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA15A7000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA1204000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA1589000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA1550000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA153E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA151A000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA1489000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9F355000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA8F56000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xA9522000 \SystemRoot\system32\drivers\peauth.sys
  0x92CB9000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA9003000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
  0xA9121000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA8EA2000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA9240000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0x92C61000 \SystemRoot\system32\drivers\tdtcp.sys
  0x9AE65000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xA928D000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xA913C000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA8E4F000 \SystemRoot\system32\drivers\MSPQM.sys
  0x9BAE6000 \SystemRoot\System32\Drivers\usbaapl.sys
  0xA90F9000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x77A40000 \Windows\System32\ntdll.dll

Processes (total 66):
      0 System Idle Process
      4 System
    464 C:\Windows\System32\smss.exe
    528 csrss.exe
    592 C:\Windows\System32\wininit.exe
    600 csrss.exe
    636 C:\Windows\System32\services.exe
    652 C:\Windows\System32\lsass.exe
    660 C:\Windows\System32\lsm.exe
    792 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\winlogon.exe
    916 C:\Windows\System32\svchost.exe
    956 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\Ati2evxx.exe
    1036 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\audiodg.exe
    1288 C:\Windows\System32\svchost.exe
    1332 C:\Windows\System32\SLsvc.exe
    1384 C:\Windows\System32\Ati2evxx.exe
    1404 C:\Windows\System32\svchost.exe
    1564 C:\Windows\System32\svchost.exe
    1740 C:\Windows\System32\spoolsv.exe
    1764 C:\Windows\System32\svchost.exe
    584 C:\Windows\System32\dwm.exe
    1256 C:\Windows\explorer.exe
    1860 C:\Windows\RtHDVCpl.exe
    1984 C:\Windows\vspc1030.exe
    2040 C:\Program Files\iTunes\iTunesHelper.exe
    2036 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    788 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
    1576 C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
    2824 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    2844 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2872 C:\Program Files\Bonjour\mDNSResponder.exe
    2892 C:\Windows\System32\svchost.exe
    3072 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    3168 C:\Windows\System32\PnkBstrA.exe
    3192 C:\Windows\System32\svchost.exe
    3208 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    3272 C:\Program Files\Google\Update\GoogleUpdate.exe
    3408 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    3440 C:\Windows\System32\svchost.exe
    3508 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    3536 C:\Windows\System32\svchost.exe
    3680 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    4084 WUDFHost.exe
    2624 C:\Program Files\iPod\bin\iPodService.exe
    1820 C:\Windows\System32\taskeng.exe
    1328 C:\Windows\System32\alg.exe
    2172 C:\Windows\System32\taskeng.exe
    5780 C:\Windows\ehome\ehsched.exe
    5832 C:\Windows\ehome\ehrecvr.exe
    4596 C:\Windows\System32\wuauclt.exe
    4120 C:\Program Files\iTunes\iTunes.exe
    6056 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    6140 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    6068 C:\Windows\System32\SearchIndexer.exe
    2732 C:\Windows\System32\taskeng.exe
    2424 C:\Windows\System32\SearchProtocolHost.exe
    5940 C:\Windows\System32\SearchFilterHost.exe
    2464 C:\Users\Zandy\Desktop\MBRCheck.exe
    2468 C:\Windows\System32\conime.exe
    2700 C:\Program Files\Mozilla Firefox\firefox.exe
    5528 C:\Program Files\Mozilla Firefox\plugin-container.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00  (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD 

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
 [ 0] Default (Windows Vista)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Code:
1ÀŽÐ¼ |ûPPü¾|¿PW¹åó¤Ë¿ 1À²€ÍsOtëóëþ½ˆ€~ ZtTø¸–³Írù  t+ø¸–³Írù tø¸–³Írù u$ø¸ÊÍ€út¾¾±8,|uÆ âô‰õéo éi ½¾f‹^`h  h  fSh  h |h h ´B²€‰æÍaasOt0ä²€ÍëÍè{ ½¾ÆF €ÆF ÆF  ÆF*‰¨t€N$*‰¨t€N4èr h  h |˽Îf‹^`h  h  fSh  h |h h ´B²€‰æÍaasOt0ä²€ÍëÍè ½¾€~'tºÆF'è% 뱿 1ÀŽÀ» ~¸µ ±¶ ²€Ís    Ot0äÍ
ëÞÿ 1ÀŽÀ» ~¸µ ±¶ ²€Ís    Ot0äÍ
ëÞà Acer.3  system                                      ÓnøÏ    'þÿÿ?  ;L8€þÿÿþÿÿzL8µFö
 þÿÿþÿÿ/“.R²í
                Uª
wie öffne ich denn ne BAK datei wenn nicht mit dem Editor? :D
ehm ja ^^ komische Zeichen aber :

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:           
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        (build 6000), 32-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Phoenix Technologies, LTD
System Manufacturer:        Acer
System Product Name:        Aspire M3610
Logical Drives Mask:        0x0000e7dd

