Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe (https://www.trojaner-board.de/90999-befall-rootkit-tdjzasdk-diverse-trojaner-monmvr32-exe.html)

luko 21.09.2010 21:15
Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe
 
Hallo,

heute habe ich bein scannen mit Malwarebytes einiges an frischem Unrat gefunden darunter hws. 2 trojaner und 1 rootkit
Google war bei monmvr32.exe und tdjzasdk nicht sehr hilfreich.

Bestätigung des Befalls durch Catchme und hijackthis


Logs wie folgt:
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:10, on 21.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Intel\Wireless\Bin\EvtEng.exe
F:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
F:\WINDOWS\system32\IFXSPMGT.exe
F:\WINDOWS\system32\IFXTCS.exe
F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\oodag.exe
F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
F:\WINDOWS\system32\slpservice.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
F:\WINDOWS\system32\slpmonx.exe
F:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
F:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
F:\Program Files\Synaptics\SynTP\SynTPEnh.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\WINDOWS\Explorer.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - F:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] F:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] F:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PTHOSTTR] F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe F:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IntelZeroConfig] "F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [Fvaliqexeji] rundll32.exe "F:\WINDOWS\abovekegubixudum.dll",Startup
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - hxxp://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) - https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: OneCard - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - F:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - F:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - F:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - F:\WINDOWS\system32\IFXTCS.exe
O23 - Service: IviRegMgr - InterVideo - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SLPMONX - ProdEx Technologies - F:\WINDOWS\system32\slpservice.exe
 
--
End of file - 7671 bytes
--- --- ---



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4665

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.09.2010 18:49:18
mbam-log-2010-09-21 (18-49-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 220456
Laufzeit: 1 Stunde(n), 27 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
F:\Documents and Settings\admin\Start Menu\Programs\Startup\monmvr32.exe (Trojan.Downloader) -> No action taken.

Infizierte Speichermodule:
F:\WINDOWS\enmrfg.dll (Trojan.Hiloti) -> No action taken.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mzozisohuniru (Trojan.Hiloti) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
F:\WINDOWS\enmrfg.dll (Trojan.Hiloti) -> No action taken.
F:\WINDOWS\system32\config\systemprofile\Application Data\apiqfw.dat (Malware.Trace) -> No action taken.
F:\Documents and Settings\admin\Start Menu\Programs\Startup\monmvr32.exe (Trojan.Downloader) -> No action taken.
F:\Documents and Settings\admin\Application Data\avdrn.dat (Malware.Trace) -> No action taken.




catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-21 19:05:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdjzasdk]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Group"="Boot Bus Extender"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdjzasdk]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Group"="Boot Bus Extender"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="F9913F8294CC12911F1D1E2073E2B1AC1082BE49C335F616FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC 9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA6A0AC4980AC79337C866BEAF3C4D2ABCA18010F8ADDB3A8EBF76567B6F958D13913E45D4C DAAEB110E07961DD24554FA25FD3CE91BCF0BA64E4F9941B0509DEFAB36B3FAED8FE304AF1E23F9A688E2006D79B135D59616ADB4BADAFD53931A82931F7C588C8F73EBD9E9AD2E2893811 39D403FE23A7480F6A8C05CC4229BA894B16841D73F74EDD8341B27C32B2EEE8841AD54863D0CB56A67B25197D9AF6376A63320450EA996537A566B24A43B444B463873B5D3275C1B05DDA 52E90797B5170C455141D6D502770D117E2DCE6E9399DEAEB316DA36A5A76F134EAD9B35DD63F826EAAD26E4AF672D357BA39CE6990AAD03A55811DCAA3460E2F133B94BDE6507DE4E40F7 8A42B12D765D3B28C96DDC64E49630CA22CD7DD080B92877383A3704218BE89EEEE0FD2D1DE74222297D6E115421EE37A0DEB1DAC5B47E1E4045F8353F475AA01E867F3B98744E6CFA0721 AD78F3A9B5D4838387B186ECAA0AA94DD333B80CB70980E75E77EFB59F979ED72F99CF395AA2B42857E8E56ECE21E6598917ACB9D384736E8EEF5D1707BD2C7CFAA70CBBED51BED8BBB09D 3FF0754CC9F7AB836117C7D4CFB95A5051220EEA7BE83313116E89C1539C750FE2A95A014C325332C5D7EFEF4C40B37208240D6C45C9F2E25F0AD9B45AD444AA9EC786FE92C19840709F7D E326769D022475A5124EDD408E10A6B5DDB034D0F87D4A16935421A5CA2AAE542225A65B4F5130A4958F5C19BA4F5CF2DBA37CF116CD690960CBC0CA0003773E73968D56400026BB8185EE 9FA30EF8CB9EFE65A3B0A00EC0DAB8847C264E9FE570485B1CCC64D77F36B1B2199583FADEE9941A828BCBD487CD5C4551152201DC890E365E83767FE9E617BAEF74A5182E5939B9537EEB 1085D6FD4E06B8DA2B968140B6EF857207589BBE0D33B43538215747D5FCF45C44CC67E860F9121860EC6D3AE9CB08580F8CB0B72392E2B07801259DF70AED412B4E4569ADB234BB971B3A DB508D546D692B558EEA649BDDA97CD79C1928FB00B3640A5560D5C76DFBC025096075C6389FBD0EDB47A49146CF275829292C4842FE48A30194300A97E964C1A8816AD106EC33B1B40E6E 8B37A275E2AE0B0C0C76E09AD348D733CAEA75ECF62791F37AE5BFDAEB390806E3411043091995E297CFE4DD3109B0F0EDD9E4A7FE7360BFD92D3C6A3D08754F883AB8CEAE5C14ED4D43C7 79A32796A06C1B33446981359D9DF239FC79C586D5FA3A6F398D6BC413A68AFA396B0774A051A90E5797C9C7830714C30E489B61C6529F3E0BB0C1DBD7AD26234C18"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



