Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Kampf Musik im Desktop Hintergrund (https://www.trojaner-board.de/89153-kampf-musik-desktop-hintergrund.html)

Svensen89 05.08.2010 15:02
Kampf Musik im Desktop Hintergrund
 
Hallo zusammen, Ich habe seit paar tagen immer wieder Im Desktop, Hintergrund Musik Klingt so wie eine Werbung zu einen Spiel, aber es öffnet sich kein Fenster. Malwarebytes´ Anti-Malware hab ich drauf und da kommt immer ein Fenster unten rechts in der Ecke. " Zugang zu einer potenziell gefährlichen Webseite erfolgreich gestoppt: 213.5.69.26" . Aber ab und zu kommt das fenster nicht und die musik geht an und ich bin Rat los was ich jetzt da gegen machen soll...

Bitte um Hilfe

Der such lauf von heute morgen:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4388

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.08.2010 15:19:56
mbam-log-2010-08-05 (15-19-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 766166
Laufzeit: 3 Stunde(n), 57 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Temp\TMP00000032A46716C93B19DFC3 (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\postmortem.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.



Danke schon mal

MFG

Svensen89

cosinus 05.08.2010 20:53
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Svensen89 06.08.2010 02:59
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: FUJITSU SIEMENS
System Product Name: G31T-M2
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 175):
0x8303C000 \SystemRoot\system32\ntoskrnl.exe
0x83005000 \SystemRoot\system32\halmacpi.dll
0x80BB6000 \SystemRoot\system32\kdcom.dll
0x8C41E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C496000 \SystemRoot\system32\PSHED.dll
0x8C4A7000 \SystemRoot\system32\BOOTVID.dll
0x8C4AF000 \SystemRoot\system32\CLFS.SYS
0x8C4F1000 \SystemRoot\system32\CI.dll
0x8C59C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C60D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C61B000 \SystemRoot\System32\Drivers\sprc.sys
0x8C70E000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8C717000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8C73D000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C785000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C790000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C7BA000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C7C2000 \SystemRoot\System32\drivers\partmgr.sys
0x8C7D3000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C82A000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C875000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8C87C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C88A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C892000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C89D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C8B3000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C8BC000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C8DF000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C8E8000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C91C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C92D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CA5C000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CA87000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CA9A000 \SystemRoot\System32\Drivers\cng.sys
0x8CAF7000 \SystemRoot\System32\drivers\pcw.sys
0x8CB05000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8CB0E000 \SystemRoot\system32\drivers\ndis.sys
0x8CC27000 \SystemRoot\system32\drivers\NETIO.SYS
0x8CC65000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CC8A000 \SystemRoot\System32\drivers\tcpip.sys
0x8CDD3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CE04000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8CE0D000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CE4C000 \SystemRoot\System32\Drivers\spldr.sys
0x8CE54000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CE81000 \SystemRoot\System32\Drivers\mup.sys
0x8CE91000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CE99000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CECB000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CEDC000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CF33000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CF52000 \??\C:\Windows\system32\drivers\ACEDRV05.sys
0x8CFB1000 \??\C:\Windows\system32\drivers\SSHDRV76.sys
0x8CFE1000 \SystemRoot\System32\Drivers\Null.SYS
0x8CFE8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CFEF000 \SystemRoot\System32\drivers\vga.sys
0x8CC00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CBC5000 \SystemRoot\System32\drivers\watchdog.sys
0x8CBD2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CBDA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CBE2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CBEA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C800000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C80E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CBF5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x93809000 \SystemRoot\system32\drivers\afd.sys
0x93863000 \SystemRoot\System32\DRIVERS\netbt.sys
0x93895000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9389C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x938BB000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x938CB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x938D9000 \SystemRoot\system32\DRIVERS\serial.sys
0x938F3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x93906000 \SystemRoot\system32\drivers\vpcvmm.sys
0x9394D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9395D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x93963000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x93985000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9398B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x939CC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x939D6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x939E0000 \SystemRoot\System32\drivers\discache.sys
0x939EC000 \SystemRoot\system32\drivers\csc.sys
0x93A50000 \SystemRoot\System32\Drivers\dfsc.sys
0x93A68000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x93A76000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x93A92000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x93A94000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x93AB5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9543A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x95EB8000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x95EBA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x95F71000 \SystemRoot\System32\drivers\dxgmms1.sys
0x95FAA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x93AC7000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x95FC9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x93B0C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x95FD4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x93B57000 \SystemRoot\system32\drivers\cmaudio.sys
0x95400000 \SystemRoot\system32\drivers\portcls.sys
0x95FE3000 \SystemRoot\system32\drivers\drmk.sys
0x93BAF000 \SystemRoot\system32\drivers\ks.sys
0x94814000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x94840000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9484A000 \SystemRoot\system32\DRIVERS\parport.sys
0x94862000 \SystemRoot\System32\Drivers\a066ap7v.SYS
0x9489B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x948A8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x948BA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x948D2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x948DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x948FF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x94917000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9492E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x94945000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9494F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9495C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x94969000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9496B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x94979000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x94991000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x9499E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x949A0000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x949D6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x94A1A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97C0A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x97E02000 \SystemRoot\System32\Drivers\crashdmp.sys
0x97E0F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x97E1A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97E23000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97E34000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x97E4B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x97E56000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x97E69000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x99070000 \SystemRoot\System32\win32k.sys
0x97E70000 \SystemRoot\System32\drivers\Dxapi.sys
0x97E7A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x97E86000 \SystemRoot\system32\DRIVERS\whfltr2k.sys
0x97E88000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97E93000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x97EAA000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x97EB3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x992D0000 \SystemRoot\System32\TSDDD.dll
0x99300000 \SystemRoot\System32\cdd.dll
0x99320000 \SystemRoot\System32\ATMFD.DLL
0x97EBE000 \SystemRoot\system32\drivers\luafv.sys
0x97ED9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x97EED000 \SystemRoot\system32\drivers\WudfPf.sys
0x97F07000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97F17000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97F2A000 \SystemRoot\system32\drivers\HTTP.sys
0x97FAF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x97FC8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x97FDA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x94A2B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x94A66000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x97C00000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x97C07000 \SystemRoot\System32\Drivers\TBPanel.SYS
0x94A81000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x94AC4000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x94AC9000 \SystemRoot\system32\drivers\peauth.sys
0x94B60000 \SystemRoot\System32\Drivers\secdrv.SYS
0x94B6A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x94800000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAA81A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAA869000 \SystemRoot\System32\DRIVERS\srv.sys
0xAA8BA000 \SystemRoot\System32\drivers\ipnat.sys
0xAA8E0000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xAA8E9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAA90A000 \??\C:\Windows\system32\drivers\mbam.sys
0x77720000 \Windows\System32\ntdll.dll
0x47AB0000 \Windows\System32\smss.exe
0x77960000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x00680000 \Windows\System32\autochk.exe

Processes (total 66):
0 System Idle Process
4 SYSTEM
300 C:\Windows\System32\smss.exe
452 csrss.exe
516 C:\Windows\System32\wininit.exe
528 csrss.exe
568 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
664 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\nvvsvc.exe
892 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\svchost.exe
1432 C:\Windows\System32\nvvsvc.exe
1492 C:\Windows\System32\LEXBCES.EXE
1528 C:\Windows\System32\LEXPPS.EXE
1556 C:\Windows\System32\spoolsv.exe
1644 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1776 C:\Windows\System32\svchost.exe
1960 C:\Windows\System32\taskhost.exe
332 C:\Windows\System32\dwm.exe
560 C:\Windows\explorer.exe
1892 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
364 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\FsUsbExService.Exe
2112 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2248 C:\Windows\System32\svchost.exe
2272 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2324 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
2444 C:\Windows\RtHDVCpl.exe
2452 C:\Windows\mixer.exe
2460 C:\Xtreme Mouse\wh_exec.exe
2472 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2496 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2560 C:\Program Files\EXPERTool\TBPANEL.exe
2680 C:\Program Files\ICQ7.2\ICQ.exe
2732 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2988 C:\Windows\System32\PnkBstrA.exe
3068 C:\Windows\System32\PnkBstrB.exe
3108 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3232 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
3332 C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
3400 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
3892 C:\Windows\System32\SearchIndexer.exe
3980 C:\Windows\System32\alg.exe
1900 C:\Windows\System32\svchost.exe
2436 C:\Windows\System32\svchost.exe
3704 WUDFHost.exe
4216 C:\Program Files\Windows Media Player\wmpnetwk.exe
4956 C:\Windows\System32\svchost.exe
4652 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
5876 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4972 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
3932 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
5204 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4488 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4352 C:\Windows\System32\notepad.exe
4844 C:\Users\user\Desktop\MBRCheck (1).exe
5068 C:\Windows\System32\conhost.exe
4800 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: ST3360320AS, Rev: 3.AAM
PhysicalDrive0 Model Number: HitachiHDT721075SLA380, Rev: ST4OA31B

Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
698 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 7E54AD696A6F646BBADBB2CC6CE742EC5F02F663


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus 06.08.2010 09:53
Zitat:
698 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
Bitte mit MBRCheck den MBR auf Festplatte 0 für Win7 (MBR-Code) wiederherstellen.

Svensen89 06.08.2010 17:11
Wie mach ich das denn Sry wenn ich so doof frage hab da aber keine Ahnung von

cosinus 06.08.2010 21:00
Hier als Leitfaden: Lösche bitte die vorhandenen MBRCheck.txt.

Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): x
  • PLease select the MBR code to write to this drive: x
Die rot eingerahmten Zahlen aus der Anleitung entnehmen!!!
http://img831.imageshack.us/img831/5659/mbr.jpg
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu auf.
Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten

Svensen89 06.08.2010 23:50
Das ist der text vorm neu starten:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: FUJITSU SIEMENS
System Product Name: G31T-M2
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 175):
0x8301A000 \SystemRoot\system32\ntoskrnl.exe
0x8341A000 \SystemRoot\system32\halmacpi.dll
0x80BAF000 \SystemRoot\system32\kdcom.dll
0x8C42D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C4A5000 \SystemRoot\system32\PSHED.dll
0x8C4B6000 \SystemRoot\system32\BOOTVID.dll
0x8C4BE000 \SystemRoot\system32\CLFS.SYS
0x8C500000 \SystemRoot\system32\CI.dll
0x8C5AB000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C61C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C62A000 \SystemRoot\System32\Drivers\spvg.sys
0x8C71D000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8C726000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8C74C000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C794000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C79F000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C7C9000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C7D1000 \SystemRoot\System32\drivers\partmgr.sys
0x8C7E2000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C813000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C85E000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8C865000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C873000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C87B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C886000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C89C000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C8A5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C8C8000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C8D1000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C905000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C916000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CA45000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CA70000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CA83000 \SystemRoot\System32\Drivers\cng.sys
0x8CAE0000 \SystemRoot\System32\drivers\pcw.sys
0x8CAEE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8CAF7000 \SystemRoot\system32\drivers\ndis.sys
0x8CBAE000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CC09000 \SystemRoot\System32\drivers\tcpip.sys
0x8CD52000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CD83000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8CD8C000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CDCB000 \SystemRoot\System32\Drivers\spldr.sys
0x8CDD3000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CE00000 \SystemRoot\System32\Drivers\mup.sys
0x8CE10000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CE18000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CE4A000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CE5B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CEB2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CED1000 \??\C:\Windows\system32\drivers\ACEDRV05.sys
0x8CF30000 \??\C:\Windows\system32\drivers\SSHDRV76.sys
0x8CF60000 \SystemRoot\System32\Drivers\Null.SYS
0x8CF67000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CF6E000 \SystemRoot\System32\drivers\vga.sys
0x8CF7A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CF9B000 \SystemRoot\System32\drivers\watchdog.sys
0x8CFA8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CFB0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CFB8000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CFC0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CFCB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CFD9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CFF0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9340D000 \SystemRoot\system32\drivers\afd.sys
0x93467000 \SystemRoot\System32\DRIVERS\netbt.sys
0x93499000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x934A0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x934BF000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x934CF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x934DD000 \SystemRoot\system32\DRIVERS\serial.sys
0x934F7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9350A000 \SystemRoot\system32\drivers\vpcvmm.sys
0x93551000 \SystemRoot\system32\DRIVERS\termdd.sys
0x93561000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x93567000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x93589000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9358F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x935D0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x935DA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x935E4000 \SystemRoot\System32\drivers\discache.sys
0x935F0000 \SystemRoot\system32\drivers\csc.sys
0x93654000 \SystemRoot\System32\Drivers\dfsc.sys
0x9366C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x9367A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x93696000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x93698000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x936B9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x94426000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x94EA4000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x94EA6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x94F5D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x94F96000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x94FB5000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x94400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x936CB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9440B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x93716000 \SystemRoot\system32\drivers\cmaudio.sys
0x9376E000 \SystemRoot\system32\drivers\portcls.sys
0x9379D000 \SystemRoot\system32\drivers\drmk.sys
0x937B6000 \SystemRoot\system32\drivers\ks.sys
0x93C2F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x93C5B000 \SystemRoot\system32\DRIVERS\serenum.sys
0x93C65000 \SystemRoot\system32\DRIVERS\parport.sys
0x93C7D000 \SystemRoot\System32\Drivers\aeyfvj45.SYS
0x93CB6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x93CC3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x93CD5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x93CED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x93CF8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x93D1A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x93D32000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x93D49000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93D60000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x93D6A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x93D77000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x93D84000 \SystemRoot\system32\DRIVERS\swenum.sys
0x93D86000 \SystemRoot\system32\DRIVERS\umbus.sys
0x93D94000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x93DAC000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x93DB9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x93DBB000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x93DF1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93E35000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97437000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9762F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9763C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x97647000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97650000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x98C10000 \SystemRoot\System32\win32k.sys
0x97661000 \SystemRoot\System32\drivers\Dxapi.sys
0x9766B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x97682000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9768D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x976A0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x976A7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x976B3000 \SystemRoot\system32\DRIVERS\whfltr2k.sys
0x976B5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x976C0000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x976C9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x976E0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98E70000 \SystemRoot\System32\TSDDD.dll
0x98EA0000 \SystemRoot\System32\cdd.dll
0x98EC0000 \SystemRoot\System32\ATMFD.DLL
0x976EB000 \SystemRoot\system32\drivers\luafv.sys
0x97706000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9771A000 \SystemRoot\system32\drivers\WudfPf.sys
0x97734000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97744000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97757000 \SystemRoot\system32\drivers\HTTP.sys
0x977DC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x97400000 \SystemRoot\System32\drivers\mpsdrv.sys
0x97412000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93E46000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93E81000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x977F5000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x977FC000 \SystemRoot\System32\Drivers\TBPanel.SYS
0x93E9C000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x93EDF000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x93EE4000 \SystemRoot\system32\drivers\peauth.sys
0x93F7B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x93F85000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA7488000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA7495000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA74E4000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7535000 \SystemRoot\System32\drivers\ipnat.sys
0xA755B000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xA7564000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA7585000 \??\C:\Windows\system32\drivers\mbam.sys
0x775C0000 \Windows\System32\ntdll.dll
0x48410000 \Windows\System32\smss.exe
0x77800000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x00050000 \Windows\System32\autochk.exe