Kernel Drivers (total 172):
  0x83000000 \SystemRoot\system32\ntkrnlpa.exe
  0x833A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8025D000 \SystemRoot\system32\PSHED.dll
  0x80255000 \SystemRoot\system32\BOOTVID.dll
  0x8021A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80461000 \SystemRoot\system32\drivers\acpi.sys
  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80425000 \SystemRoot\system32\drivers\pci.sys
  0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8040E000 \SystemRoot\system32\drivers\pciide.sys
  0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807AE000 \SystemRoot\system32\drivers\atapi.sys
  0x80790000 \SystemRoot\system32\drivers\ataport.SYS
  0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
  0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8062B000 \SystemRoot\system32\drivers\ndis.sys
  0x80600000 \SystemRoot\system32\drivers\msrpc.sys
  0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
  0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
  0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
  0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
  0x91905000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8C028000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x918F7000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91CFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x9185A000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x9184D000 \SystemRoot\System32\drivers\watchdog.sys
  0x91836000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x9182A000 \SystemRoot\system32\drivers\MicNgBas.sys
  0x91CCB000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x8C188000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x91C8E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x9181C000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C1A0000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0x91804000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8C000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8BD54000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x91C30000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x91C25000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x91C0B000 \SystemRoot\system32\DRIVERS\serial.sys
  0x91C01000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x92588000 \SystemRoot\system32\DRIVERS\parport.sys
  0x9255D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x9251D000 \SystemRoot\system32\DRIVERS\storport.sys
  0x91C83000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x92506000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x924FB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x924D8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BDD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x924C5000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x924A9000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x9249E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x92493000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C19E000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x92469000 \SystemRoot\system32\DRIVERS\ks.sys
  0x9245F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x924B8000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x92452000 \SystemRoot\system32\drivers\MicNgCap.sys
  0x92434000 \SystemRoot\system32\drivers\MicNgTun.sys
  0x919E4000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x92400000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x927F6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8BC74000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x927B7000 \SystemRoot\system32\drivers\HdAudio.sys
  0x9278A000 \SystemRoot\system32\drivers\portcls.sys
  0x92765000 \SystemRoot\system32\drivers\drmk.sys
  0x92857000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8C04C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x9194F000 \SystemRoot\System32\Drivers\Null.SYS
  0x91956000 \SystemRoot\System32\Drivers\Beep.SYS
  0x925EE000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0x91964000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x92709000 \SystemRoot\System32\drivers\vga.sys
  0x926E8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C140000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C148000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x926BD000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x926AF000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8C067000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x92B2B000 \SystemRoot\System32\drivers\tcpip.sys
  0x92696000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x92681000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x9266D000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92626000 \SystemRoot\system32\drivers\afd.sys
  0x92825000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92610000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92602000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92812000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92AF0000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92808000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92AD9000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8C01B000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C006000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8C110000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x9B600000 \SystemRoot\System32\win32k.sys
  0x92E9A000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9CBE4000 \SystemRoot\System32\Drivers\usbaapl.sys
  0x8C1AE000 \SystemRoot\System32\Drivers\USBD.SYS
  0x9C2F6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x8C082000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BCD4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x9E9EE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x9E9B5000 \SystemRoot\system32\DRIVERS\zd1211u.sys
  0x8C08B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x9E99E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9ED1A000 \SystemRoot\system32\DRIVERS\spc1030.sys
  0x92F64000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x91910000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
  0x9E988000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
  0x9E976000 \SystemRoot\system32\drivers\usbaudio.sys
  0x9CAB0000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9F800000 \SystemRoot\System32\TSDDD.dll
  0x9F820000 \SystemRoot\System32\ATMFD.DLL
  0x9F810000 \SystemRoot\System32\cdd.dll
  0x9ECBF000 \SystemRoot\system32\drivers\luafv.sys
  0x92E0C000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0x9B86F000 \SystemRoot\System32\DLA\DLADResM.SYS
  0xA0DE8000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0x91C5C000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0x9CA82000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0x9196B000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0x91972000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0x9E860000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0xA0DD1000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0xA2572000 \SystemRoot\system32\drivers\spsys.sys
  0x9E810000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA2488000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x92EEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA2475000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA2931000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA28C8000 \SystemRoot\system32\drivers\HTTP.sys
  0xA286D000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA2823000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA2421000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA2805000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA31C7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA31B5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA3191000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA3140000 \SystemRoot\System32\DRIVERS\srv.sys
  0x91948000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA33AF000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xA32D1000 \SystemRoot\system32\drivers\peauth.sys
  0x9EC93000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA46BF000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
  0xA46AA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA4698000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA50DA000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0x9EC0F000 \SystemRoot\system32\drivers\tdtcp.sys
  0x9B892000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xA506C000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0x9CA80000 \SystemRoot\system32\drivers\MSPQM.sys
  0xA4602000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x77EE0000 \Windows\System32\ntdll.dll

Processes (total 71):
      0 System Idle Process
      4 System
    472 C:\Windows\System32\smss.exe
    536 csrss.exe
    600 C:\Windows\System32\wininit.exe
    612 csrss.exe
    644 C:\Windows\System32\services.exe
    660 C:\Windows\System32\lsass.exe
    668 C:\Windows\System32\lsm.exe
    792 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\winlogon.exe
    920 C:\Windows\System32\svchost.exe
    952 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\Ati2evxx.exe
    1024 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\audiodg.exe
    1288 C:\Windows\System32\svchost.exe
    1320 C:\Windows\System32\SLsvc.exe
    1352 C:\Windows\System32\svchost.exe
    1512 C:\Windows\System32\Ati2evxx.exe
    1552 C:\Windows\System32\svchost.exe
    1776 C:\Windows\System32\spoolsv.exe
    1800 C:\Windows\System32\svchost.exe
    636 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    592 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1072 C:\Program Files\Bonjour\mDNSResponder.exe
    1252 C:\Windows\System32\svchost.exe
    124 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    756 C:\Windows\System32\PnkBstrA.exe
    2004 C:\Windows\System32\svchost.exe
    328 C:\Program Files\Google\Update\GoogleUpdate.exe
    2052 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    2260 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2292 C:\Windows\System32\svchost.exe
    2340 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    2380 C:\Windows\System32\svchost.exe
    2416 C:\Windows\System32\SearchIndexer.exe
    2532 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    2700 WmiPrvSE.exe
    2780 WUDFHost.exe
    3012 C:\Windows\System32\taskeng.exe
    3024 C:\Windows\System32\alg.exe
    3960 C:\Windows\ehome\ehsched.exe
    4028 C:\Windows\ehome\ehrecvr.exe
    3460 WmiPrvSE.exe
    3224 C:\Windows\System32\dwm.exe
    3444 C:\Windows\System32\taskeng.exe
    2172 C:\Windows\System32\taskeng.exe
    2112 C:\Windows\explorer.exe
    3876 C:\Windows\RtHDVCpl.exe
    3360 C:\Windows\vspc1030.exe
    3760 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    3344 C:\Program Files\iTunes\iTunesHelper.exe
    3908 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    3940 C:\Program Files\Skype\Phone\Skype.exe
    2992 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    3504 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
    3512 C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
    1216 C:\Program Files\iPod\bin\iPodService.exe
    2212 C:\Windows\System32\wuauclt.exe
    4304 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    4996 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    5020 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    5072 C:\Windows\System32\SearchProtocolHost.exe
    5084 C:\Windows\System32\SearchFilterHost.exe
    5300 C:\Program Files\Mozilla Firefox\firefox.exe
    5416 C:\Program Files\Mozilla Firefox\plugin-container.exe
    5848 C:\Users\Zandy\Desktop\MBRCheck.exe
    5864 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00  (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD 

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 5Available MBR codes:
 [ 0] Default (Windows Vista)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Out of memory!Could not read disk!


Done!

cosinus 09.10.2010 18:17
Das zweite mal ist für Deine ext. Platte! Die muss angeschlossen sein beim MBRfix! Bitte wiederholen!

ali321 09.10.2010 20:46
OK mache ich sofort ;D
2 Fragen :
Ist das mit der BAK datei richtig so mit diesen Zeichen ? :O
und
Woher weißt du von der ext. Platte ? :D

cosinus 09.10.2010 21:02
Zitat:
Zitat von ali321 (Beitrag 576883)
Woher weißt du von der ext. Platte ? :D
Meine :glaskugel: ist heute gut in Form! :zunge:

Daran seh ich das, stand im Log von mbrcheck:

Code:
PhysicalDrive5 Model Number: SeagateFreeAgent, Rev: 0138

ali321 10.10.2010 17:09
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:           
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        (build 6000), 32-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Phoenix Technologies, LTD
System Manufacturer:        Acer
System Product Name:        Aspire M3610
Logical Drives Mask:        0x000007bd

Kernel Drivers (total 171):
  0x83000000 \SystemRoot\system32\ntkrnlpa.exe
  0x833A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8025D000 \SystemRoot\system32\PSHED.dll
  0x80255000 \SystemRoot\system32\BOOTVID.dll
  0x8021A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80461000 \SystemRoot\system32\drivers\acpi.sys
  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80425000 \SystemRoot\system32\drivers\pci.sys
  0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8040E000 \SystemRoot\system32\drivers\pciide.sys
  0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807AE000 \SystemRoot\system32\drivers\atapi.sys
  0x80790000 \SystemRoot\system32\drivers\ataport.SYS
  0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
  0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8062B000 \SystemRoot\system32\drivers\ndis.sys
  0x80600000 \SystemRoot\system32\drivers\msrpc.sys
  0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
  0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
  0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
  0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8F835000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8F874000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8C1EC000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91EFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x91E62000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F828000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F816000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8C180000 \SystemRoot\system32\drivers\MicNgBas.sys
  0x8F8AC000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x8C028000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x919C3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8F808000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C1B2000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0x919AB000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8C0C8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8BCF4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8F89E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x919A0000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x91986000 \SystemRoot\system32\DRIVERS\serial.sys
  0x9197C000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x91964000 \SystemRoot\system32\DRIVERS\parport.sys
  0x91939000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x918F9000 \SystemRoot\system32\DRIVERS\storport.sys
  0x918EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x918D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x918CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x918A9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BDD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x91896000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x9186F000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x9188B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x92950000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C1B6000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x91845000 \SystemRoot\system32\DRIVERS\ks.sys
  0x9183B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x9187E000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x92880000 \SystemRoot\system32\drivers\MicNgCap.sys
  0x9181D000 \SystemRoot\system32\drivers\MicNgTun.sys
  0x8F93E000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x91E2E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x91813000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8BCE4000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x92841000 \SystemRoot\system32\drivers\HdAudio.sys
  0x91E01000 \SystemRoot\system32\drivers\portcls.sys
  0x9281C000 \SystemRoot\system32\drivers\drmk.sys
  0x92A57000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F862000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8F9B3000 \SystemRoot\System32\Drivers\Null.SYS
  0x8F9BA000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8C0C2000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0x8F9C8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x92810000 \SystemRoot\System32\drivers\vga.sys
  0x92DDF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C148000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C150000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x9295B000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x92802000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8F87D000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x92C5A000 \SystemRoot\System32\drivers\tcpip.sys
  0x92C41000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x92A02000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x92C2D000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92FB9000 \SystemRoot\system32\drivers\afd.sys
  0x92F87000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92C17000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92C09000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92F74000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92F39000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92EEF000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92ED8000 \SystemRoot\System32\Drivers\dfsc.sys
  0x9289A000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x92966000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8C140000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x9B800000 \SystemRoot\System32\win32k.sys
  0x92E7E000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9C49D000 \SystemRoot\System32\Drivers\usbaapl.sys
  0x8C1AC000 \SystemRoot\System32\Drivers\USBD.SYS
  0x9CF4C000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x8F886000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BC74000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x9CE2E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x9DCC7000 \SystemRoot\system32\DRIVERS\zd1211u.sys
  0x8F88F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x9CE17000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9ED1A000 \SystemRoot\system32\DRIVERS\spc1030.sys
  0x928CE000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x8F9C1000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
  0x9CE01000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
  0x9DCB5000 \SystemRoot\system32\drivers\usbaudio.sys
  0x8C120000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xA1200000 \SystemRoot\System32\TSDDD.dll
  0xA1220000 \SystemRoot\System32\ATMFD.DLL
  0xA0BE5000 \SystemRoot\system32\drivers\luafv.sys
  0x9297C000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0x92E20000 \SystemRoot\System32\DLA\DLADResM.SYS
  0x9EC02000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0x8C045000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0x9DDFE000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0xA1210000 \SystemRoot\System32\cdd.dll
  0x8F9F9000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0x8C0F1000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0xA0BCF000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0xA0BB8000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0xA3972000 \SystemRoot\system32\drivers\spsys.sys
  0x9DDD0000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA3907000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9CEC0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA38F4000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA3B97000 \SystemRoot\system32\drivers\HTTP.sys
  0xA3B0D000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA3831000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA3AB9000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA3A9B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA3A62000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA3A50000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA3A2C000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA3FAF000 \SystemRoot\System32\DRIVERS\srv.sys
  0x8F9A5000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xADE7C000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xAE322000 \SystemRoot\system32\drivers\peauth.sys
  0x8C006000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAE42F000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
  0xAE2CD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xAE41D000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xAE9AA000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0x929A8000 \SystemRoot\system32\drivers\tdtcp.sys
  0x9BB1A000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xAEDD2000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xADF36000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xAE01A000 \SystemRoot\system32\drivers\MSPQM.sys
  0x772C0000 \Windows\System32\ntdll.dll

Processes (total 64):
      0 System Idle Process
      4 System
    476 C:\Windows\System32\smss.exe
    540 csrss.exe
    604 C:\Windows\System32\wininit.exe
    616 csrss.exe
    648 C:\Windows\System32\services.exe
    664 C:\Windows\System32\lsass.exe
    672 C:\Windows\System32\lsm.exe
    820 C:\Windows\System32\svchost.exe
    912 C:\Windows\System32\svchost.exe
    944 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\winlogon.exe
    1028 C:\Windows\System32\Ati2evxx.exe
    1048 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\audiodg.exe
    1304 C:\Windows\System32\svchost.exe
    1328 C:\Windows\System32\SLsvc.exe
    1372 C:\Windows\System32\svchost.exe
    1428 C:\Windows\System32\Ati2evxx.exe
    1540 C:\Windows\System32\svchost.exe
    1724 C:\Windows\System32\spoolsv.exe
    1756 C:\Windows\System32\svchost.exe
    620 C:\Windows\System32\dwm.exe
    1128 C:\Windows\System32\taskeng.exe
    1492 C:\Windows\explorer.exe
    1528 C:\Program Files\Google\Update\GoogleUpdate.exe
    1572 C:\Windows\System32\taskeng.exe
    1336 C:\Windows\System32\taskeng.exe
    2116 C:\Windows\RtHDVCpl.exe
    2132 C:\Windows\vspc1030.exe
    2208 C:\Program Files\iTunes\iTunesHelper.exe
    2332 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    2344 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
    2352 C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
    3152 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    3172 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    3200 C:\Program Files\Bonjour\mDNSResponder.exe
    3224 C:\Windows\System32\svchost.exe
    3392 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    3452 C:\Windows\System32\PnkBstrA.exe
    3504 C:\Windows\System32\svchost.exe
    3548 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    3796 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    3824 C:\Windows\System32\svchost.exe
    3848 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    3900 C:\Windows\System32\svchost.exe
    3920 C:\Windows\System32\SearchIndexer.exe
    3992 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    2396 WmiPrvSE.exe
    2660 WUDFHost.exe
    2992 C:\Program Files\iPod\bin\iPodService.exe
    3572 C:\Windows\System32\alg.exe
    3612 C:\Windows\ehome\ehsched.exe
    3636 C:\Windows\ehome\ehrecvr.exe
    2800 C:\Windows\System32\conime.exe
    3128 C:\Windows\System32\wuauclt.exe
    3132 WmiPrvSE.exe
    2500 C:\Windows\System32\mobsync.exe
    2472 C:\Windows\System32\SearchProtocolHost.exe
    808 C:\Windows\System32\SearchFilterHost.exe
    2916 C:\Users\Zandy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00  (NTFS)
\\.\F: --> \\.\PhysicalDrive6 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD 
PhysicalDrive6 Model Number: HitachiHDS721010CLA332, Rev:

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
    931 GB  \\.\PhysicalDrive6  RE: Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 5Available MBR codes:
 [ 0] Default (Windows Vista)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Code:
***
so das wars ;)
ich glaube meine platte geht nicht mehr :O

//EDIT:
Meine Platte geht jetzt an keinem Rechner mehr -.- :O was is da los?
ich hab bei computerverwaltung geguckt ... da wird sie angezeigt aber mit (EISA-Konfiguration) dahinter und der ganze Speicher ist nich zugeordnet HÖÄ!!==??? WTF was geht da ab ?!