Processes (total 70):
0 System Idle Process
4 SYSTEM
300 C:\Windows\System32\smss.exe
448 csrss.exe
512 C:\Windows\System32\wininit.exe
524 csrss.exe
568 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\winlogon.exe
720 C:\Windows\System32\svchost.exe
744 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\nvvsvc.exe
936 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\audiodg.exe
1268 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\nvvsvc.exe
1504 C:\Windows\System32\LEXBCES.EXE
1540 C:\Windows\System32\taskeng.exe
1556 C:\Windows\System32\LEXPPS.EXE
1576 C:\Windows\System32\spoolsv.exe
1672 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1692 C:\Windows\System32\svchost.exe
460 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
348 C:\Windows\System32\dwm.exe
812 C:\Windows\System32\svchost.exe
1336 C:\Windows\explorer.exe
1640 C:\Windows\System32\taskhost.exe
1948 C:\Windows\System32\FsUsbExService.Exe
2088 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2268 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2344 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
2432 C:\Windows\System32\PnkBstrA.exe
2468 C:\Windows\System32\PnkBstrB.exe
2492 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2564 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2628 C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
2848 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
3184 C:\Windows\RtHDVCpl.exe
3220 C:\Windows\mixer.exe
3228 C:\Xtreme Mouse\wh_exec.exe
3244 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3264 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3336 C:\Program Files\EXPERTool\TBPANEL.exe
3376 C:\Program Files\ICQ7.2\ICQ.exe
3416 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3492 C:\Windows\System32\alg.exe
3612 C:\Windows\servicing\TrustedInstaller.exe
3668 C:\Windows\System32\svchost.exe
3692 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\SearchIndexer.exe
3280 WUDFHost.exe
4132 C:\Program Files\Windows Media Player\wmpnetwk.exe
4640 C:\Windows\System32\svchost.exe
5236 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
5696 WmiPrvSE.exe
5824 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
5912 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4208 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
3844 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
5960 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4444 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
1156 C:\Users\user\Desktop\MBRCheck (1).exe
3880 C:\Windows\System32\conhost.exe
5020 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: ST3360320AS, Rev: 3.AAM
PhysicalDrive0 Model Number: HitachiHDT721075SLA380, Rev: ST4OA31B

Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
698 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 7E54AD696A6F646BBADBB2CC6CE742EC5F02F663


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!


Lg Svensen89

Svensen89 06.08.2010 23:51
Und das nachdem Neustart:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: FUJITSU SIEMENS
System Product Name: G31T-M2
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 176):
0x8300C000 \SystemRoot\system32\ntoskrnl.exe
0x8340C000 \SystemRoot\system32\halmacpi.dll
0x80BBA000 \SystemRoot\system32\kdcom.dll
0x8C437000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C4AF000 \SystemRoot\system32\PSHED.dll
0x8C4C0000 \SystemRoot\system32\BOOTVID.dll
0x8C4C8000 \SystemRoot\system32\CLFS.SYS
0x8C50A000 \SystemRoot\system32\CI.dll
0x8C5B5000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C626000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C634000 \SystemRoot\System32\Drivers\spuv.sys
0x8C727000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8C730000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8C756000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C79E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C7A9000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C7D3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C7DB000 \SystemRoot\System32\drivers\partmgr.sys
0x8C7EC000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C80E000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C859000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8C860000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C86E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C876000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C881000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C897000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C8A0000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C8C3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C8CC000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C900000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C911000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CA40000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CA6B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CA7E000 \SystemRoot\System32\Drivers\cng.sys
0x8CADB000 \SystemRoot\System32\drivers\pcw.sys
0x8CAE9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8CAF2000 \SystemRoot\system32\drivers\ndis.sys
0x8CBA9000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CC2F000 \SystemRoot\System32\drivers\tcpip.sys
0x8CD78000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CDA9000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8CDB2000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CDF1000 \SystemRoot\System32\Drivers\spldr.sys
0x8CDF9000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CE26000 \SystemRoot\System32\Drivers\mup.sys
0x8CE36000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CE3E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CE70000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CE81000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CED8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CEF7000 \??\C:\Windows\system32\drivers\ACEDRV05.sys
0x8CF56000 \??\C:\Windows\system32\drivers\SSHDRV76.sys
0x8CF86000 \SystemRoot\System32\Drivers\Null.SYS
0x8CF8D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CF94000 \SystemRoot\System32\drivers\vga.sys
0x8CFA0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CFC1000 \SystemRoot\System32\drivers\watchdog.sys
0x8CFCE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CFD6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CFDE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CFE6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CFF1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CC00000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CC17000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9340A000 \SystemRoot\system32\drivers\afd.sys
0x93464000 \SystemRoot\System32\DRIVERS\netbt.sys
0x93496000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9349D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x934BC000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x934CC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x934DA000 \SystemRoot\system32\DRIVERS\serial.sys
0x934F4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x93507000 \SystemRoot\system32\drivers\vpcvmm.sys
0x9354E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9355E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x93564000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x93586000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9358C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x935CD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x935D7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x935E1000 \SystemRoot\System32\drivers\discache.sys
0x935ED000 \SystemRoot\system32\drivers\csc.sys
0x93651000 \SystemRoot\System32\Drivers\dfsc.sys
0x93669000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x93677000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x93693000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x93695000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x936B6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x94418000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x94E96000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x94E98000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x94F4F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x94F88000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x94FA7000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x94FEC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x936C8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x94400000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x93713000 \SystemRoot\system32\drivers\cmaudio.sys
0x9376B000 \SystemRoot\system32\drivers\portcls.sys
0x9379A000 \SystemRoot\system32\drivers\drmk.sys
0x937B3000 \SystemRoot\system32\drivers\ks.sys
0x95409000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x95435000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9543F000 \SystemRoot\system32\DRIVERS\parport.sys
0x95457000 \SystemRoot\System32\Drivers\andcxx28.SYS
0x95490000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9549D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x954AF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x954C7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x954D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x954F4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9550C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x95523000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9553A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x95544000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x95551000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9555E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x95560000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9556E000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x95586000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x95593000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95595000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x955CB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9560F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97837000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x97A2F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x97A3C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x97A47000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97A50000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82920000 \SystemRoot\System32\win32k.sys
0x97A61000 \SystemRoot\System32\drivers\Dxapi.sys
0x97A6B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x97A82000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x97A8D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x97AA0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x97AA7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x97AB3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x97ACA000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x97AD3000 \SystemRoot\system32\DRIVERS\whfltr2k.sys
0x97AD5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97AE0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82B80000 \SystemRoot\System32\TSDDD.dll
0x82BB0000 \SystemRoot\System32\cdd.dll
0x82800000 \SystemRoot\System32\ATMFD.DLL
0x97AEB000 \SystemRoot\system32\drivers\luafv.sys
0x97B06000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x97B1A000 \SystemRoot\system32\drivers\WudfPf.sys
0x97B34000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97B44000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97B57000 \SystemRoot\system32\drivers\HTTP.sys
0x97BDC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x97800000 \SystemRoot\System32\drivers\mpsdrv.sys
0x97812000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x95620000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9565B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x97BF5000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x97BFC000 \SystemRoot\System32\Drivers\TBPanel.SYS
0x95676000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x956B9000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x956BE000 \SystemRoot\system32\drivers\peauth.sys
0x95755000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9575F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x95780000 \SystemRoot\system32\drivers\spsys.sys
0x957EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA281B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA286A000 \SystemRoot\System32\DRIVERS\srv.sys
0xA28BB000 \SystemRoot\System32\drivers\ipnat.sys
0xA28E1000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xA28EA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA290B000 \??\C:\Windows\system32\drivers\mbam.sys
0x76FE0000 \Windows\System32\ntdll.dll
0x47AC0000 \Windows\System32\smss.exe
0x77220000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x00890000 \Windows\System32\autochk.exe

Processes (total 67):
0 System Idle Process
4 SYSTEM
300 C:\Windows\System32\smss.exe
448 csrss.exe
508 C:\Windows\System32\wininit.exe
520 csrss.exe
564 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\winlogon.exe
748 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\audiodg.exe
1228 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\svchost.exe
1432 C:\Windows\System32\nvvsvc.exe
1460 C:\Windows\System32\LEXBCES.EXE
1480 C:\Windows\System32\taskeng.exe
1512 C:\Windows\System32\LEXPPS.EXE
1536 C:\Windows\System32\spoolsv.exe
1616 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1640 C:\Windows\System32\svchost.exe
1840 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1900 C:\Windows\System32\svchost.exe
1924 C:\Windows\System32\FsUsbExService.Exe
2008 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
128 C:\Windows\System32\dwm.exe
2076 C:\Windows\explorer.exe
2124 C:\Windows\System32\taskhost.exe
2240 C:\Windows\System32\taskeng.exe
2288 C:\Windows\System32\svchost.exe
2316 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2356 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
2428 C:\Windows\System32\PnkBstrA.exe
2452 C:\Windows\System32\PnkBstrB.exe
2476 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2512 C:\Windows\System32\sppsvc.exe
2548 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2640 C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
2812 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
3096 C:\Windows\RtHDVCpl.exe
3124 C:\Windows\mixer.exe
3136 C:\Xtreme Mouse\wh_exec.exe
3148 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3224 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3268 C:\Program Files\EXPERTool\TBPANEL.exe
3308 C:\Program Files\ICQ7.2\ICQ.exe
3352 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3636 C:\Windows\System32\alg.exe
3752 C:\Windows\servicing\TrustedInstaller.exe
3804 C:\Windows\System32\svchost.exe
3860 C:\Windows\System32\svchost.exe
3760 WUDFHost.exe
3280 C:\Windows\System32\SearchIndexer.exe
4144 C:\Program Files\Windows Media Player\wmpnetwk.exe
4720 C:\Windows\System32\svchost.exe
5076 WmiPrvSE.exe
5544 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2132 WmiPrvSE.exe
4520 C:\Users\user\Desktop\MBRCheck (1).exe
6068 C:\Windows\System32\conhost.exe
4308 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: ST3360320AS, Rev: 3.AAM
PhysicalDrive0 Model Number: HitachiHDT721075SLA380, Rev: ST4OA31B

Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
698 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 7E54AD696A6F646BBADBB2CC6CE742EC5F02F663


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Lg Svensen89

cosinus 07.08.2010 12:53
Zitat:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Wieso wählst Du da 1 aus?? Du hast doch Windows 7!
Mach bitte den Fix richtig!

Lösche bitte die vorhandenen MBRCheck.txt.

Starte bitte MBRCheck.exe erneut, bei Vista und 7 wieder über Rechtsklick, ausführen als Administrator
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 0
  • Please select the MBR code to write to this drive: 5
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu

Svensen89 07.08.2010 13:06
Deswegen hab ich da so gemacht:

Die rot eingerahmten Zahlen aus der Anleitung entnehmen!!!