ali321 10.10.2010 19:17
Hilfe!
... Ich kann noch nicht mal formatieren ...
ich finde die Platte ja nicht mal :(

//EDIT:
Mein Vater formatiert die jetzt und weist eine neue Partition zu ... mit Norten partition magic ;)
Schade das alles weg is ... :'( ü. 200 Filme , 80 Programme , und 10.000 Bilder -.-

ali321 10.10.2010 20:22
Ich wollte editieren aber ging nicht sorry
:
So nochmal von vorne ....
er hatte sie jetzt wieder fertig gemacht ABER! da ist n Virus drauf trotz formation etc.
auf seinem Rechner jetzt auch -.- doch er konnte ihn mit stinger beseitigen
ich dachte vielleicht ist der virus in der mbr und habe das programm von unten nochmal durchgezogen (mbrchek) der sagte mbr ist die falsche
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:           
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        (build 6000), 32-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Phoenix Technologies, LTD
System Manufacturer:        Acer
System Product Name:        Aspire M3610
Logical Drives Mask:        0x000007fd

Kernel Drivers (total 171):
  0x83000000 \SystemRoot\system32\ntkrnlpa.exe
  0x833A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8025D000 \SystemRoot\system32\PSHED.dll
  0x80255000 \SystemRoot\system32\BOOTVID.dll
  0x8021A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80461000 \SystemRoot\system32\drivers\acpi.sys
  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80425000 \SystemRoot\system32\drivers\pci.sys
  0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8040E000 \SystemRoot\system32\drivers\pciide.sys
  0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807AE000 \SystemRoot\system32\drivers\atapi.sys
  0x80790000 \SystemRoot\system32\drivers\ataport.SYS
  0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
  0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8062B000 \SystemRoot\system32\drivers\ndis.sys
  0x80600000 \SystemRoot\system32\drivers\msrpc.sys
  0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
  0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
  0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
  0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8F955000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8C01F000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8F947000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91EFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x8F8AA000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F89D000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F83B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F82F000 \SystemRoot\system32\drivers\MicNgBas.sys
  0x91ECB000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x8F825000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x91E8E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8F817000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C1AE000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0x91E76000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8C005000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8BCE4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8F809000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x91E0B000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x91DF1000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8F893000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x91DD9000 \SystemRoot\system32\DRIVERS\parport.sys
  0x91DAE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x91D6E000 \SystemRoot\system32\DRIVERS\storport.sys
  0x91D63000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x91D4C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x91D41000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x91D1E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BDD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x91D0B000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x91CEF000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x91CE4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x91CD9000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C1B4000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x91CAF000 \SystemRoot\system32\DRIVERS\ks.sys
  0x91CA5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x91CFE000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x91C98000 \SystemRoot\system32\drivers\MicNgCap.sys
  0x91C7A000 \SystemRoot\system32\drivers\MicNgTun.sys
  0x8F9F1000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x91C46000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x91C3C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8BCD4000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x929C1000 \SystemRoot\system32\drivers\HdAudio.sys
  0x91C0F000 \SystemRoot\system32\drivers\portcls.sys
  0x9289C000 \SystemRoot\system32\drivers\drmk.sys
  0x92A57000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8C043000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8F9BB000 \SystemRoot\System32\Drivers\Null.SYS
  0x8F9C2000 \SystemRoot\System32\Drivers\Beep.SYS
  0x91E4C000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0x8C00B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x91C03000 \SystemRoot\System32\drivers\vga.sys
  0x9282B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C127000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C12F000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x92800000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x929B3000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8C055000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x928DE000 \SystemRoot\System32\drivers\tcpip.sys
  0x928C5000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x92A42000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x92A2E000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92DB9000 \SystemRoot\system32\drivers\afd.sys
  0x92D87000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92A18000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92A0A000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92D74000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92D39000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92A00000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92D22000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8C012000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C18F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8C11F000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x94000000 \SystemRoot\System32\win32k.sys
  0x92EF6000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8C028000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BDC0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8C1C0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x92EA8000 \SystemRoot\System32\Drivers\usbaapl.sys
  0x8C031000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x92E96000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x92E5E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9C71A000 \SystemRoot\system32\DRIVERS\spc1030.sys
  0x92C02000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x8F960000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
  0x9B924000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
  0x9B912000 \SystemRoot\system32\drivers\usbaudio.sys
  0x8C13F000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9C254000 \SystemRoot\system32\DRIVERS\zd1211u.sys
  0x9C2E7000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9FC00000 \SystemRoot\System32\TSDDD.dll
  0x9FC20000 \SystemRoot\System32\ATMFD.DLL
  0x9F90C000 \SystemRoot\system32\drivers\luafv.sys
  0x9CD66000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0x9C23D000 \SystemRoot\System32\DLA\DLADResM.SYS
  0x9F8F4000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0x8F861000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0x8C1A6000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0x8F9AD000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0x8F9B4000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0x9F8DE000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0x9F8C7000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0x9FC10000 \SystemRoot\System32\cdd.dll
  0xA1A46000 \SystemRoot\system32\drivers\spsys.sys
  0x9F800000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA1A1B000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x92F3C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA33AD000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA3247000 \SystemRoot\system32\drivers\HTTP.sys
  0xA322C000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA3213000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA3BAC000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA3B8E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA3B55000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA3201000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA3B31000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA3AA0000 \SystemRoot\System32\DRIVERS\srv.sys
  0xAC357000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xAC21F000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xAEC22000 \SystemRoot\system32\drivers\peauth.sys
  0x9CD7C000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAE9DF000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
  0xAC20A000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xAE600000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xAEBBC000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xAE7FF000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x9CDDF000 \SystemRoot\system32\drivers\tdtcp.sys
  0x9C6A2000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xAFA12000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xA0DDB000 \SystemRoot\system32\drivers\MSPQM.sys
  0x777C0000 \Windows\System32\ntdll.dll

Processes (total 67):
      0 System Idle Process
      4 System
    412 C:\Windows\System32\smss.exe
    540 csrss.exe
    604 C:\Windows\System32\wininit.exe
    616 csrss.exe
    648 C:\Windows\System32\services.exe
    664 C:\Windows\System32\lsass.exe
    672 C:\Windows\System32\lsm.exe
    800 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\svchost.exe
    972 C:\Windows\System32\Ati2evxx.exe
    988 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\winlogon.exe
    1064 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\svchost.exe
    1268 C:\Windows\System32\audiodg.exe
    1292 C:\Windows\System32\svchost.exe
    1324 C:\Windows\System32\SLsvc.exe
    1360 C:\Windows\System32\svchost.exe
    1484 C:\Windows\System32\Ati2evxx.exe
    1568 C:\Windows\System32\svchost.exe
    1756 C:\Windows\System32\spoolsv.exe
    1780 C:\Windows\System32\svchost.exe
    868 C:\Windows\System32\dwm.exe
    1160 C:\Windows\System32\taskeng.exe
    1616 C:\Program Files\Google\Update\GoogleUpdate.exe
    1416 C:\Windows\System32\taskeng.exe
    2148 C:\Windows\RtHDVCpl.exe
    2156 C:\Windows\vspc1030.exe
    2212 C:\Program Files\iTunes\iTunesHelper.exe
    2236 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    2252 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
    3220 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    3256 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    3268 C:\Program Files\Bonjour\mDNSResponder.exe
    3280 C:\Windows\System32\svchost.exe
    3364 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    3436 C:\Windows\System32\PnkBstrA.exe
    3476 C:\Windows\System32\svchost.exe
    3508 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    3784 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    3816 C:\Windows\System32\svchost.exe
    3840 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    3888 C:\Windows\System32\svchost.exe
    3912 C:\Windows\System32\SearchIndexer.exe
    4068 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    476 WUDFHost.exe
    2472 C:\Program Files\iPod\bin\iPodService.exe
    1168 C:\Windows\System32\alg.exe
    5536 C:\Windows\ehome\ehsched.exe
    5620 C:\Windows\ehome\ehrecvr.exe
    4504 C:\Windows\System32\conime.exe
    4316 C:\Windows\System32\wuauclt.exe
    3132 C:\Windows\explorer.exe
    6084 C:\Program Files\Mozilla Firefox\firefox.exe
    3584 C:\Program Files\Mozilla Firefox\plugin-container.exe
    4108 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    4596 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    3564 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    5040 C:\Program Files\T4E Player\T4EPlayer.exe
    4964 C:\Windows\System32\mobsync.exe
    5192 C:\Windows\System32\SearchProtocolHost.exe
    4004 C:\Windows\System32\SearchFilterHost.exe
    6016 C:\Windows\System32\taskeng.exe
    2576 D:\Allgemein\PC säubern\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00  (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000  (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD 
PhysicalDrive1 Model Number: SeagateFreeAgent, Rev: 0138

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
    931 GB  \\.\PhysicalDrive1  MBR Code Faked!
            SHA1: 31ABC6F76EA6A7FD5B12BF4901243A3546141C86


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
 [ 0] Default (Windows Vista)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Wrote new MBR code with API!  Fix may not be successful.
Please reboot your computer to complete the fix.


Done!
danach war die platte wieder unerkannt und mein dad musste sie nochmal formatieren (er hat xp)
können wir nochmal den ganzen pc scannen?

//EDIT: ich glaube wir können wieder von vorne anfangen ...:( ist fast wie vorher pc hängt sich auf programme bleiben stehn etc.

cosinus 10.10.2010 21:03
Wieso formatierst Du denn gleich ohne Rücksprache :confused:

Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).
Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

ali321 10.10.2010 21:46
Ich hab ja nur die Externe formatiert ..
Anders gings ja nicht mehr die wurde nicht mal mehr erkannt ...
Soll ich das mit der CD trozdem machen?
Und was genau passiert dann?

cosinus 11.10.2010 07:38
Zitat:
Ich hab ja nur die Externe formatiert ..
Ok, ich dachte schon du hast alles formatiert :D

Zitat:
Soll ich das mit der CD trozdem machen?
Und was genau passiert dann?
Ja bitte so machen wie es da steht. Dadurch wird ein neuer MBR und eine neue "Bootumgebung" geschrieben, geht ohne Datenverlust.

ali321 11.10.2010 20:06
hmm ...
Die CD geht nicht ..
Ich hab erstmal im BIOS eingestellt das er als erstesvon der CD bootet
Hat er auch gemacht
da steht dann Windows läd dateien ich watre so 2min
dann kommt der windows-hintergrund meine Maus und NICHTS ... :(
Was mache ich falsch?

cosinus 11.10.2010 20:28
Probier es bitte nochmal aus. Er bootet ja schon mal von der CD.

ali321 11.10.2010 20:33
Hab scho 3 mal probiert ...
Soll ich die CD sonst nochmal neu aufspielen?

cosinus 11.10.2010 20:40
Hm, ja brenn sie nochmal.
Wie hast Du die denn gebrannt? Zu schnell? Brenn sie langsamer, max. 16x
Hast Du einen normalen Rohling oder eine CDRW genommen? Die CD ist selbst aber unversehrt also ohne Kratzer oder dergleichen?

ali321 12.10.2010 09:49
Ich hab nochmal ne andere CD genommen und dann hats geklappt ;)
aber nur für Platte C/D
Ich hab nochmal mit MBR-Check geguckt sind wunderbar aus :D
Nur die Externe hat noch den falschen code ... mom ich poste gleich mal n logfile
:D

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:           
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        (build 6000), 32-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Phoenix Technologies, LTD
System Manufacturer:        Acer
System Product Name:        Aspire M3610
Logical Drives Mask:        0x000007bd

Kernel Drivers (total 170):
  0x83000000 \SystemRoot\system32\ntkrnlpa.exe
  0x833A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8025D000 \SystemRoot\system32\PSHED.dll
  0x80255000 \SystemRoot\system32\BOOTVID.dll
  0x8021A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80461000 \SystemRoot\system32\drivers\acpi.sys
  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80425000 \SystemRoot\system32\drivers\pci.sys
  0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8040E000 \SystemRoot\system32\drivers\pciide.sys
  0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807AE000 \SystemRoot\system32\drivers\atapi.sys
  0x80790000 \SystemRoot\system32\drivers\ataport.SYS
  0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
  0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8062B000 \SystemRoot\system32\drivers\ndis.sys
  0x80600000 \SystemRoot\system32\drivers\msrpc.sys
  0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
  0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
  0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
  0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8F8A5000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8F930000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8C1EC000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91AFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x8F808000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x91913000 \SystemRoot\System32\drivers\watchdog.sys
  0x91901000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x918F5000 \SystemRoot\system32\drivers\MicNgBas.sys
  0x918C1000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x918B7000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x9187A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x91920000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C1B2000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0x91862000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8C0E1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8BD04000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x9192E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x91857000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x9183D000 \SystemRoot\system32\DRIVERS\serial.sys
  0x91833000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x9181B000 \SystemRoot\system32\DRIVERS\parport.sys
  0x91AD4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x91A94000 \SystemRoot\system32\DRIVERS\storport.sys
  0x91810000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x91A7D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x91805000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x91A5A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BDD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x91A47000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x91A21000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x91A16000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x91A0B000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C1C0000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x923D6000 \SystemRoot\system32\DRIVERS\ks.sys
  0x91A3D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x91A30000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x92329000 \SystemRoot\system32\drivers\MicNgCap.sys
  0x9230B000 \SystemRoot\system32\drivers\MicNgTun.sys
  0x8F90F000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x922D7000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x92336000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8BCC4000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x92288000 \SystemRoot\system32\drivers\HdAudio.sys
  0x9225B000 \SystemRoot\system32\drivers\portcls.sys
  0x92236000 \SystemRoot\system32\drivers\drmk.sys
  0x92657000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F954000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8C09B000 \SystemRoot\System32\Drivers\Null.SYS
  0x8C10B000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8C0D5000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0x8C039000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x9222A000 \SystemRoot\System32\drivers\vga.sys
  0x92209000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C118000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C120000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x91A00000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x9193C000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8F966000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x92522000 \SystemRoot\System32\drivers\tcpip.sys
  0x92509000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x924F4000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x924E0000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92499000 \SystemRoot\system32\drivers\afd.sys
  0x92467000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92451000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x9194A000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x9243E000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92403000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x9234A000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x929A9000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8C025000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C017000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8C150000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x8F94B000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BD54000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8C1BA000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F9B7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x92DAE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x9B000000 \SystemRoot\System32\win32k.sys
  0x92354000 \SystemRoot\System32\drivers\Dxapi.sys
  0x92D35000 \SystemRoot\system32\DRIVERS\zd1211u.sys
  0x92C0E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9C91A000 \SystemRoot\system32\DRIVERS\spc1030.sys
  0x928E0000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x8C040000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
  0x9B634000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
  0x9B622000 \SystemRoot\system32\drivers\usbaudio.sys
  0x8C180000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9B686000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9DE00000 \SystemRoot\System32\TSDDD.dll
  0x9DE20000 \SystemRoot\System32\ATMFD.DLL
  0x9C82F000 \SystemRoot\system32\drivers\luafv.sys
  0x92835000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0x92D22000 \SystemRoot\System32\DLA\DLADResM.SYS
  0x9C817000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0x8F8E2000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0x8C1C8000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0x8C05C000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0x8C063000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0x9F598000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0x9F581000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0x9DE10000 \SystemRoot\System32\cdd.dll
  0xA12CF000 \SystemRoot\system32\drivers\spsys.sys
  0x8BCA4000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA1224000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x923AE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA17ED000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA165F000 \SystemRoot\system32\drivers\HTTP.sys
  0xA1604000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA1763000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA1FEC000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA1FCE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA1F95000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA1F83000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA1F5F000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA1F0E000 \SystemRoot\System32\DRIVERS\srv.sys
  0x8C078000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA9C70000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xAA622000 \SystemRoot\system32\drivers\peauth.sys
  0x9F53D000 \SystemRoot\system32\drivers\MSPQM.sys
  0x92861000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA9C9F000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
  0xAA60D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xAA79F000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xAAC38000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0x92898000 \SystemRoot\system32\drivers\tdtcp.sys
  0x92CA0000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xAB001000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xAADC8000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x774C0000 \Windows\System32\ntdll.dll