Sry wusste ich net

Vorm neustart:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: FUJITSU SIEMENS
System Product Name: G31T-M2
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 178):
0x83015000 \SystemRoot\system32\ntoskrnl.exe
0x83415000 \SystemRoot\system32\halmacpi.dll
0x80BBF000 \SystemRoot\system32\kdcom.dll
0x8C419000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C491000 \SystemRoot\system32\PSHED.dll
0x8C4A2000 \SystemRoot\system32\BOOTVID.dll
0x8C4AA000 \SystemRoot\system32\CLFS.SYS
0x8C4EC000 \SystemRoot\system32\CI.dll
0x8C597000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C608000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C616000 \SystemRoot\System32\Drivers\spko.sys
0x8C709000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8C712000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8C738000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C780000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C78B000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C7B5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C7BD000 \SystemRoot\System32\drivers\partmgr.sys
0x8C7CE000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C81F000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C86A000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8C871000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C87F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C887000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C892000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C8A8000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C8B1000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C8D4000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C8DD000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C911000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C922000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CA51000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CA7C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CA8F000 \SystemRoot\System32\Drivers\cng.sys
0x8CAEC000 \SystemRoot\System32\drivers\pcw.sys
0x8CAFA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8CB03000 \SystemRoot\system32\drivers\ndis.sys
0x8CBBA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8CC33000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CC58000 \SystemRoot\System32\drivers\tcpip.sys
0x8CDA1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CDD2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8CDDB000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CE1A000 \SystemRoot\System32\Drivers\spldr.sys
0x8CE22000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CE4F000 \SystemRoot\System32\Drivers\mup.sys
0x8CE5F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CE67000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CE99000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CEAA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CF01000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CF20000 \??\C:\Windows\system32\drivers\ACEDRV05.sys
0x8CF7F000 \??\C:\Windows\system32\drivers\SSHDRV76.sys
0x8CFAF000 \SystemRoot\System32\Drivers\Null.SYS
0x8CFB6000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CFBD000 \SystemRoot\System32\drivers\vga.sys
0x8CFC9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CFEA000 \SystemRoot\System32\drivers\watchdog.sys
0x8CFF7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CC00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CC08000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CC10000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CC1B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C7DE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F42D000 \SystemRoot\system32\drivers\afd.sys
0x8F487000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F4B9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8F4C0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F4DF000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x8F4EF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F4FD000 \SystemRoot\system32\DRIVERS\serial.sys
0x8F517000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F52A000 \SystemRoot\system32\drivers\vpcvmm.sys
0x8F571000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F581000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F587000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8F5A9000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F5AF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F5F0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F5FA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F604000 \SystemRoot\System32\drivers\discache.sys
0x8F610000 \SystemRoot\system32\drivers\csc.sys
0x8F674000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F68C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F69A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F6B6000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F6B8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F6D9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x94435000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x94EB3000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x94EB5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x94F6C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x94FA5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F6EB000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x94FC4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F730000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x94FCF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F77B000 \SystemRoot\system32\drivers\cmaudio.sys
0x94400000 \SystemRoot\system32\drivers\portcls.sys
0x94FDE000 \SystemRoot\system32\drivers\drmk.sys
0x93420000 \SystemRoot\system32\drivers\ks.sys
0x93454000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x93480000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9348A000 \SystemRoot\system32\DRIVERS\parport.sys
0x934A2000 \SystemRoot\System32\Drivers\aapi8rby.SYS
0x934DB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x934E8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x934FA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x93512000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9351D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9353F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x93557000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9356E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93585000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9358F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9359C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x935A9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x935AB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x935B9000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x935D1000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x935DE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x935E0000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x93616000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9365A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97425000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x82890000 \SystemRoot\System32\win32k.sys
0x9761D000 \SystemRoot\System32\drivers\Dxapi.sys
0x97627000 \SystemRoot\System32\Drivers\crashdmp.sys
0x97634000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9763F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97648000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97659000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x97670000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9767B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9768E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x97695000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x976A1000 \SystemRoot\system32\DRIVERS\whfltr2k.sys
0x976A3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x976AE000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x976B7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x976CE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82AF0000 \SystemRoot\System32\TSDDD.dll
0x82B20000 \SystemRoot\System32\cdd.dll
0x82B40000 \SystemRoot\System32\ATMFD.DLL
0x976D9000 \SystemRoot\system32\drivers\luafv.sys
0x976F4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x97708000 \SystemRoot\system32\drivers\WudfPf.sys
0x97722000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97732000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97745000 \SystemRoot\system32\drivers\HTTP.sys
0x977CA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x977E3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x97400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9366B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x936A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x977F5000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x977FC000 \SystemRoot\System32\Drivers\TBPanel.SYS
0x936C1000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x93704000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x93709000 \SystemRoot\system32\drivers\peauth.sys
0x937A0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x937AA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA309F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA30AC000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA30FB000 \SystemRoot\System32\DRIVERS\srv.sys
0xA314C000 \SystemRoot\System32\drivers\ipnat.sys
0xA3172000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xA317B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA319C000 \??\C:\Windows\system32\drivers\mbam.sys
0x77350000 \Windows\System32\ntdll.dll
0x481F0000 \Windows\System32\smss.exe
0x77590000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x00E00000 \Windows\System32\autochk.exe
0x771B0000 \Windows\System32\setupapi.dll
0x77500000 \Windows\System32\comdlg32.dll
0x77050000 \Windows\System32\ole32.dll

Processes (total 65):
0 System Idle Process
4 SYSTEM
300 C:\Windows\System32\smss.exe
448 csrss.exe
512 C:\Windows\System32\wininit.exe
520 csrss.exe
560 C:\Windows\System32\services.exe
584 C:\Windows\System32\lsass.exe
592 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\nvvsvc.exe
892 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\nvvsvc.exe
1372 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\LEXBCES.EXE
1552 C:\Windows\System32\LEXPPS.EXE
1584 C:\Windows\System32\spoolsv.exe
1660 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1680 C:\Windows\System32\svchost.exe
348 C:\Windows\System32\dwm.exe
460 C:\Windows\System32\taskhost.exe
356 C:\Windows\explorer.exe
2008 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
968 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\FsUsbExService.Exe
2108 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2288 C:\Windows\System32\svchost.exe
2312 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2360 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
2428 C:\Windows\System32\PnkBstrA.exe
2456 C:\Windows\System32\PnkBstrB.exe
2480 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2560 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2604 C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
2736 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
2976 C:\Windows\RtHDVCpl.exe
3000 C:\Windows\mixer.exe
3016 C:\Xtreme Mouse\wh_exec.exe
3028 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3128 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3204 C:\Program Files\EXPERTool\TBPANEL.exe
3280 C:\Program Files\ICQ7.2\ICQ.exe
3324 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3552 C:\Windows\System32\alg.exe
3756 C:\Windows\System32\svchost.exe
3780 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\SearchIndexer.exe
2196 WUDFHost.exe
3528 C:\Program Files\Windows Media Player\wmpnetwk.exe
4732 C:\Windows\System32\svchost.exe
5832 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
6124 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
5020 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4972 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
1724 C:\Windows\System32\audiodg.exe
4472 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
3740 C:\Users\user\Desktop\MBRCheck (1).exe
6016 C:\Windows\System32\conhost.exe
1468 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: ST3360320AS, Rev: 3.AAM
PhysicalDrive0 Model Number: HitachiHDT721075SLA380, Rev: ST4OA31B

Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
698 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 7E54AD696A6F646BBADBB2CC6CE742EC5F02F663


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

Lg Svensen89

Svensen89 07.08.2010 13:17
Nachdem neustart


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: FUJITSU SIEMENS
System Product Name: G31T-M2
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 176):
0x8300B000 \SystemRoot\system32\ntoskrnl.exe
0x8340B000 \SystemRoot\system32\halmacpi.dll
0x80BBA000 \SystemRoot\system32\kdcom.dll
0x8C41F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C497000 \SystemRoot\system32\PSHED.dll
0x8C4A8000 \SystemRoot\system32\BOOTVID.dll
0x8C4B0000 \SystemRoot\system32\CLFS.SYS
0x8C4F2000 \SystemRoot\system32\CI.dll
0x8C59D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C60E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C61C000 \SystemRoot\System32\Drivers\spgc.sys
0x8C70F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8C718000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8C73E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C786000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C791000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C7BB000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C7C3000 \SystemRoot\System32\drivers\partmgr.sys
0x8C7D4000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C830000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C87B000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8C882000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C890000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C898000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C8A3000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C8B9000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C8C2000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C8E5000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C8EE000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C922000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C933000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CA62000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CA8D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CAA0000 \SystemRoot\System32\Drivers\cng.sys
0x8CAFD000 \SystemRoot\System32\drivers\pcw.sys
0x8CB0B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8CB14000 \SystemRoot\system32\drivers\ndis.sys
0x8CC16000 \SystemRoot\system32\drivers\NETIO.SYS
0x8CC54000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CC79000 \SystemRoot\System32\drivers\tcpip.sys
0x8CDC2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CDF3000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8CDFC000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CE3B000 \SystemRoot\System32\Drivers\spldr.sys
0x8CE43000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CE70000 \SystemRoot\System32\Drivers\mup.sys
0x8CE80000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CE88000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CEBA000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CECB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CF22000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CF41000 \??\C:\Windows\system32\drivers\ACEDRV05.sys
0x8CFA0000 \??\C:\Windows\system32\drivers\SSHDRV76.sys
0x8CFD0000 \SystemRoot\System32\Drivers\Null.SYS
0x8CFD7000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CFDE000 \SystemRoot\System32\drivers\vga.sys
0x8CBCB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CFEA000 \SystemRoot\System32\drivers\watchdog.sys
0x8CFF7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CC00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CC08000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CBEC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C800000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C80E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C825000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x93832000 \SystemRoot\system32\drivers\afd.sys
0x9388C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x938BE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x938C5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x938E4000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x938F4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x93902000 \SystemRoot\system32\DRIVERS\serial.sys
0x9391C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9392F000 \SystemRoot\system32\drivers\vpcvmm.sys
0x93976000 \SystemRoot\system32\DRIVERS\termdd.sys
0x93986000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9398C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x939AE000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x939B4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x939F5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x939FF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x93A09000 \SystemRoot\System32\drivers\discache.sys
0x93A15000 \SystemRoot\system32\drivers\csc.sys
0x93A79000 \SystemRoot\System32\Drivers\dfsc.sys
0x93A91000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x93A9F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x93ABB000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x93ABD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x93ADE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x94425000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x94EA3000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x94EA5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x94F5C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x94F95000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x94FB4000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x94400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x93AF0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9440B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x93B3B000 \SystemRoot\system32\drivers\cmaudio.sys
0x93B93000 \SystemRoot\system32\drivers\portcls.sys
0x93BC2000 \SystemRoot\system32\drivers\drmk.sys
0x95831000 \SystemRoot\system32\drivers\ks.sys
0x95865000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x95891000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9589B000 \SystemRoot\system32\DRIVERS\parport.sys
0x958B3000 \SystemRoot\System32\Drivers\algdsehh.SYS
0x958EC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x958F9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9590B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x95923000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9592E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x95950000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x95968000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9597F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x95996000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x959A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x959AD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x959BA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x959BC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x959CA000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x959E2000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x959EF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x959F1000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x95A27000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x95A6B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97817000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x97A0F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x97A1C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x97A27000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97A30000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82970000 \SystemRoot\System32\win32k.sys
0x97A41000 \SystemRoot\System32\drivers\Dxapi.sys
0x97A4B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x97A62000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x97A6D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x97A80000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x97A87000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x97A93000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x97AAA000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x97AB3000 \SystemRoot\system32\DRIVERS\whfltr2k.sys
0x97AB5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97AC0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82BD0000 \SystemRoot\System32\TSDDD.dll
0x82800000 \SystemRoot\System32\cdd.dll
0x82820000 \SystemRoot\System32\ATMFD.DLL
0x97ACB000 \SystemRoot\system32\drivers\luafv.sys
0x97AE6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x97AFA000 \SystemRoot\system32\drivers\WudfPf.sys
0x97B14000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97B24000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97B37000 \SystemRoot\system32\drivers\HTTP.sys
0x97BBC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x97BD5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x95A7C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x95A9F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x95ADA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x97BE7000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x97BEE000 \SystemRoot\System32\Drivers\TBPanel.SYS
0x95AF5000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x97BF0000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x95B38000 \SystemRoot\system32\drivers\peauth.sys
0x97BF5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x95BCF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA7029000 \SystemRoot\system32\drivers\spsys.sys
0xA7093000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA70A0000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA70EF000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7140000 \SystemRoot\System32\drivers\ipnat.sys
0xA7166000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xA716F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77160000 \Windows\System32\ntdll.dll
0x478A0000 \Windows\System32\smss.exe
0x773A0000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x00CB0000 \Windows\System32\autochk.exe
0x77310000 \Windows\System32\comdlg32.dll

Processes (total 67):
0 System Idle Process
4 SYSTEM
300 C:\Windows\System32\smss.exe
444 csrss.exe
508 C:\Windows\System32\wininit.exe
520 csrss.exe
564 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
672 C:\Windows\System32\winlogon.exe
748 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1240 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\nvvsvc.exe
1368 C:\Windows\System32\svchost.exe
1472 C:\Windows\System32\LEXBCES.EXE
1492 C:\Windows\System32\taskeng.exe
1516 C:\Windows\System32\LEXPPS.EXE
1692 C:\Windows\System32\spoolsv.exe
1720 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1740 C:\Windows\System32\svchost.exe
1928 C:\Windows\System32\taskhost.exe
436 C:\Windows\System32\dwm.exe
1088 C:\Windows\explorer.exe
1292 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1988 C:\Windows\System32\svchost.exe
268 C:\Windows\System32\FsUsbExService.Exe
2072 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2256 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2296 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
2348 C:\Windows\System32\PnkBstrA.exe
2384 C:\Windows\System32\PnkBstrB.exe
2408 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2444 C:\Windows\System32\sppsvc.exe
2480 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2536 C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
2656 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
2740 C:\Windows\System32\taskeng.exe
2892 C:\Windows\System32\svchost.exe
2960 C:\Windows\RtHDVCpl.exe
2992 C:\Windows\mixer.exe
3032 C:\Xtreme Mouse\wh_exec.exe
3076 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3116 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3244 C:\Program Files\EXPERTool\TBPANEL.exe
3372 C:\Program Files\ICQ7.2\ICQ.exe
3400 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4052 C:\Windows\System32\SearchIndexer.exe
2292 C:\Users\user\Desktop\MBRCheck (1).exe
552 C:\Windows\servicing\TrustedInstaller.exe
3848 C:\Windows\System32\alg.exe
3636 C:\Windows\System32\svchost.exe
2120 C:\Windows\System32\svchost.exe
3832 C:\Program Files\Windows Media Player\wmpnetwk.exe
4108 WUDFHost.exe
4340 C:\Windows\System32\conhost.exe
4396 C:\Windows\System32\dllhost.exe
4844 C:\Windows\System32\svchost.exe
5868 C:\Windows\System32\svchost.exe
2236 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2372 WmiPrvSE.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: ST3360320AS, Rev: 3.AAM
PhysicalDrive0 Model Number: HitachiHDT721075SLA380, Rev: ST4OA31B

Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
698 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 7E54AD696A6F646BBADBB2CC6CE742EC5F02F663


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Lg Svensen89

cosinus 07.08.2010 13:25
Hm, hat anscheinend noch nicht geklappt.

Bitte den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.

Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Svensen89 07.08.2010 13:45
Sry verstehe nicht ganz was ich da mit machen soll hab das jetzt im eigenen Ordner gepackt und aus geführt dann bekomme ich so eine txt. Datei


.\debug.cpp(238) : Debug log started at 07.08.2010 - 12:42:49
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : esage lab - main
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x8300b000 0x00400000 "\SystemRoot\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x8340b000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80bba000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8c41f000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8c497000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8c4a8000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x8c4b0000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x8c4f2000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8c59d000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8c60e000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8c61c000 0x000f3000 "\SystemRoot\System32\Drivers\spgc.sys"
.\debug.cpp(256) : 0x8c70f000 0x00009000 "\SystemRoot\System32\Drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x8c718000 0x00026000 "\SystemRoot\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0x8c73e000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x8c786000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x8c791000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x8c7bb000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x8c7c3000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x8c7d4000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x8c830000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8c87b000 0x00007000 "\SystemRoot\system32\DRIVERS\intelide.sys"
.\debug.cpp(256) : 0x8c882000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8c890000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x8c898000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x8c8a3000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8c8b9000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x8c8c2000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x8c8e5000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x8c8ee000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8c922000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8c933000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8ca62000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8ca8d000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8caa0000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x8cafd000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8cb0b000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8cb14000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8cc16000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8cc54000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8cc79000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8cdc2000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8cdf3000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x8cdfc000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x8ce3b000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8ce43000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8ce70000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8ce80000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8ce88000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8ceba000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8cecb000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8cf22000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8cf41000 0x0005f000 "\??\C:\Windows\system32\drivers\ACEDRV05.sys"
.\debug.cpp(256) : 0x8cfa0000 0x00030000 "\??\C:\Windows\system32\drivers\SSHDRV76.sys"
.\debug.cpp(256) : 0x8cfd0000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8cfd7000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8cfde000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8cbcb000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8cfea000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8cff7000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8cc00000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8cc08000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x8cbec000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8c800000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8c80e000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8c825000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x93832000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x9388c000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x938be000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x938c5000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x938e4000 0x00010000 "\SystemRoot\system32\DRIVERS\vpcnfltr.sys"
.\debug.cpp(256) : 0x938f4000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x93902000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x9391c000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x9392f000 0x00047000 "\SystemRoot\system32\drivers\vpcvmm.sys"
.\debug.cpp(256) : 0x93976000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x93986000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x9398c000 0x00022000 "\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS"
.\debug.cpp(256) : 0x939ae000 0x00006000 "\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"
.\debug.cpp(256) : 0x939b4000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x939f5000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x939ff000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x93a09000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x93a15000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x93a79000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x93a91000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x93a9f000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0x93abb000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0x93abd000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x93ade000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x94425000 0x00a7e000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
.\debug.cpp(256) : 0x94ea3000 0x00002000 "\SystemRoot\system32\DRIVERS\nvBridge.kmd"
.\debug.cpp(256) : 0x94ea5000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x94f5c000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x94f95000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x94fb4000 0x00045000 "\SystemRoot\system32\DRIVERS\Rt86win7.sys"
.\debug.cpp(256) : 0x94400000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x93af0000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x9440b000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x93b3b000 0x00058000 "\SystemRoot\system32\drivers\cmaudio.sys"
.\debug.cpp(256) : 0x93b93000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x93bc2000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x95831000 0x00034000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0x95865000 0x0002c000 "\SystemRoot\system32\DRIVERS\1394ohci.sys"
.\debug.cpp(256) : 0x95891000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x9589b000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0x958b3000 0x00039000 "\SystemRoot\System32\Drivers\algdsehh.SYS"
.\debug.cpp(256) : 0x958ec000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x958f9000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x9590b000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x95923000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x9592e000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x95950000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x95968000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x9597f000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x95996000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x959a0000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x959ad000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x959ba000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x959bc000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x959ca000 0x00018000 "\SystemRoot\system32\DRIVERS\vpcusb.sys"
.\debug.cpp(256) : 0x959e2000 0x0000d000 "\SystemRoot\system32\DRIVERS\usbrpm.sys"
.\debug.cpp(256) : 0x959ef000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x959f1000 0x00036000 "\SystemRoot\system32\DRIVERS\vpchbus.sys"
.\debug.cpp(256) : 0x95a27000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x95a6b000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x97817000 0x001f8000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
.\debug.cpp(256) : 0x97a0f000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x97a1c000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x97a27000 0x00009000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x97a30000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x82970000 0x0024a000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x97a41000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x97a4b000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x97a62000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x97a6d000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x97a80000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x97a87000 0x0000c000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x97a93000 0x00017000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0x97aaa000 0x00009000 "\SystemRoot\system32\DRIVERS\KMWDFILTER.sys"
.\debug.cpp(256) : 0x97ab3000 0x00002000 "\SystemRoot\system32\DRIVERS\whfltr2k.sys"
.\debug.cpp(256) : 0x97ab5000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x97ac0000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x82bd0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x82800000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x82820000 0x0004d000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x97acb000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x97ae6000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0x97afa000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x97b14000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x97b24000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x97b37000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x97bbc000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x97bd5000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x95a7c000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x95a9f000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x95ada000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x97be7000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
.\debug.cpp(256) : 0x97bee000 0x00002000 "\SystemRoot\System32\Drivers\TBPanel.SYS"
.\debug.cpp(256) : 0x95af5000 0x00043000 "\SystemRoot\system32\DRIVERS\atksgt.sys"
.\debug.cpp(256) : 0x97bf0000 0x00005000 "\SystemRoot\system32\DRIVERS\lirsgt.sys"
.\debug.cpp(256) : 0x95b38000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x97bf5000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x95bcf000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xa7093000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xa70a0000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xa70ef000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa7140000 0x00026000 "\SystemRoot\System32\drivers\ipnat.sys"
.\debug.cpp(256) : 0xa7166000 0x00009000 "\??\C:\Windows\system32\FsUsbExDisk.SYS"
.\debug.cpp(256) : 0xa716f000 0x00021000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
.\debug.cpp(256) : 0xa7190000 0x00004000 "\??\C:\Windows\system32\drivers\mbam.sys"
.\debug.cpp(256) : 0x77160000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x478a0000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x773a0000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x10000000 0x00246000 "\Program Files\DAEMON Tools Lite\Engine.dll"
.\debug.cpp(256) : 0x00cb0000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x77310000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_294F1019&REV_01#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_294F1019&REV_01#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_Quad_CPU____Q6600__@_2.40GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10192956&REV_1001#4&2a887296&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d886bac7-5194-11dd-9464-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&a66b742&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination="\Device\AgileVPN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_05D8&MI_01&Col03#7&27d7003d&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000099"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-1&REV_1.20#070418015146000036&1##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination="\Device\0000009e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GH10N___________________EV03____#5&1d6fd7e8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP3T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination="\Device\avgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#GSM5677#5&1af343a1&0&UID1048832#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination="\Device\00000087"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b6a231c-a21d-11df-a7e9-001bb9f8e668"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-1b6a231c-a21d-11df-a7e9-001bb9f8e668"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) : Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10192956&REV_1001#4&2a887296&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination="\Device\Scsi\algdsehh1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk6Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination="\Device\ProcessManagement"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCVMM"
.\debug.cpp(400) : Destination="\Device\VPCVMM"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination="\Device\Video5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination="\Device\ParallelVdm0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_FFC0&PID_001F&MI_01&Col01#7&49f04f0&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000092"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBWheelMouseJC"
.\debug.cpp(400) : Destination="\Device\USBWHFltr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_Quad_CPU____Q6600__@_2.40GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000005a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\KMWDFilter"
.\debug.cpp(400) : Destination="\Device\KMWDFilter"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_00#7&ab3b472&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-1&REV_1.20#070418015146000036&1##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination="\Device\0000009e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-2&Rev_1.20#070418015146000036&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000008d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-3&Rev_1.20#070418015146000036&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&22d65df1&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5CFF018C-E26A-422F-A775-D54DFDD6B958}"
.\debug.cpp(400) : Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_81681019&REV_01#0300000010EC816800#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_294F1019&REV_01#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SAM04FA#5&1af343a1&0&UID1048833#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination="\Device\0000008a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination="\Device\SPDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination="\Device\TeredoTun"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b6a2324-a21d-11df-a7e9-001bb9f8e668"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-1b6a2324-a21d-11df-a7e9-001bb9f8e668"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b6a2313-a21d-11df-a7e9-001bb9f8e668"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-1b6a2313-a21d-11df-a7e9-001bb9f8e668"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM2"
.\debug.cpp(400) : Destination="\Device\Serial1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0622&SUBSYS_040110B0&REV_A1#4&2cea79a&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_05D8&MI_01&Col01#7&27d7003d&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000097"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination="\Device\PEAuth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_FFC0&PID_001F&MI_01&Col04#7&49f04f0&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000095"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-0&REV_1.20#070418015146000036&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination="\Device\0000009d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-2&REV_1.20#070418015146000036&2##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination="\Device\0000009f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10#4&2394730d&0&10F0#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04D9&PID_1603#5&1dc949a0&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10#4&2394730d&0&10F0#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-3efdab36-e5b1-46de-a4a6-33421191e537"
.\debug.cpp(400) : Destination="\Device\HostProcess-3efdab36-e5b1-46de-a4a6-33421191e537"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000060"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C7F3C7C6-266F-4902-80AA-E9E6A56A15EF}"
.\debug.cpp(400) : Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) : Destination="\Device\NDMP15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_FFC0&PID_001F&MI_01&Col01#7&49f04f0&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000092"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SAM04FA#5&1af343a1&0&UID1048833#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination="\Device\0000008a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d886bb11-5194-11dd-9464-9108100adca4}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&357a5555&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde1Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10192956&REV_1001#4&2a887296&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FsUsbExDisk"
.\debug.cpp(400) : Destination="\Device\FsUsbExDisk"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&3b21fb61&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b6a2314-a21d-11df-a7e9-001bb9f8e668"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-1b6a2314-a21d-11df-a7e9-001bb9f8e668"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b6a2320-a21d-11df-a7e9-001bb9f8e668"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-1b6a2320-a21d-11df-a7e9-001bb9f8e668"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d886bb28-5194-11dd-9464-9108100adca4}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DR1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&22d65df1&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NvAdminDevice"
.\debug.cpp(400) : Destination="\Device\NvAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D14B47C8-E708-403C-8C1C-56B1160C359D}"
.\debug.cpp(400) : Destination="\Device\NDMP3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#VPCBUS#0000#{0711023b-1e63-4928-8063-c927369fad10}"
.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination="\Device\IPSECDOSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HDT721075SLA380_________________ST4OA31B#5&3029888d&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP2T1L0-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3360320AS_____________________________3.AAM___#5&1d6fd7e8&0&1.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP3T1L0-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000055"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_30441019&REV_C0#4&2394730d&0&18F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_01&Col02#7&2e8af234&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000081"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\0000009c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) : Destination="\Device\Harddisk2\DR2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-3&Rev_1.20#070418015146000036&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000008e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-0&REV_1.20#070418015146000036&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination="\Device\0000009d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000005e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCBus"
.\debug.cpp(400) : Destination="\Device\VPCBus"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2d59a236&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04FC&PID_05D8#5&bfcdb20&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume4"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#GSM5677#5&1af343a1&0&UID1048832#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination="\Device\00000087"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"
.\debug.cpp(400) : Destination="\Device\Harddisk3\DR3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2"
.\debug.cpp(400) : Destination="\Device\CdRom2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-1&Rev_1.20#070418015146000036&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10#4&2394730d&0&10F0#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C62DB045-FF6E-4F1D-AF99-BED2B51F093A}"
.\debug.cpp(400) : Destination="\Device\NDMP6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#VMUSBCONNECTOR#0000#{8add3807-340a-469d-acac-25c377a4273c}"
.\debug.cpp(400) : Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume5"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-0&Rev_1.20#070418015146000036&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000008b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4"
.\debug.cpp(400) : Destination="\Device\Harddisk4\DR4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-2&REV_1.20#070418015146000036&2##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination="\Device\0000009f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10192956&REV_1001#4&2a887296&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d287ee2c-fe39-11d5-8e4e-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8A331728-F7FA-49D4-ABE9-8665F2CD694E}"
.\debug.cpp(400) : Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCNetS3"
.\debug.cpp(400) : Destination="\Device\VPCNetS3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_294F1019&REV_01#3&11583659&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_81681019&REV_01#0300000010EC816800#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume6"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_FFC0&PID_001F&MI_00#7&1f3838d2&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000090"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive5"
.\debug.cpp(400) : Destination="\Device\Harddisk5\DR5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-4&Rev_1.20#070418015146000036&4#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000008f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{443faff5-1a59-11df-8592-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPA000#4&5d18f2df&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000062"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume7"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Cardex"
.\debug.cpp(400) : Destination="\Device\Cardex"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_05D8&MI_00#7&14a6e3ff&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000096"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_FFC0&PID_001F&MI_01&Col02#7&49f04f0&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000093"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive6"
.\debug.cpp(400) : Destination="\Device\Harddisk6\DR6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk3Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_FFC0&PID_001F&MI_01&Col02#7&49f04f0&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000093"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GH10N___________________EV03____#5&1d6fd7e8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP3T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) : Destination="\Device\NDMP16"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_Quad_CPU____Q6600__@_2.40GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000059"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-99b8d6b9-d4a6-49d0-a822-582ad88d6816"
.\debug.cpp(400) : Destination="\Device\HostProcess-99b8d6b9-d4a6-49d0-a822-582ad88d6816"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-4&REV_1.20#070418015146000036&4##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination="\Device\000000a1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J:"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{927a9c8b-3b07-11de-8cc1-001bb9f8e668}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_05D8&MI_01&Col02#7&27d7003d&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000098"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&25dfc5f5&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_FFC0&PID_001F#5&bfcdb20&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_00#7&ab3b472&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_05D8&MI_01&Col01#7&27d7003d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000097"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-cf160f0f-92ea-46e2-8ab0-e83ed34197d3"
.\debug.cpp(400) : Destination="\Device\HostProcess-cf160f0f-92ea-46e2-8ab0-e83ed34197d3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-3&REV_1.20#070418015146000036&3##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination="\Device\000000a0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_BOHI&Prod_3SLUNOH&Rev_1.03#5&36e5972&0&000100#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\algdsehh1Port4Path0Target1Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&34cb7006&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_01&Col01#7&2e8af234&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_05D8&MI_01&Col04#7&27d7003d&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000009a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\K:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk1Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) : Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10192956&REV_1001#4&2a887296&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_FFC0&PID_001F&MI_01&Col03#7&49f04f0&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000094"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_BOHI&Prod_3SLUNOH&Rev_1.03#5&36e5972&0&000100#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\algdsehh1Port4Path0Target1Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d886bb03-5194-11dd-9464-9108100adca4}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d886bb22-5194-11dd-9464-9108100adca4}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SASKUTIL"
.\debug.cpp(400) : Destination="\Device\SASKUTIL"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-3&REV_1.20#070418015146000036&3##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination="\Device\000000a0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_BOHI&Prod_3SLUNOH&Rev_1.03#5&36e5972&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\algdsehh1Port4Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination="\Device\WANARPV6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04FC&PID_05D8&MI_00#7&14a6e3ff&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000096"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_BOHI&Prod_3SLUNOH&Rev_1.03#5&36e5972&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\algdsehh1Port4Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\0000009b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\lirsgt"
.\debug.cpp(400) : Destination="\Device\lirsgt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-1b6a2328-a21d-11df-a7e9-001bb9f8e668"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-1b6a2328-a21d-11df-a7e9-001bb9f8e668"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0622&SUBSYS_040110B0&REV_A1#4&2cea79a&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\L:"
.\debug.cpp(400) : Destination="\Device\CdRom2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{443faff6-1a59-11df-8592-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{142b14d8-31ab-11df-824d-001bb9f8e668}"
.\debug.cpp(400) : Destination="\Device\CdRom2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_294F1019&REV_01#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk4Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1f5c2793&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&19c5f13d&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-2&Rev_1.20#070418015146000036&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&357a5555&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde1Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACEDRV05"
.\debug.cpp(400) : Destination="\Device\ACEDRV05"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_07B8&PID_E004#070418015146000036#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-0&Rev_1.20#070418015146000036&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d886bafd-5194-11dd-9464-9108100adca4}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV"
.\debug.cpp(400) : Destination="\Device\SASDIFSV"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_Quad_CPU____Q6600__@_2.40GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000005b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10#4&2394730d&0&10F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-4&REV_1.20#070418015146000036&4##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination="\Device\000000a1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D4C9A160-D062-4F36-BEAF-A53119787281}"
.\debug.cpp(400) : Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) : Destination="\Device\NDMP14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk2Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk5Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-8739af0a-91b0-4f91-827b-276f9a228b9b"
.\debug.cpp(400) : Destination="\Device\HostProcess-8739af0a-91b0-4f91-827b-276f9a228b9b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMProtector"
.\debug.cpp(400) : Destination="\Device\MBAMProtector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-1&Rev_1.20#070418015146000036&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10192956&REV_1001#4&2a887296&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C4E288D5-8521-4920-9292-2D30DAE4634C}"
.\debug.cpp(400) : Destination="\Device\NDMP7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\atksgt"
.\debug.cpp(400) : Destination="\Device\atksgt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SSHDRV76"
.\debug.cpp(400) : Destination="\Device\SSHDRV76"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F58FEB9C-434E-4900-936B-88CF7AE79BFD}"
.\debug.cpp(400) : Destination="\Device\NDMP8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCNetS3_{F58FEB9C-434E-4900-936B-88CF7AE79BFD}"
.\debug.cpp(400) : Destination="\Device\VPCNetS3_{F58FEB9C-434E-4900-936B-88CF7AE79BFD}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_FFC0&PID_001F&MI_00#7&1f3838d2&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000090"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-4&Rev_1.20#070418015146000036&4#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{16a164ef-1cf1-11df-bde5-001bb9f8e668}"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination="\Device\avipbb"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00100000
.\boot_cleaner.cpp(424) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 335 GB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;