Processes (total 69):
      0 System Idle Process
      4 System
    380 C:\Windows\System32\smss.exe
    444 csrss.exe
    508 C:\Windows\System32\wininit.exe
    520 csrss.exe
    552 C:\Windows\System32\services.exe
    568 C:\Windows\System32\lsass.exe
    576 C:\Windows\System32\lsm.exe
    712 C:\Windows\System32\svchost.exe
    796 C:\Windows\System32\svchost.exe
    836 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\Ati2evxx.exe
    900 C:\Windows\System32\svchost.exe
    932 C:\Windows\System32\svchost.exe
    956 C:\Windows\System32\winlogon.exe
    980 C:\Windows\System32\svchost.exe
    1152 C:\Windows\System32\audiodg.exe
    1200 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\SLsvc.exe
    1264 C:\Windows\System32\svchost.exe
    1412 C:\Windows\System32\Ati2evxx.exe
    1492 C:\Windows\System32\svchost.exe
    1660 C:\Windows\System32\spoolsv.exe
    1692 C:\Windows\System32\svchost.exe
    308 C:\Windows\System32\dwm.exe
    392 C:\Windows\System32\taskeng.exe
    424 C:\Windows\explorer.exe
    544 C:\Program Files\Google\Update\GoogleUpdate.exe
    696 C:\Windows\System32\taskeng.exe
    1500 C:\Windows\System32\taskeng.exe
    504 C:\Windows\RtHDVCpl.exe
    1460 C:\Windows\vspc1030.exe
    2124 C:\Program Files\iTunes\iTunesHelper.exe
    2132 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2144 C:\Program Files\Skype\Phone\Skype.exe
    2152 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    2160 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
    2216 C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
    2792 C:\Program Files\Mozilla Firefox\firefox.exe
    3000 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    3212 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3492 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    3512 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    3540 C:\Program Files\Bonjour\mDNSResponder.exe
    3552 C:\Windows\System32\svchost.exe
    3752 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    3828 C:\Windows\System32\PnkBstrA.exe
    3848 C:\Windows\System32\svchost.exe
    3864 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    2348 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2360 C:\Windows\System32\svchost.exe
    616 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    2668 C:\Windows\System32\svchost.exe
    1764 C:\Windows\System32\SearchIndexer.exe
    2032 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    1932 WUDFHost.exe
    3276 WmiPrvSE.exe
    2108 C:\Program Files\iPod\bin\iPodService.exe
    3464 C:\Windows\System32\alg.exe
    5784 C:\Windows\ehome\ehsched.exe
    5852 C:\Windows\ehome\ehrecvr.exe
    4884 C:\Windows\System32\wuauclt.exe
    3588 C:\Windows\servicing\TrustedInstaller.exe
    4452 C:\Windows\System32\wbem\WMIADAP.exe
    4972 WmiPrvSE.exe
    3380 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    5384 D:\Allgemein\PC säubern\MBRCheck.exe
    5392 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00  (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000  (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD 
PhysicalDrive1 Model Number: SeagateFreeAgent, Rev: 0138

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    931 GB  \\.\PhysicalDrive1  MBR Code Faked!
            SHA1: 31ABC6F76EA6A7FD5B12BF4901243A3546141C86


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 12.10.2010 11:37
Versuch mal mit testdisk den MBR der externen Platte neu zu schreiben. Pass bei der Plattenwahl auf, Du darfst da die ext. Platte nicht mit der anderen Platte verwechseln!

ali321 12.10.2010 15:59
Und wie startet man das gute Programm? :D
schon gefunden;)

ali321 12.10.2010 19:47
Habs auf die CD bekommen :D
startet aber nicht ....

cosinus 13.10.2010 09:40
Testdisk führst Du unter Windows aus!! Auch hier wieder Rechtsklick => ausführen als Admin!

ali321 13.10.2010 16:16
da ist aber keine .exe bei ...

cosinus 13.10.2010 16:50
Im entpackten Testdisk-Ordner musst Du ins Verzeichnis win gehen, da befindet sie die exe:

Code:
testdisk-6.11.3/win/testdisk_win.exe

ali321 13.10.2010 18:32
hatte ich grade gefunden :D danke
bin dann auf das laufwerk der ex. Platte hab Intel angeklickt dann MBR und dann gefixt war das richtig?

ali321 13.10.2010 18:39
Feil ... :(
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:           
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        (build 6000), 32-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Phoenix Technologies, LTD
System Manufacturer:        Acer
System Product Name:        Aspire M3610
Logical Drives Mask:        0x0000e7fd

Kernel Drivers (total 170):
  0x83000000 \SystemRoot\system32\ntkrnlpa.exe
  0x833A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8025D000 \SystemRoot\system32\PSHED.dll
  0x80255000 \SystemRoot\system32\BOOTVID.dll
  0x8021A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80461000 \SystemRoot\system32\drivers\acpi.sys
  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80425000 \SystemRoot\system32\drivers\pci.sys
  0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8040E000 \SystemRoot\system32\drivers\pciide.sys
  0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807AE000 \SystemRoot\system32\drivers\atapi.sys
  0x80790000 \SystemRoot\system32\drivers\ataport.SYS
  0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
  0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8062B000 \SystemRoot\system32\drivers\ndis.sys
  0x80600000 \SystemRoot\system32\drivers\msrpc.sys
  0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
  0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
  0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
  0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
  0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
  0x90A15000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x90AF0000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x90A07000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91EFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x918E3000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x90A20000 \SystemRoot\System32\drivers\watchdog.sys
  0x918D1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x918C5000 \SystemRoot\system32\drivers\MicNgBas.sys
  0x91891000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x91887000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x9184A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x9183C000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C1DC000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0x91824000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8C0D4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8BCD4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x91816000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x9180B000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x91EE5000 \SystemRoot\system32\DRIVERS\serial.sys
  0x91801000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x91ECD000 \SystemRoot\system32\DRIVERS\parport.sys
  0x91EA2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x91E62000 \SystemRoot\system32\DRIVERS\storport.sys
  0x919F5000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x91E4B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x91E40000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x91E1D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BDD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x91E0A000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x927E6000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x927F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x92736000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C1E2000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x9270C000 \SystemRoot\system32\DRIVERS\ks.sys
  0x91E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90A3A000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x90A47000 \SystemRoot\system32\drivers\MicNgCap.sys
  0x926EE000 \SystemRoot\system32\drivers\MicNgTun.sys
  0x919D6000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x926BA000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x926B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8BCC4000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x92671000 \SystemRoot\system32\drivers\HdAudio.sys
  0x92634000 \SystemRoot\system32\drivers\portcls.sys
  0x9260F000 \SystemRoot\system32\drivers\drmk.sys
  0x92857000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x90B1D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8C026000 \SystemRoot\System32\Drivers\Null.SYS
  0x8C02D000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8C0BC000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0x8C03B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x92603000 \SystemRoot\System32\drivers\vga.sys
  0x92BDF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C125000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C135000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x92741000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x92809000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x90B2F000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x92AE0000 \SystemRoot\System32\drivers\tcpip.sys
  0x92AC7000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x92AB2000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x92A9E000 \SystemRoot\system32\DRIVERS\smb.sys
  0x92A57000 \SystemRoot\system32\drivers\afd.sys
  0x92A25000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92A0F000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92A01000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92DED000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92DB2000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92BB5000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92CBB000 \SystemRoot\System32\Drivers\dfsc.sys
  0x92C9D000 \SystemRoot\System32\Drivers\usbaapl.sys
  0x8C1DE000 \SystemRoot\System32\Drivers\USBD.SYS
  0x90B26000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BC94000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x92C8B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x90B38000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x92C40000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x90A54000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x9274C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8C13D000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x955A7000 \SystemRoot\system32\DRIVERS\zd1211u.sys
  0x95800000 \SystemRoot\System32\win32k.sys
  0x92CF0000 \SystemRoot\System32\drivers\Dxapi.sys
  0x95580000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8C14D000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9D51A000 \SystemRoot\system32\DRIVERS\spc1030.sys
  0x90A61000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x8C05E000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
  0x9552A000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
  0x95518000 \SystemRoot\system32\drivers\usbaudio.sys
  0x9D493000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9E000000 \SystemRoot\System32\TSDDD.dll
  0x9E020000 \SystemRoot\System32\ATMFD.DLL
  0x966A2000 \SystemRoot\system32\drivers\luafv.sys
  0x9276D000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0x96D6C000 \SystemRoot\System32\DLA\DLADResM.SYS
  0x9668A000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0x91994000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0x8C1D2000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0x8C01F000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0x8C034000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0x96CCC000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0x96CB5000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0x9E010000 \SystemRoot\System32\cdd.dll
  0x9FC86000 \SystemRoot\system32\drivers\spsys.sys
  0x8BD24000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9FC2B000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x92D18000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA13AD000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA1244000 \SystemRoot\system32\drivers\HTTP.sys
  0xA1BE5000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA1BCC000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA1BB8000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA1B9A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA1B61000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA1B4F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA1B2B000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA1A9A000 \SystemRoot\System32\DRIVERS\srv.sys
  0x8C049000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xAAA2D000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xAC622000 \SystemRoot\system32\drivers\peauth.sys
  0x927AF000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAAAEB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xABE02000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xAC18D000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
  0xAC360000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0x927DB000 \SystemRoot\system32\drivers\tdtcp.sys
  0x96759000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xAC5F4000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0x772C0000 \Windows\System32\ntdll.dll

Processes (total 65):
      0 System Idle Process
      4 System
    476 C:\Windows\System32\smss.exe
    552 csrss.exe
    604 C:\Windows\System32\wininit.exe
    616 csrss.exe
    648 C:\Windows\System32\services.exe
    664 C:\Windows\System32\lsass.exe
    672 C:\Windows\System32\lsm.exe
    808 C:\Windows\System32\svchost.exe
    900 C:\Windows\System32\svchost.exe
    932 C:\Windows\System32\svchost.exe
    980 C:\Windows\System32\Ati2evxx.exe
    992 C:\Windows\System32\svchost.exe
    1040 C:\Windows\System32\winlogon.exe
    1060 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1184 C:\Windows\System32\audiodg.exe
    1244 C:\Windows\System32\svchost.exe
    1260 C:\Windows\System32\SLsvc.exe
    1320 C:\Windows\System32\svchost.exe
    1540 C:\Windows\System32\svchost.exe
    1652 C:\Windows\System32\Ati2evxx.exe
    1744 C:\Windows\System32\spoolsv.exe
    1768 C:\Windows\System32\svchost.exe
    1252 C:\Windows\System32\dwm.exe
    1548 C:\Windows\explorer.exe
    712 C:\Windows\RtHDVCpl.exe
    1228 C:\Windows\vspc1030.exe
    320 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    2032 C:\Program Files\iTunes\iTunesHelper.exe
    1164 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    1412 C:\Program Files\Skype\Phone\Skype.exe
    2028 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    640 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
    884 C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
    2572 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    2804 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    2868 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    2904 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2916 C:\Program Files\Bonjour\mDNSResponder.exe
    2928 C:\Windows\System32\svchost.exe
    3048 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    3108 C:\Windows\System32\PnkBstrA.exe
    3212 C:\Windows\System32\svchost.exe
    3228 C:\Program Files\Google\Update\GoogleUpdate.exe
    3252 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    3424 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    3452 C:\Windows\System32\svchost.exe
    3480 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    3560 C:\Windows\System32\svchost.exe
    3608 C:\Windows\System32\SearchIndexer.exe
    3684 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    3952 WUDFHost.exe
    4072 WmiPrvSE.exe
    2568 C:\Program Files\iPod\bin\iPodService.exe
    2320 C:\Windows\System32\taskeng.exe
    2596 C:\Windows\System32\alg.exe
    3376 C:\Windows\System32\taskeng.exe
    2220 C:\Windows\System32\taskeng.exe
    5388 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    5644 C:\Windows\System32\SearchProtocolHost.exe
    5968 C:\Windows\System32\SearchFilterHost.exe
    4728 D:\Allgemein\PC säubern\MBRCheck.exe
    4744 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00  (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000  (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD 
PhysicalDrive1 Model Number: SeagateFreeAgent, Rev: 0138

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    931 GB  \\.\PhysicalDrive1  MBR Code Faked!
            SHA1: 31ABC6F76EA6A7FD5B12BF4901243A3546141C86


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
MBR code is immernoch faked :( aber die platte läuft ja

cosinus 13.10.2010 18:42
Ja, wir brechen an der Stelle ab. Der MBR muss nicht böse sein und von der ext. Platte wird auch nicht das Betriebssystem geladen ;) :D