Svensen89 07.08.2010 13:46
Tut mir leid wenn ich immer so doof frage hab da aber echt keine Ahnung von

cosinus 07.08.2010 13:59
Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:
Code:
remover.exe fix \\.\PhysicalDrive0

Svensen89 07.08.2010 14:09
so habe ich getan da stand dann ok und mein Rechner hat neugestartet


Lg Svensen89

cosinus 07.08.2010 14:15
Lösche bitte die vorhandenen MBRCheck.txt
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Svensen89 07.08.2010 14:16
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: FUJITSU SIEMENS
System Product Name: G31T-M2
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 204):
0x8303E000 \SystemRoot\system32\ntoskrnl.exe
0x83007000 \SystemRoot\system32\halmacpi.dll
0x80BBC000 \SystemRoot\system32\kdcom.dll
0x8C411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C489000 \SystemRoot\system32\PSHED.dll
0x8C49A000 \SystemRoot\system32\BOOTVID.dll
0x8C4A2000 \SystemRoot\system32\CLFS.SYS
0x8C4E4000 \SystemRoot\system32\CI.dll
0x8C58F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C600000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C60E000 \SystemRoot\System32\Drivers\spnz.sys
0x8C701000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8C70A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8C730000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C778000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C783000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C7AD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C7B5000 \SystemRoot\System32\drivers\partmgr.sys
0x8C7C6000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C819000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C864000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8C86B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C879000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C881000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C88C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C8A2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C8AB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C8CE000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C8D7000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C90B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C91C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CA4B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CA76000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CA89000 \SystemRoot\System32\Drivers\cng.sys
0x8CAE6000 \SystemRoot\System32\drivers\pcw.sys
0x8CAF4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8CAFD000 \SystemRoot\system32\drivers\ndis.sys
0x8CBB4000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C7D6000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CC3F000 \SystemRoot\System32\drivers\tcpip.sys
0x8CD88000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CDB9000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8CDC2000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CE01000 \SystemRoot\System32\Drivers\spldr.sys
0x8CE09000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CE36000 \SystemRoot\System32\Drivers\mup.sys
0x8CE46000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CE4E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CE80000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CE91000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CEE8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CF07000 \??\C:\Windows\system32\drivers\ACEDRV05.sys
0x8CF66000 \??\C:\Windows\system32\drivers\SSHDRV76.sys
0x8CF96000 \SystemRoot\System32\Drivers\Null.SYS
0x8CF9D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CFA4000 \SystemRoot\System32\drivers\vga.sys
0x8CFB0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CFD1000 \SystemRoot\System32\drivers\watchdog.sys
0x8CFDE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CFE6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CFEE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CC00000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CC0B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CC19000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CC30000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x93C0F000 \SystemRoot\system32\drivers\afd.sys
0x93C69000 \SystemRoot\System32\DRIVERS\netbt.sys
0x93C9B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x93CA2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x93CC1000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x93CD1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x93CDF000 \SystemRoot\system32\DRIVERS\serial.sys
0x93CF9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x93D0C000 \SystemRoot\system32\drivers\vpcvmm.sys
0x93D53000 \SystemRoot\system32\DRIVERS\termdd.sys
0x93D63000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x93D69000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x93D8B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x93D91000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x93DD2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x93DDC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x93DE6000 \SystemRoot\System32\drivers\discache.sys
0x93DF2000 \SystemRoot\system32\drivers\csc.sys
0x93E56000 \SystemRoot\System32\Drivers\dfsc.sys
0x93E6E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x93E7C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x93E98000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x93E9A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x93EBB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x95411000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x95E8F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x95E91000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x95F48000 \SystemRoot\System32\drivers\dxgmms1.sys
0x95F81000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x95FA0000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x95FE5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x93ECD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x95FF0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x93F18000 \SystemRoot\system32\drivers\cmaudio.sys
0x93F70000 \SystemRoot\system32\drivers\portcls.sys
0x93F9F000 \SystemRoot\system32\drivers\drmk.sys
0x93FB8000 \SystemRoot\system32\drivers\ks.sys
0x9483D000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x94869000 \SystemRoot\system32\DRIVERS\serenum.sys
0x94873000 \SystemRoot\system32\DRIVERS\parport.sys
0x9488B000 \SystemRoot\System32\Drivers\abi8e5mk.SYS
0x948C4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x948D1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x948E3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x948FB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x94906000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x94928000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x94940000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x94957000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9496E000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x94978000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x94985000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x94992000 \SystemRoot\system32\DRIVERS\swenum.sys
0x94994000 \SystemRoot\system32\DRIVERS\umbus.sys
0x949A2000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x949BA000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x949C7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x949C9000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x949FF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x94A43000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x96812000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x96A0A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x96A17000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x96A22000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96A2B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x985A0000 \SystemRoot\System32\win32k.sys
0x96A3C000 \SystemRoot\System32\drivers\Dxapi.sys
0x96A46000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x96A5D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x96A68000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x96A7B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x96A82000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x96A8E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x96AA5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96AB0000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x96AB9000 \SystemRoot\system32\DRIVERS\whfltr2k.sys
0x96ABB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98400000 \SystemRoot\System32\TSDDD.dll
0x98430000 \SystemRoot\System32\cdd.dll
0x98450000 \SystemRoot\System32\ATMFD.DLL
0x96AC6000 \SystemRoot\system32\drivers\luafv.sys
0x96AE1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x96AF5000 \SystemRoot\system32\drivers\WudfPf.sys
0x96B0F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x96B1F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x96B32000 \SystemRoot\system32\drivers\HTTP.sys
0x96BB7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x96BD0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x94A54000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x94A77000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x96BE2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x96800000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x96807000 \SystemRoot\System32\Drivers\TBPanel.SYS
0x94AB2000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x96809000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x94AF5000 \SystemRoot\system32\drivers\peauth.sys
0x94B8C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x94B96000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA4074000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4081000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA40D0000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4121000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xA412A000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA414B000 \SystemRoot\System32\drivers\ipnat.sys
0xA4171000 \??\C:\Windows\system32\drivers\mbam.sys
0x77D60000 \Windows\System32\ntdll.dll
0x48310000 \Windows\System32\smss.exe
0x77FA0000 \Windows\System32\apisetschema.dll
0x00260000 \Windows\System32\autochk.exe
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77F40000 \Windows\System32\gdi32.dll
0x77F10000 \Windows\System32\imagehlp.dll
0x77CD0000 \Windows\System32\oleaut32.dll
0x77C00000 \Windows\System32\user32.dll
0x77F00000 \Windows\System32\nsi.dll
0x77B50000 \Windows\System32\msvcrt.dll
0x77A50000 \Windows\System32\wininet.dll
0x77EB0000 \Windows\System32\Wldap32.dll
0x779F0000 \Windows\System32\shlwapi.dll
0x77970000 \Windows\System32\comdlg32.dll
0x778E0000 \Windows\System32\clbcatq.dll
0x778A0000 \Windows\System32\ws2_32.dll
0x776A0000 \Windows\System32\iertutil.dll
0x77EA0000 \Windows\System32\lpk.dll
0x77600000 \Windows\System32\advapi32.dll
0x77520000 \Windows\System32\kernel32.dll
0x77480000 \Windows\System32\usp10.dll
0x77340000 \Windows\System32\urlmon.dll
0x77290000 \Windows\System32\rpcrt4.dll
0x77280000 \Windows\System32\psapi.dll
0x77260000 \Windows\System32\sechost.dll
0x770C0000 \Windows\System32\setupapi.dll
0x770B0000 \Windows\System32\normaliz.dll
0x77090000 \Windows\System32\imm32.dll
0x76440000 \Windows\System32\shell32.dll
0x76370000 \Windows\System32\msctf.dll
0x76210000 \Windows\System32\ole32.dll
0x761B0000 \Windows\System32\difxapi.dll
0x76190000 \Windows\System32\devobj.dll

Processes (total 71):
0 System Idle Process
4 SYSTEM
296 C:\Windows\System32\smss.exe
440 csrss.exe
504 C:\Windows\System32\wininit.exe
516 csrss.exe
556 C:\Windows\System32\services.exe
584 C:\Windows\System32\lsass.exe
592 C:\Windows\System32\lsm.exe
652 C:\Windows\System32\winlogon.exe
740 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\nvvsvc.exe
880 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\audiodg.exe
1208 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\nvvsvc.exe
1348 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\LEXBCES.EXE
1516 C:\Windows\System32\LEXPPS.EXE
1552 C:\Windows\System32\spoolsv.exe
1628 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1648 C:\Windows\System32\svchost.exe
1980 C:\Windows\System32\dwm.exe
124 C:\Windows\explorer.exe
332 C:\Windows\System32\taskhost.exe
1416 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1908 C:\Windows\System32\svchost.exe
1892 C:\Windows\System32\FsUsbExService.Exe
1372 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2200 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2240 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
2296 C:\Windows\System32\PnkBstrA.exe
2320 C:\Windows\System32\PnkBstrB.exe
2344 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2420 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2476 C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
2676 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
2976 C:\Windows\RtHDVCpl.exe
3004 C:\Windows\mixer.exe
3012 C:\Xtreme Mouse\wh_exec.exe
3040 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3116 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3168 C:\Program Files\EXPERTool\TBPANEL.exe
3324 C:\Program Files\ICQ7.2\ICQ.exe
3980 C:\Windows\servicing\TrustedInstaller.exe
4076 C:\Windows\System32\SearchIndexer.exe
1420 C:\Windows\System32\svchost.exe
1804 C:\Windows\System32\svchost.exe
3404 WUDFHost.exe
1764 C:\Windows\System32\svchost.exe
3800 C:\Program Files\Windows Media Player\wmpnetwk.exe
3408 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
1748 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4148 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4176 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4184 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4192 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4200 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4208 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4420 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4444 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
4868 C:\Windows\System32\alg.exe
5592 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4144 C:\Program Files\Windows Media Player\wmplayer.exe
5848 C:\Windows\System32\SearchProtocolHost.exe
1124 C:\Users\user\Desktop\MBRCheck (1).exe
5336 C:\Windows\System32\conhost.exe
5412 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: ST3360320AS, Rev: 3.AAM
PhysicalDrive0 Model Number: HitachiHDT721075SLA380, Rev: ST4OA31B

Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
698 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Lg Svensen89

cosinus 07.08.2010 14:18
Zitat:
335 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
698 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Das sieht doch mal gut aus :)
Weiter gehts mit OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Svensen89 07.08.2010 14:23
OTL Logfile:
Code:
OTL logfile created on: 07.08.2010 15:19:51 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\user\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 335,35 Gb Total Space | 60,19 Gb Free Space | 17,95% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 24,26 Gb Free Space | 3,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SVENSEN
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\EXPERTool\TBPANEL.exe (Gainward Co.)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
PRC - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Xtreme Mouse\wh_exec.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Xtreme Mouse\wh_hook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UpdateCenterService) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcuxd) -- C:\Windows\System32\drivers\vpcuxd.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ACEDRV05) -- C:\Windows\System32\drivers\ACEDRV05.sys (Protect Software GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (SSHDRV76) -- C:\Windows\System32\drivers\SSHDRV76.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (scramby_out) -- C:\Windows\System32\drivers\scramby_out.sys (RapidSolution Software AG)
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (scramby) -- C:\Windows\System32\drivers\scramby.sys (RapidSolution Software AG)
DRV - (whfltr2k) -- C:\Windows\System32\drivers\whfltr2k.sys ()
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\Windows\System32\drivers\cmaudio.sys (C-Media Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = ICQ.com Suche [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = QIP.RU: ?????, ?????, ???????, ??????????, ??????, ???? ? ???????????
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2010.07.19 17:14:20 | 000,001,282 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        gosredirector.ea.com
O1 - Hosts: 127.0.0.1 gosredirector.ea.com
O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
O1 - Hosts: 127.0.0.1      static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1      onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1      orbitservice.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WheelMouse] C:\Xtreme Mouse\wh_exec.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\5.0_(Windows;_U;_Windows_NT_6.1;_en-US)_AppleWebKit\532.5_(KHTML,_like_Gecko)_Chrome\4.1.249.1042_Safari\532.5 - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{142b14d8-31ab-11df-824d-001bb9f8e668}\Shell - "" = AutoRun
O33 - MountPoints2\{142b14d8-31ab-11df-824d-001bb9f8e668}\Shell\AutoRun\command - "" = L:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.07 15:18:27 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010.08.07 15:10:37 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\VA-Viva_Club_Rotation_Vol.46-2CD-2010-MST
[2010.08.07 15:03:09 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Windows\System32\remover.exe
[2010.08.07 14:39:20 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Neuer Ordner
[2010.08.05 15:46:53 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Users\user\Desktop\remover.exe
[2010.08.04 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
[2010.08.04 20:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.08.04 20:23:31 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.08.04 15:41:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2010.08.04 15:41:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.04 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.04 15:41:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.04 15:41:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.02 21:36:10 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\MAYDAY 10IN01
[2010.08.02 20:54:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.02 19:36:25 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Gentleman-Diversity-2CD-Deluxe_Edition-2010-NOiR
[2010.08.01 20:38:48 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mfc42loc.dll
[2010.07.31 01:46:25 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\StarCraft II
[2010.07.21 16:33:02 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Singularity
[2010.07.21 16:30:50 | 000,000,000 | ---D | C] -- C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
[2010.07.21 14:54:39 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.07.21 12:46:38 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.07.21 12:46:38 | 011,008,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.07.21 12:46:38 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.07.21 12:46:38 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.07.21 12:46:38 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.07.21 12:46:36 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.07.21 12:46:36 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.07.21 12:46:36 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.07.21 12:46:36 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.07.21 12:46:36 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010.07.21 12:46:36 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.07.19 20:49:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.07.19 20:49:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Adobe Mini Bridge CS5
[2010.07.19 17:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.07.19 17:24:01 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Adobe Scripts
[2010.07.19 17:19:11 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player
[2010.07.19 17:17:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2010.07.09 16:20:08 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010.07.09 16:20:06 | 013,939,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010.07.09 16:20:06 | 001,881,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2010.07.09 16:20:06 | 001,469,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[12 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.07 15:22:41 | 005,767,168 | -HS- | M] () -- C:\Users\user\ntuser.dat
[2010.08.07 15:18:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010.08.07 15:11:02 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-422482940-1233743548-968030833-1000UA.job
[2010.08.07 15:10:15 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.07 15:10:15 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.07 15:05:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.07 15:05:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.07 15:04:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.07 15:04:52 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.07 14:31:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.07 14:12:08 | 001,932,432 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2010.08.06 03:57:02 | 000,080,384 | ---- | M] () -- C:\Users\user\Desktop\MBRCheck (1).exe
[2010.08.05 00:11:03 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-422482940-1233743548-968030833-1000Core.job
[2010.08.04 21:27:18 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.08.04 20:23:32 | 000,001,961 | ---- | M] () -- C:\Users\user\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.04 15:41:24 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.03 20:08:27 | 011,091,990 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.03 20:08:27 | 000,719,440 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010.08.03 20:08:27 | 000,718,452 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010.08.03 20:08:27 | 000,714,494 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2010.08.03 20:08:27 | 000,714,490 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010.08.03 20:08:27 | 000,700,280 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2010.08.03 20:08:27 | 000,688,456 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2010.08.03 20:08:27 | 000,683,956 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.03 20:08:27 | 000,646,996 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.08.03 20:08:27 | 000,639,934 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.03 20:08:27 | 000,472,036 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2010.08.03 20:08:27 | 000,458,156 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2010.08.03 20:08:27 | 000,457,436 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2010.08.03 20:08:27 | 000,419,450 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2010.08.03 20:08:27 | 000,396,560 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2010.08.03 20:08:27 | 000,380,258 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010.08.03 20:08:27 | 000,376,050 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2010.08.03 20:08:27 | 000,148,924 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010.08.03 20:08:27 | 000,146,642 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2010.08.03 20:08:27 | 000,143,584 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2010.08.03 20:08:27 | 000,142,744 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.03 20:08:27 | 000,141,290 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010.08.03 20:08:27 | 000,139,422 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2010.08.03 20:08:27 | 000,138,480 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010.08.03 20:08:27 | 000,133,028 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.08.03 20:08:27 | 000,116,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.03 20:08:27 | 000,114,990 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2010.08.03 20:08:27 | 000,114,562 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010.08.03 20:08:27 | 000,109,648 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2010.08.03 20:08:27 | 000,093,544 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2010.08.03 20:08:27 | 000,089,298 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2010.08.03 20:08:27 | 000,087,704 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2010.08.03 20:08:27 | 000,079,408 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2010.08.03 19:29:19 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{e4d99378-9f12-11df-89a1-001bb9f8e668}.TMContainer00000000000000000002.regtrans-ms
[2010.08.03 19:29:19 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{e4d99378-9f12-11df-89a1-001bb9f8e668}.TMContainer00000000000000000001.regtrans-ms
[2010.08.03 19:29:19 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{e4d99378-9f12-11df-89a1-001bb9f8e668}.TM.blf
[2010.08.02 20:29:22 | 000,000,101 | ---- | M] () -- C:\Windows\CMMIXER.INI
[2010.08.02 19:04:07 | 000,000,761 | ---- | M] () -- C:\Windows\eReg.dat
[2010.08.02 19:04:00 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk
[2010.08.01 20:54:39 | 000,001,753 | ---- | M] () -- C:\Users\user\Desktop\DivX Movies.lnk
[2010.08.01 20:38:57 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield Vietnam.lnk
[2010.07.29 23:36:14 | 000,000,856 | ---- | M] () -- C:\Users\user\Programme.lnk
[2010.07.29 10:11:32 | 000,002,260 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2010.07.21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\Windows\System32\remover.exe
[2010.07.21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\Users\user\Desktop\remover.exe
[2010.07.21 16:30:57 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Singularity(TM).lnk
[2010.07.21 14:55:09 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.07.21 12:52:35 | 003,652,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.19 17:23:52 | 000,065,032 | ---- | M] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.17 11:12:52 | 010,798,576 | ---- | M] () -- C:\Users\user\Desktop\Eminem feat. Rihanna - Love the Way You Lie (Explicit Version).mp3
[2010.07.15 14:38:43 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.13 01:58:23 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.10 00:37:00 | 014,092,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.07.10 00:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.07.10 00:37:00 | 010,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.07.10 00:37:00 | 009,818,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010.07.10 00:37:00 | 005,107,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.07.10 00:37:00 | 004,553,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.07.10 00:37:00 | 002,892,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.07.10 00:37:00 | 002,506,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.07.10 00:37:00 | 001,625,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010.07.10 00:37:00 | 000,604,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2010.07.10 00:37:00 | 000,314,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.07.10 00:37:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010.07.10 00:37:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.07.10 00:37:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.07.10 00:37:00 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.07.10 00:37:00 | 000,009,596 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010.07.09 16:20:08 | 000,110,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010.07.09 16:20:06 | 013,939,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010.07.09 16:20:06 | 001,881,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2010.07.09 16:20:06 | 001,469,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[12 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.07 15:04:05 | 000,065,007 | ---- | C] () -- C:\Users\user\bootkit_remover_debug_log.txt
[2010.08.06 03:57:02 | 000,080,384 | ---- | C] () -- C:\Users\user\Desktop\MBRCheck (1).exe
[2010.08.04 20:23:32 | 000,001,961 | ---- | C] () -- C:\Users\user\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.04 15:41:24 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.04 03:35:53 | 010,798,576 | ---- | C] () -- C:\Users\user\Desktop\Eminem feat. Rihanna - Love the Way You Lie (Explicit Version).mp3
[2010.08.03 18:19:33 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{e4d99378-9f12-11df-89a1-001bb9f8e668}.TMContainer00000000000000000002.regtrans-ms
[2010.08.03 18:19:33 | 000,524,288 | -HS- | C] () -- C:\Users\user\ntuser.dat{e4d99378-9f12-11df-89a1-001bb9f8e668}.TMContainer00000000000000000001.regtrans-ms
[2010.08.03 18:19:33 | 000,065,536 | -HS- | C] () -- C:\Users\user\ntuser.dat{e4d99378-9f12-11df-89a1-001bb9f8e668}.TM.blf
[2010.08.02 19:04:00 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk
[2010.08.02 03:26:44 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.02 03:26:43 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.01 20:41:08 | 000,000,761 | ---- | C] () -- C:\Windows\eReg.dat
[2010.08.01 20:38:57 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield Vietnam.lnk
[2010.07.31 01:46:25 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.07.29 23:36:04 | 000,000,856 | ---- | C] () -- C:\Users\user\Programme.lnk
[2010.07.21 16:30:57 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Singularity(TM).lnk
[2010.07.21 14:55:09 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.05.22 17:27:24 | 000,000,101 | ---- | C] () -- C:\Windows\CMMIXER.INI
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.02.17 02:16:11 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.02.17 02:16:11 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.02.14 19:03:15 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.09 19:00:41 | 000,000,859 | ---- | C] () -- C:\Windows\client.config.ini
[2009.10.15 16:18:02 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.10.01 15:19:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.10.01 15:19:34 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.09.18 17:22:38 | 000,138,920 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.05.29 15:32:37 | 000,000,039 | ---- | C] () -- C:\Windows\nap.ini
[2009.05.19 13:29:26 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini
[2009.05.19 13:25:59 | 000,000,199 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2009.05.19 13:25:59 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI
[2009.02.03 23:33:56 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2008.12.28 18:59:44 | 004,377,500 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.28 17:51:00 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.28 17:50:50 | 000,145,609 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008.12.28 17:49:08 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.12.20 16:48:52 | 000,000,101 | ---- | C] () -- C:\Windows\lexstat.ini
[2008.12.12 18:57:38 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2008.12.09 20:57:26 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2008.12.09 20:57:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2008.12.09 20:57:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008.12.09 20:56:42 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2008.12.09 20:56:34 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2008.12.09 20:56:22 | 000,485,888 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2008.12.08 15:37:04 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.08 15:34:42 | 000,791,742 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.08 14:53:40 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.08 14:53:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.11.26 21:55:22 | 000,683,520 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2008.11.26 20:49:10 | 000,238,080 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008.10.22 22:39:49 | 000,000,041 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.10.06 18:22:08 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.10.06 18:22:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.09.22 10:49:24 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.09.22 10:49:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.09.04 15:55:42 | 000,000,120 | ---- | C] () -- C:\Windows\disney.ini
[2008.09.01 15:10:37 | 000,053,760 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV76.sys
[2008.08.21 23:28:41 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.08.21 22:39:06 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.08.21 20:13:04 | 000,000,182 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.07.10 10:44:23 | 000,007,718 | ---- | C] () -- C:\Windows\cadx2.ini
[2008.03.29 17:42:22 | 000,245,248 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2008.03.29 17:42:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008.03.29 17:42:14 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2008.03.29 17:42:08 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2008.03.29 17:42:04 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2008.03.29 17:42:04 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2008.03.29 17:42:02 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2008.03.29 17:42:00 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2008.03.29 17:41:54 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2008.03.29 17:41:52 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2008.03.29 17:41:52 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007.07.10 19:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007.06.28 20:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.01.26 00:45:02 | 000,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:70E897B5
< End of report >
--- --- ---