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

ali321 14.10.2010 12:44
Hmm den Check lass ich mal über Nacht laufen ;)
Ich habe aber noch n anderes Problem ...
Kannst du irgendwo erkennen warum ich ab und zu ausm Internet fliege?
Einfach so werde ich dann reconnected ...
Nervt ziemlich weil dann OnlineRadio und OnlineSpiele sich direkt aufhängen ...(Firefox sagt ab und zu ich hätte keine Verbindung .. dann lass ich die Seite neu laden und schwup gehts )
Außerdem ist warscheinlich irgendein Programm etc. aktiv was den Server denken lässt ich hätte einen Hack im Hintergrund laufen ..
Hast du irgendwie sowas entdeckt? ich poste die logs morgen früh ;)

ali321 16.10.2010 19:12
Super....
:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/14/2010 at 05:40 PM

Application Version : 4.44.1000

Core Rules Database Version : 5682
Trace Rules Database Version: 3494

Scan type      : Complete Scan
Total Scan Time : 00:42:38

Memory items scanned      : 616
Memory threats detected  : 0
Registry items scanned    : 9908
Registry threats detected : 0
File items scanned        : 36102
File threats detected    : 251

Adware.Tracking Cookie
    C:\Users\Zandy\AppData\Roaming\Microsoft\Windows\Cookies\zandy@atdmt[2].txt
    .mywebsearch.com [ C:\ProgramData\Mozilla\Firefox\Profiles\7j3r9q2c.default\cookies.sqlite ]
    .mywebsearch.com [ C:\ProgramData\Mozilla\Firefox\Profiles\7j3r9q2c.default\cookies.sqlite ]
    .mywebsearch.com [ C:\ProgramData\Mozilla\Firefox\Profiles\7j3r9q2c.default\cookies.sqlite ]
    .mywebsearch.com [ C:\ProgramData\Mozilla\Firefox\Profiles\7j3r9q2c.default\cookies.sqlite ]
    .atdmt.com [ C:\ProgramData\Mozilla\Firefox\Profiles\7j3r9q2c.default\cookies.sqlite ]
    .adfarm1.adition.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    studivz.adfarm1.adition.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .doubleclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .gostats.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .apmebf.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .mediaplex.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .adviva.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .adtech.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .bs.serving-sys.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .collective-media.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .collective-media.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .collective-media.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .zanox.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad3.adfarm1.adition.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad2.adfarm1.adition.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    www.zanox-affiliate.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .zanox-affiliate.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.zanox.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    www.active-tracking.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .www.active-tracking.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .www.active-tracking.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .traffictrack.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .traffictrack.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    fl01.ct2.comclick.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    fl01.ct2.comclick.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    fl01.ct2.comclick.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .yadro.ru [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    s02.flagcounter.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .content.yieldmanager.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    adx.chip.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .cyonix.to [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .cyonix.to [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webstats4u.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    track.adform.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    track.adform.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    adfarm1.adition.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .mediaplex.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .apmebf.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.mindshare.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    adserver.clipscale.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    adserver.clipscale.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    adserver.clipscale.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.adition.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.adition.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .traffictrack.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.adserver01.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    statse.webtrendslive.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .komtrack.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .komtrack.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .smartadserver.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .partypoker.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .partypoker.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .partypoker.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    adserver.anschlusstor.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .ice.112.2o7.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.zanox.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .adxpose.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .adtech.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .eyewonder.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .eyewonder.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .ad.adnet.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .komtrack.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .smartadserver.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .smartadserver.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .smartadserver.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.hannoversche.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ww251.smartadserver.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .ad.adnet.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .www.toplist24.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .euros4click.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .casalemedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .casalemedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .casalemedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .casalemedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .casalemedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .collective-media.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    adserver.itsfogo.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    rts.pgmediaserve.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    rts.pgmediaserve.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    rts.pgmediaserve.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .server.cpmstar.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .server.cpmstar.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .server.cpmstar.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    s06.flagcounter.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .chitika.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .ads.quartermedia.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .ads.quartermedia.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    eas.apm.emediate.eu [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    rotator.adjuggler.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    rotator.adjuggler.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad4.adfarm1.adition.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad1.adfarm1.adition.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    www.etracker.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    creatives.commindo-media.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    auslieferung.commindo-media-ressourcen.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    click.mediadome.ru [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    click.yottacash.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    tracking.gameforge.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .legolas-media.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .legolas-media.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .collective-media.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .videoegg.adbureau.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    de.sitestat.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .lfstmedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    www.elitepvpers.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    www.elitepvpers.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    www.elitepvpers.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .elitepvpers.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .elitepvpers.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .elitepvpers.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .theproxyfinder.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .theproxyfinder.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .websitetrafficspy.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .websitetrafficspy.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    www.usenext.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    www.usenext.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .usenext.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .vinvest.122.2o7.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .fastclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .fastclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    track.funpic.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .ero-advertising.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .mediaplex.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .daimlerag.122.2o7.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    rgadvert.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .smartadserver.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    tracking.alternads.info [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .unitymedia.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .unitymedia.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .tracking.quisma.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    user.lucidmedia.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    www.etracker.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .specificclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .smartadserver.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .fastclick.net [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    www.elitepvpers.de [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .content.yieldmanager.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .webmasterplan.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    .adecn.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\cookies.sqlite ]
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt

cosinus 16.10.2010 22:11
Das sind nur Cookies!
Machst Du das noch mit Malwarebytes?

ali321 17.10.2010 00:00
schon fertig ;)
ich dachte ich hätte es gepostet

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4813

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

16.10.2010 21:46:39
mbam-log-2010-10-16 (21-46-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 310582
Laufzeit: 1 Stunde(n), 24 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa_dll.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Photoscape\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
das mit dem keygen steht da nich ^^
is das seinErnst? :D der hat meinen Keygen gelöscht xD

cosinus 17.10.2010 12:40
Zitat:
D:\Photoscape\keygen.exe
Sry aber das disqualifiziert Dich :balla: :stirn:
Bei keygens und co gibt es keine weiteren Hinweise mehr außer format c:

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

ali321 17.10.2010 13:52
Photoscape ist ein Freeware-Programm was ich aber erst im Nachhinein herausgefunden habe :P hxxp://photoscape.softonic.de/
System neu aufsetzen? :O
Muss das wirklich sein?
Wenn ja wo finde ich die Treiber die installiert sind und gesichert werden müssen?

cosinus 17.10.2010 14:24
Ja, muss sein, weil es hier außer format c keine anderen Hinweise mehr gibt wegen des keygen.
Treiber findest Du alle auf den CDs, die dem PC beilagen.

ali321 17.10.2010 15:00
Nur wegen dieses sch.... unnötigen keygens ? :O
Oh man .. hätt ich mich ma früher informiert ;)
also alles neu installieren? -.-
Ich glaube ich hab ne neu eingebeute Grafikkarte ..
müsste Vista doch aber auch so erkennen? oder also be der neuinstallation ..
sonst nehm ich für die installation die grafikkarte vom motherboard?

ali321 17.10.2010 20:14
soll ich das system kompl. neu aufsetzen oder auf den stand von 2007 zurücksetzen oder so?
ich hab nen acer pc und da müsste ich alle treiber neu instellieren -.-


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20