Svensen89 07.08.2010 14:23
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 07.08.2010 15:19:51 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\user\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 335,35 Gb Total Space | 60,19 Gb Free Space | 17,95% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 24,26 Gb Free Space | 3,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SVENSEN
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D15456-F679-4AD4-8BD2-56450D4C3F72}" = WarRock
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01590C21-E8BF-444D-8FC4-DBD132CA1962}" = Windows Vista Upgrade Advisor
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0AEA6DF2-CD5A-4EAC-9C6B-44477994E2F1}" = Battlefield Bad Company 2 Command Center
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{13AD0F5B-FF8C-4625-851D-A83D4BE74716}" = Smart Menus (Windows Live Toolbar)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.5
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2B54B4B6-5834-494D-81E6-79AC3955EEE5}_is1" = SnowBound Online v2.0
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3A75BDE6-418E-4DB9-8601-C9E5225E0059}" = Feederkennung (Windows Live Toolbar)
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D6293F2-53DA-45A1-B7F4-1843CA3B2658}" = Darkest of Days
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.2
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{6266BA75-45FA-4B1A-B21F-E04A90C273E5}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{82842B3D-5BD9-463E-8F57-462A4D680A88}" = Stereoscopic Player
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis(TM) 2009
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A398D0A0-EE68-4CA6-8984-78AEF841CDE7}" = SBK(TM)09
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B32D6CE8-D6C1-4615-8FC4-4EE822F7BD4B}" = SBK(TM)09
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDA825AD-D60B-4935-9590-B0F1AC2E0D22}" = MotoGP 08
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAB0D352-00D9-4795-9FBE-EC4791ABA44A}" = Section 8 PCW
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC41CA8-C30F-4F70-9AEE-1B3EEB4A3B62}_is1" = ICQ Language
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8C02517-4AC3-4026-8292-ACF23E98A7D7}" = Activision(R)
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2B92EA9865777B996CE7FFF8BD7A40F883C18BE0" = Windows-Treiberpaket - Das (Siudi-Stick) USB  (02/13/2009 1.1.0)
"3A66BC15DC4D478459742138077230185DB7DAEB" = Windows-Treiberpaket - Das (Siudi) USB  (02/13/2009 1.5.1)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Mythology 1.0" = Age of Mythology
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.2.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Zone - Special Forces/DE-German_is1" = Combat Zone: Special Forces
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Die 15 beliebtesten Kartenspiele_is1" = Die 15 beliebtesten Kartenspiele
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EXPERTool_is1" = EXPERTool 7.6
"Full Spectrum Warrior" = Full Spectrum Warrior (remove only)
"GameSpy Arcade" = GameSpy Arcade
"Gaming Mouse" = Gaming Mouse
"Guild Wars" = GUILD WARS
"Hamachi" = Hamachi 1.0.3.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM)
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{DAB0D352-00D9-4795-9FBE-EC4791ABA44A}" = Section 8 PCW
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OPERATION7" = OPERATION7
"PartyPoker" = PartyPoker
"PartyPokerNet" = PartyPoker.net
"Patch-Master" = Patch-Master
"PCI Audio Driver" = PCI Audio Driver
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Puzzle Quest1.01" = Puzzle Quest
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Sacraboar_is1" = Sacraboar
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"StarCraft II" = StarCraft II
"Steam App 30" = Day of Defeat
"Steamless Counter Strike Source Pack" = Steamless Counter Strike Source Pack
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WheelMouse" = Xtreme Mouse 6.0.0.005
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 07.08.2010 14:31
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O33 - MountPoints2\{142b14d8-31ab-11df-824d-001bb9f8e668}\Shell - "" = AutoRun
O33 - MountPoints2\{142b14d8-31ab-11df-824d-001bb9f8e668}\Shell\AutoRun\command - "" = L:\AUTORUN.EXE -- File not found
[2010.07.21 16:30:50 | 000,000,000 | ---D | C] -- C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
@Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:70E897B5
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Svensen89 07.08.2010 14:47
All processes killed
========== OTL ==========
Service pccsmcfd stopped successfully!
Service pccsmcfd deleted successfully!
File C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{142b14d8-31ab-11df-824d-001bb9f8e668}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{142b14d8-31ab-11df-824d-001bb9f8e668}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{142b14d8-31ab-11df-824d-001bb9f8e668}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{142b14d8-31ab-11df-824d-001bb9f8e668}\ not found.
File L:\AUTORUN.EXE not found.
C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP folder moved successfully.
ADS C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM deleted successfully.
ADS C:\ProgramData\TEMP:CF61CE5A deleted successfully.
ADS C:\ProgramData\TEMP:EEB25EAE deleted successfully.
ADS C:\ProgramData\TEMP:3E06C78F deleted successfully.
ADS C:\ProgramData\TEMP:FDDD8917 deleted successfully.
ADS C:\ProgramData\TEMP:70E897B5 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 18394269 bytes
->Temporary Internet Files folder emptied: 50469941 bytes
->Java cache emptied: 45028379 bytes
->Google Chrome cache emptied: 331661890 bytes
->Flash cache emptied: 6101032 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1982464 bytes
%systemroot%\System32 .tmp files removed: 3221600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66890309 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 500,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08072010_153755

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Lg Svensen89

cosinus 07.08.2010 15:01
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Svensen89 07.08.2010 18:14
Combofix Logfile:
Code:
ComboFix 10-08-06.03 - user 07.08.2010  18:53:21.1.4 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.3327.2368 [GMT 2:00]
ausgeführt von:: c:\users\user\Downloads\cofi.exe.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\user\AppData\Roaming\.#
c:\users\user\AppData\Roaming\Desktopicon
c:\users\user\AppData\Roaming\Desktopicon\config.ini
D:\install.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-07 bis 2010-08-07  ))))))))))))))))))))))))))))))
.

2010-08-07 17:04 . 2010-08-07 17:04        --------        d-----w-        c:\users\user\AppData\Local\temp
2010-08-07 17:04 . 2010-08-07 17:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-08-07 16:45 . 2010-08-07 16:46        --------        d-----w-        C:\32788R22FWJFW
2010-08-07 16:37 . 2010-08-07 16:37        --------        d-----w-        c:\program files\CCleaner
2010-08-07 13:37 . 2010-08-07 13:37        --------        d-----w-        C:\_OTL
2010-08-07 13:03 . 2010-07-21 17:50        81920        ----a-w-        c:\windows\system32\remover.exe
2010-08-04 18:23 . 2010-08-04 18:23        --------        d-----w-        c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2010-08-04 18:23 . 2010-08-04 18:23        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2010-08-04 18:23 . 2010-08-04 18:23        --------        d-----w-        c:\program files\SUPERAntiSpyware
2010-08-04 13:41 . 2010-08-04 13:41        --------        d-----w-        c:\users\user\AppData\Roaming\Malwarebytes
2010-08-04 13:41 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 13:41 . 2010-08-04 13:41        --------        d-----w-        c:\programdata\Malwarebytes
2010-08-04 13:41 . 2010-08-04 13:41        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-04 13:41 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-01 18:41 . 2010-08-02 17:04        761        ----a-w-        c:\windows\eReg.dat
2010-08-01 18:38 . 1998-06-17 15:07        57344        ----a-w-        c:\windows\system32\Mfc42loc.dll
2010-07-21 12:54 . 2010-07-21 12:55        --------        d-----w-        c:\program files\ICQ7.2
2010-07-21 10:46 . 2010-07-09 22:37        56936        ----a-w-        c:\windows\system32\OpenCL.dll
2010-07-21 10:46 . 2010-07-09 22:37        314984        ----a-w-        c:\windows\system32\nvdecodemft.dll
2010-07-21 10:46 . 2010-07-09 22:37        14092904        ----a-w-        c:\windows\system32\nvoglv32.dll
2010-07-21 10:46 . 2010-07-09 22:37        11008040        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2010-07-21 10:46 . 2010-07-09 22:37        4553832        ----a-w-        c:\windows\system32\nvcuda.dll
2010-07-21 10:46 . 2010-07-09 22:37        2892904        ----a-w-        c:\windows\system32\nvcuvid.dll
2010-07-21 10:46 . 2010-07-09 22:37        2506344        ----a-w-        c:\windows\system32\nvcuvenc.dll
2010-07-21 10:46 . 2010-07-09 22:37        236136        ----a-w-        c:\windows\system32\nvcod1922.dll
2010-07-21 10:46 . 2010-07-09 22:37        236136        ----a-w-        c:\windows\system32\nvcod.dll
2010-07-21 10:46 . 2010-07-09 22:37        10267240        ----a-w-        c:\windows\system32\nvcompiler.dll
2010-07-19 18:49 . 2010-07-19 18:49        --------        d-----w-        c:\users\user\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-07-19 18:49 . 2010-07-19 18:49        --------        d-----w-        c:\users\user\AppData\Roaming\Adobe Mini Bridge CS5
2010-07-19 15:24 . 2010-07-19 15:24        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2010-07-19 15:19 . 2010-07-19 15:19        --------        d-----w-        c:\program files\Adobe Media Player
2010-07-19 15:17 . 2010-07-19 15:17        --------        d-----w-        c:\program files\Common Files\Adobe AIR
2010-07-09 14:20 . 2010-07-09 14:20        110696        ----a-w-        c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20        1881704        ----a-w-        c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20        1469544        ----a-w-        c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20        13939816        ----a-w-        c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20        129640        ----a-w-        c:\windows\system32\nvvsvc.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 16:47 . 2010-02-15 17:44        --------        d-----w-        c:\programdata\NVIDIA
2010-08-07 16:46 . 2009-10-14 21:39        --------        d-----w-        c:\users\user\AppData\Roaming\ICQ
2010-08-07 12:22 . 2009-12-26 23:51        --------        d-----w-        c:\program files\JDownloader
2010-08-04 19:27 . 2010-07-30 23:58        47364        ----a-w-        c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-04 18:24 . 2010-08-04 18:24        63488        ----a-w-        c:\users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-04 18:24 . 2010-08-04 18:24        52224        ----a-w-        c:\users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-04 18:24 . 2010-08-04 18:24        117760        ----a-w-        c:\users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-03 18:56 . 2008-11-03 16:48        --------        d-----w-        c:\program files\EXPERTool
2010-08-03 18:56 . 2008-08-18 20:11        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-08-03 18:56 . 2008-08-22 12:04        --------        d-----w-        c:\programdata\InstallShield
2010-08-03 01:26 . 2008-09-02 08:15        --------        d-----w-        c:\program files\Google
2010-08-02 19:22 . 2008-08-21 15:51        1        ----a-w-        c:\users\user\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-08-02 19:21 . 2008-08-21 15:50        --------        d-----w-        c:\users\user\AppData\Roaming\OpenOffice.org2
2010-08-02 18:57 . 2010-01-12 22:01        --------        d-----w-        c:\program files\rondomedia
2010-08-02 18:55 . 2009-12-28 21:13        --------        d-----w-        c:\program files\Purplehills
2010-08-02 18:53 . 2010-04-24 11:17        --------        d-----w-        c:\program files\Alawar
2010-08-02 18:52 . 2009-11-23 22:48        --------        d-----w-        c:\program files\PokerStars.NET
2010-08-02 18:52 . 2009-04-06 18:37        --------        d-----w-        c:\program files\PC Connectivity Solution
2010-08-02 18:50 . 2008-08-23 08:03        --------        d-----w-        c:\programdata\Napster
2010-08-02 18:49 . 2009-12-03 21:47        --------        d-----w-        c:\program files\DEUTSCHLAND SPIELT
2010-08-02 18:45 . 2010-06-21 16:44        --------        d-----w-        c:\program files\Groschengrab Deluxe
2010-08-02 18:44 . 2010-03-20 15:00        --------        d-----w-        c:\program files\Galileo FamilyQuiz
2010-08-02 18:42 . 2010-04-01 18:42        --------        d-----w-        c:\program files\Die grosse Wimmelbildbox 2
2010-08-02 16:56 . 2008-08-23 16:35        --------        d-----w-        c:\program files\EA GAMES
2010-07-30 23:58 . 2009-09-24 21:38        --------        d-----w-        c:\programdata\Blizzard Entertainment
2010-07-30 23:52 . 2009-04-11 11:53        --------        d-----w-        c:\program files\Common Files\Blizzard Entertainment
2010-07-22 10:57 . 2008-09-23 21:41        --------        d-----w-        c:\program files\ICQ6Toolbar
2010-07-21 14:30 . 2008-10-08 23:17        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2010-07-21 12:54 . 2008-09-23 21:41        --------        d-----w-        c:\programdata\ICQ
2010-07-21 10:47 . 2010-02-15 17:44        --------        d-----w-        c:\program files\NVIDIA Corporation
2010-07-19 15:23 . 2010-02-15 19:07        65032        ----a-w-        c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-19 15:21 . 2008-07-14 11:44        --------        d-----w-        c:\program files\Common Files\Adobe
2010-07-17 00:03 . 2009-10-28 19:01        --------        d-----w-        c:\users\user\AppData\Roaming\Winamp
2010-07-13 00:06 . 2010-05-11 13:41        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-13 00:06 . 2010-05-11 13:38        --------        d-----w-        c:\programdata\DivX
2010-07-12 23:58 . 2010-07-12 23:58        57715        ----a-w-        c:\programdata\DivX\Player\Uninstaller.exe
2010-07-12 23:58 . 2010-07-12 23:58        56765        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-12 23:58 . 2008-09-23 18:16        --------        d-----w-        c:\program files\DivX
2010-07-12 23:58 . 2010-07-12 23:58        54153        ----a-w-        c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-12 23:57 . 2010-05-11 13:40        1062184        ----a-w-        c:\programdata\DivX\Setup\Resource.dll
2010-07-12 23:57 . 2010-05-11 13:40        895256        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-09 22:37 . 2010-07-21 10:46        10920        ----a-w-        c:\windows\system32\drivers\nvBridge.kmd
2010-07-09 22:37 . 2010-04-28 19:02        5107816        ----a-w-        c:\windows\system32\nvwgf2um.dll
2010-07-09 22:37 . 2010-04-28 19:02        9818728        ----a-w-        c:\windows\system32\nvd3dum.dll
2010-07-09 22:37 . 2010-04-28 19:02        1625192        ----a-w-        c:\windows\system32\nvapi.dll
2010-07-09 22:37 . 2009-09-27 14:12        604776        ----a-w-        c:\windows\system32\nvudisp.exe
2010-07-07 11:46 . 2009-01-24 21:41        604776        ----a-w-        c:\windows\system32\nvuninst.exe
2010-06-26 01:01 . 2010-06-26 01:01        --------        d-----w-        c:\program files\Microsoft.NET
2010-06-21 16:42 . 2010-02-23 08:58        --------        d-----w-        c:\program files\Aliens Vs Predator
2010-06-21 16:37 . 2010-04-08 15:26        --------        d-----w-        c:\program files\Steamless CounterStrikeSource Pack
2010-06-04 09:26 . 2010-06-04 09:26        56997        ----a-w-        c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-04 09:26 . 2010-06-04 09:26        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe
2010-06-04 09:26 . 2010-06-04 09:26        54128        ----a-w-        c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-04 09:26 . 2010-06-04 09:26        54644        ----a-w-        c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-04 09:26 . 2010-06-04 09:26        54101        ----a-w-        c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-27 07:24 . 2010-06-09 18:14        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-09 18:14        293888        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-26 17:03 . 2010-05-26 17:02        10210514        ----a-w-        c:\users\user\AppData\Roaming\bizarre creations\blur\BizUpdaterPack_EFIGS_57670_to_58755.exe
2010-05-22 01:04 . 2010-05-25 05:11        232040        ----a-w-        c:\windows\system32\nvcod1920.dll
2010-05-21 12:14 . 2009-10-14 02:21        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-09 18:14        977920        ----a-w-        c:\windows\system32\wininet.dll
2010-05-13 10:17 . 2008-09-03 18:30        20720        ----a-w-        c:\users\user\AppData\Roaming\Patch-Master.exe.dat
2010-05-13 09:45 . 2008-09-03 18:20        27892        ----a-w-        c:\users\user\AppData\Roaming\Patch-Master.exe3.dat
2010-05-13 09:45 . 2008-09-03 18:20        46342        ----a-w-        c:\users\user\AppData\Roaming\Patch-Master.exe2.dat
2010-05-13 09:45 . 2008-09-03 18:20        44756        ----a-w-        c:\users\user\AppData\Roaming\Patch-Master.exe0.dat
2010-05-13 09:45 . 2008-09-03 18:20        157763        ----a-w-        c:\users\user\AppData\Roaming\Patch-Master.exe1.dat
2010-05-12 22:09 . 2009-02-16 08:10        65536        ----a-w-        c:\windows\IFinst27.exe
2010-05-12 17:02 . 2008-08-18 21:41        189472        ----a-w-        c:\windows\system32\PnkBstrB.exe
2010-05-11 13:39 . 2010-05-11 13:39        84040        ----a-w-        c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-05-11 13:39 . 2010-05-11 13:39        57609        ----a-w-        c:\programdata\DivX\MFComponents\Uninstaller.exe
2010-05-11 13:39 . 2010-05-11 13:39        57054        ----a-w-        c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-11 13:39 . 2010-05-11 13:39        54166        ----a-w-        c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-11 13:39 . 2010-05-11 13:39        57532        ----a-w-        c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-05-11 13:39 . 2010-05-11 13:39        56458        ----a-w-        c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-11 13:39 . 2010-05-11 13:39        54174        ----a-w-        c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-05-11 13:39 . 2010-05-11 13:39        57409        ----a-w-        c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-11 13:39 . 2010-05-11 13:39        52963        ----a-w-        c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-11 13:39 . 2010-05-11 13:39        54073        ----a-w-        c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-11 13:39 . 2010-05-11 13:39        56969        ----a-w-        c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-10-05 2174976]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-07-21 133368]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 4939776]
"C-Media Mixer"="Mixer.exe" [2001-11-15 1216512]
"WheelMouse"="c:\xtreme~1\wh_exec.exe" [2008-10-08 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk

[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Alaplaya Launcher.lnk]
backup=c:\windows\pss\Alaplaya Launcher.lnk.Startup
backupExtension=.Startup
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alaplaya Launcher.lnk

[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk]
backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnk.Startup
backupExtension=.Startup
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Need for Speed™ Undercover Registration.lnk

[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk

[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ubisoft register.lnk]
backup=c:\windows\pss\Ubisoft register.lnk.Startup
backupExtension=.Startup
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ubisoft register.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06        976832        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44        500208        ------w-        c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57        406992        ----a-w-        c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 16:05        102400        ----a-w-        c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57        369200        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50        1144104        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-25 09:07        133104        ----atw-        c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PatchMaster]
2008-08-06 16:21        3471360        ----a-w-        c:\program files\Patch-Master\Patch-Master.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18        413696        ----a-w-        c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-12-15 22:19        306088        ----a-w-        c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-07 12:38        1238352        ----a-w-        c:\program files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-24 12:46        149280        ----a-w-        c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50        2403568        ----a-w-        c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37        517096        ----a-w-        c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-02 135664]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-03 3604720]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [2007-08-08 23840]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2008-09-18 25600]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-19 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2008-09-01 53760]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]

.
Inhalt des "geplante Tasks" Ordners

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-02 01:26]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-02 01:26]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-422482940-1233743548-968030833-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-25 09:07]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-422482940-1233743548-968030833-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-25 09:07]

2009-01-17 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-01-15 16:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-Alamandi tray notifier - c:\program files\DEUTSCHLAND SPIELT\Alamandi\TaskBarNotifier.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-GameTracker - c:\program files\GameTracker\GTLite.exe
MSConfigStartUp-Lexmark X6100 Series - c:\program files\Lexmark X6100 Series\lxbfbmgr.exe
MSConfigStartUp-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-Nokia - c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-WEB.DE_WEB - c:\program files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,ee,2e,83,c5,48,5a,44,82,6b,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,ee,2e,83,c5,48,5a,44,82,6b,db,\

[HKEY_USERS\S-1-5-21-422482940-1233743548-968030833-1000\Software\SecuROM\License information*]
"datasecu"=hex:90,59,91,25,fd,d7,87,c9,93,55,a4,19,e3,3d,a6,4b,49,e0,b5,ce,41,
  c2,3b,54,54,fb,d6,52,46,b0,d0,73,22,61,fd,47,d7,57,f4,7c,20,a6,3a,5e,24,fd,\
"rkeysecu"=hex:0b,7c,3a,fe,2c,de,01,1d,ab,0d,b4,88,20,ce,50,55

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-08-07  19:13:41
ComboFix-quarantined-files.txt  2010-08-07 17:13

Vor Suchlauf: 23 Verzeichnis(se), 64.446.869.504 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 64.130.273.280 Bytes frei

- - End Of File - - B416694EDD69A2FC9D6626C82FFBC447
--- --- ---

cosinus 07.08.2010 18:27
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Svensen89 07.08.2010 18:39
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 19:36:13 on 07.08.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-422482940-1233743548-968030833-1000Core.job" - "Google Inc." - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-422482940-1233743548-968030833-1000UA.job" - "Google Inc." - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
"NSSstub.job" - "Symantec Corporation" - C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"vp6dec_settings.cpl" - ? - C:\Windows\system32\vp6dec_settings.cpl  (File found, but it contains no detailed information)
"vp7dec_settings.cpl" - ? - C:\Windows\system32\vp7dec_settings.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV05" (ACEDRV05) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV05.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Cardex" (Cardex) - "Windows (R) 2000 DDK provider" - C:\Windows\system32\drivers\TBPANEL.SYS
"catchme" (catchme) - ? - C:\Users\user\AppData\Local\Temp\catchme.sys  (File not found)
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"kwddypog" (kwddypog) - ? - C:\Users\user\AppData\Local\Temp\kwddypog.sys  (Hidden registry entry, rootkit activity | File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"SSHDRV76" (SSHDRV76) - ? - C:\Windows\system32\drivers\SSHDRV76.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - C:\Windows\system32\drivers\TBPanel.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll  (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Windows\system32\mmfinfo.dll  (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Windows\system32\mmfinfo.dll  (File found, but it contains no detailed information)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? -  (File not found | COM-object registry key not found)
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? -  (File not found | COM-object registry key not found)
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
"PartyPoker.net" - ? - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"GAINWARD" - "Gainward Co." - C:\Program Files\EXPERTool\TBPanel.exe /A
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Shockwave Updater" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.1;_en-US)_AppleWebKit/532.5_(KHTML,_like_Gecko)_Chrome/4.1.249.1042_Safari/532.5" -"hxxp://www.coolespiele.com/game.php?url=hxxp://richmedia.coolespiele.com/games/Bowling_Game.dcr&breite=640&hoehe=480"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"WheelMouse" - ? - C:\XTREME~1\wh_exec.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Lexmark Network Port" - "Lexmark International, Inc." - C:\Windows\system32\LEXLMPM.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"LexBce Server" (LexBceS) - "Lexmark International, Inc." - C:\Windows\System32\LEXBCES.EXE
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Performance Service" (nTuneService) - "NVIDIA" - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe  (File found, but it contains no detailed information)
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Update Center Service" (UpdateCenterService) - "NVIDIA" - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

Svensen89 07.08.2010 18:40
verstehe von der anleitung von OSAM nicht welche hacken ich weg machen soll

LG Svensen89

cosinus 07.08.2010 18:51
OSAM oder GMER? Das OSAM Log hast Du richtig gepostet.

Svensen89 07.08.2010 18:57
ach so weil da stand bei OSAM irgendwas mit Deaktivieren, aber wenn das richtig ist das andere läuft noch

Svensen89 07.08.2010 19:01
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-07 20:00:27
Windows 6.1.7600
Running: mzoerpbu.exe; Driver: C:\Users\user\AppData\Local\Temp\kwddypog.sys


---- System - GMER 1.0.15 ----

SSDT 80775F3C ZwCreateThread
SSDT 80775F28 ZwOpenProcess
SSDT 80775F2D ZwOpenThread
SSDT 80775F37 ZwTerminateProcess

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830152D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83014898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8307E8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8309E3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14C3 830A5790 4 Bytes [3C, 5F, 77, 80] {CMP AL, 0x5f; JA 0xffffffffffffff84}
.text ntoskrnl.exe!KeRemoveQueueEx + 165F 830A592C 4 Bytes [28, 5F, 77, 80]
.text ntoskrnl.exe!KeRemoveQueueEx + 167F 830A594C 4 Bytes [2D, 5F, 77, 80]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 830A5BFC 4 Bytes [37, 5F, 77, 80] {AAA ; POP EDI; JA 0xffffffffffffff84}
.text C:\Windows\system32\drivers\ACEDRV05.sys section is writeable [0x8CEED000, 0x30A4A, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0x8CF2F000]
.relo2 C:\Windows\system32\drivers\ACEDRV05.sys unknown last section [0x8CF4A000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\SSHDRV76.sys section is writeable [0x8CF4C000, 0x16204, 0xE8000020]
.pklstb C:\Windows\system32\drivers\SSHDRV76.sys entry point in ".pklstb" section [0x8CF6A000]
.relo2 C:\Windows\system32\drivers\SSHDRV76.sys unknown last section [0x8CF7A000, 0x86, 0x42000040]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA0567300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA05AA300, 0x1BEE, 0xE8000020]
.text peauth.sys A05B4C9D 28 Bytes [D5, D8, 75, F4, A8, 45, 64, ...]
.text peauth.sys A05B4CC1 28 Bytes [D5, D8, 75, F4, A8, 45, 64, ...]
PAGE peauth.sys A05BAE20 101 Bytes [0B, 68, 06, 2F, FE, CE, B5, ...]
PAGE peauth.sys A05BB02C 102 Bytes [56, BA, 3F, 27, D8, EA, 28, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtCreateFile + 6 77814A36 4 Bytes [28, 00, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtCreateFile + B 77814A3B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenFile + 6 77815146 4 Bytes [68, 00, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenFile + B 7781514B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcess + 6 778151F6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcess + B 778151FB 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcessToken + 6 77815206 4 Bytes CALL 7681580C C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcessToken + B 7781520B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcessTokenEx + 6 77815216 4 Bytes [A8, 02, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenProcessTokenEx + B 7781521B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThread + 6 77815276 4 Bytes [68, 01, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThread + B 7781527B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThreadToken + 6 77815286 4 Bytes [68, 02, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThreadToken + B 7781528B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThreadTokenEx + 6 77815296 4 Bytes CALL 7681589D C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtOpenThreadTokenEx + B 7781529B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtQueryAttributesFile + 6 778153A6 4 Bytes [A8, 00, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtQueryAttributesFile + B 778153AB 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtQueryFullAttributesFile + 6 77815456 4 Bytes CALL 76815A5B C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtQueryFullAttributesFile + B 7781545B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtSetInformationFile + 6 77815AA6 4 Bytes [28, 01, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtSetInformationFile + B 77815AAB 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtSetInformationThread + 6 77815B06 4 Bytes [28, 02, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[744] ntdll.dll!NtSetInformationThread + B 77815B0B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + 6 77814A36 4 Bytes [28, 00, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + B 77814A3B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + 6 77815146 4 Bytes [68, 00, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + B 7781514B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + 6 778151F6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + B 778151FB 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessToken + 6 77815206 4 Bytes CALL 7681580C C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessToken + B 7781520B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + 6 77815216 4 Bytes [A8, 02, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + B 7781521B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + 6 77815276 4 Bytes [68, 01, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + B 7781527B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + 6 77815286 4 Bytes [68, 02, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + B 7781528B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadTokenEx + 6 77815296 4 Bytes CALL 7681589D C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadTokenEx + B 7781529B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + 6 778153A6 4 Bytes [A8, 00, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + B 778153AB 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryFullAttributesFile + 6 77815456 4 Bytes CALL 76815A5B C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryFullAttributesFile + B 7781545B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + 6 77815AA6 4 Bytes [28, 01, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + B 77815AAB 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + 6 77815B06 4 Bytes [28, 02, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + B 77815B0B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtCreateFile + 6 77814A36 4 Bytes [28, 00, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtCreateFile + B 77814A3B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenFile + 6 77815146 4 Bytes [68, 00, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenFile + B 7781514B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcess + 6 778151F6 4 Bytes [A8, 01, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcess + B 778151FB 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessToken + 6 77815206 4 Bytes CALL 7681580C C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessToken + B 7781520B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessTokenEx + 6 77815216 4 Bytes [A8, 02, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessTokenEx + B 7781521B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThread + 6 77815276 4 Bytes [68, 01, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThread + B 7781527B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadToken + 6 77815286 4 Bytes [68, 02, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadToken + B 7781528B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadTokenEx + 6 77815296 4 Bytes CALL 7681589D C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadTokenEx + B 7781529B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryAttributesFile + 6 778153A6 4 Bytes [A8, 00, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryAttributesFile + B 778153AB 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryFullAttributesFile + 6 77815456 4 Bytes CALL 76815A5B C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryFullAttributesFile + B 7781545B 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationFile + 6 77815AA6 4 Bytes [28, 01, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationFile + B 77815AAB 1 Byte [E2]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationThread + 6 77815B06 4 Bytes [28, 02, 06, 00]
.text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationThread + B 77815B0B 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@COD Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Scans Before Out of Range 8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SCO Max Channels 2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&34e08004&0&2#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SymbolicName \??\USB#VID_0A12&PID_0001#5&34e08004&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Write Scan Enable 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x4D 0x75 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x9C 0xEF 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x1B 0xCD 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x42 0xBF 0x14 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@COD Type 1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Scans Before Out of Range 8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SCO Max Channels 2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&34e08004&0&2#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@SymbolicName \??\USB#VID_0A12&PID_0001#5&34e08004&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0001@Write Scan Enable 2
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x4D 0x75 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x9C 0xEF 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x1B 0xCD 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x42 0xBF 0x14 0xD6 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{D886BAC7-5194-11DD-9464-806E6F6E6963} 7141876640
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{5885E366-A224-11DF-9B8B-806E6F6E6963} 48380280

---- EOF - GMER 1.0.15 ----

cosinus 08.08.2010 11:08
Sieht auch ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:36 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19