Bitte sehr um Eure Unterstützung.
Info:
Das befallenen NB ist bis zur Reinigung ab vom LAN / WLAN
Datentransfer mit dem mini NB nur per USB stick.

Danke sehr

Luko

cosinus 22.09.2010 21:51
Hallo,

hast Du auch alle Funde mit malwarebytes entfernt? Ich muss fragen, weil da no action taken steht!

luko 22.09.2010 23:42
Rootkit tdjzasd, buescreen crash mit GMER scan...
 
Hallo Arne,
Danke dass Du dich meiner Sorgen annimst!

Richtig, ich hatte mitlerweile mit MAB die Trojaner entfernen lassen >
MAB meldet derzeit keinen Befund.
Im Autostart steht noch einen Anwendung die da nicht hingehoert, und rootkit tdjzasdk bringt beim scannen mit GMER (nach eurer Anleitung) XP jedesmal zum Bluescreen Absturz.
Ich weiss nicht recht wie ich die veraenderten registry eintraege wieder hinbekommen und den tdjzasdk.sys aus den sysem32 drivern herausbekommen kann.
Kennst Du den Rootkit, der GMER zum abschmieren bringt ?
Ist eine ziemliche Sauerei, die mir wohl ueber gefakte Java Anwendungen hereingekommen ist.
Ich werde noch mehr Vorsicht, bei meinen Recherchen walten lassen ...
Sag mir bitte , welche Daten oder logfiles Du von mir benoetigst.
Ich mache so schnell wie es geht. Die Maschine muss alsbald wieder online gehen.....


Danke sehr fue Deine liebe Hilfe

Andreas (Luko)

cosinus 22.09.2010 23:52
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

luko 23.09.2010 14:31
Hallo Arne

anbei die reports. Habe alles Persoenliche gexxxxt oder ver*****OTL Logfile:
Code:
OTL Extras logfile created on: 23.09.2010 12:27:13 - Run 2
OTL by OldTimer - Version 3.2.14.1    Folder = F:\Documents and Settings\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): E:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 6,84 Gb Total Space | 5,01 Gb Free Space | 73,29% Space Free | Partition Type: NTFS
Drive D: | 6,84 Gb Total Space | 3,49 Gb Free Space | 50,98% Space Free | Partition Type: NTFS
Drive E: | 59,94 Gb Total Space | 13,35 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 5,93 Gb Free Space | 30,35% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3,79 Gb Total Space | 0,02 Gb Free Space | 0,51% Space Free | Partition Type: FAT32
 
Computer Name: xxxxxxx
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- F:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "F:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "F:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "F:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "F:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "F:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6160:TCP" = 6160:TCP:*:Disabled:Seagull Driver Networking
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Opera\opera.exe" = F:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"F:\WINDOWS\system32\usmt\migwiz.exe" = F:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"F:\WINDOWS\system32\javaw.exe" = F:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"F:\WINDOWS\system32\java.exe" = F:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2A033A00-FE0D-4609-B0E8-2C49CC494FC8}" = WorldShip
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{33035862-543C-4405-9CC6-08593CF2C25F}" = ReportServer
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{463A57EB-89CF-4B91-AD55-E4CC8456E0E6}" = StarMoney 6.0
"{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71}" = UPSDB
"{4BA3DDD4-BC91-48B2-8896-7A02C34829D7}" = HP Embedded Security for ProtectTools
"{507C870C-C27E-4F53-A32A-23500AC62A46}" = Adobe GoLive CS (DEU)
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
"{5AE59A84-B2F3-42CC-A246-5AF80F6EE770}" = Reconciler
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{60B81442-7AB5-49A2-BF90-02A2786587ED}" = USB-Flachbettscanner
"{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DA12996-EB20-40AB-8D44-BA190C8634A8}" = Printer Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp
"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 E1
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}" = UPS Thermal Printer Plugin - Version 8.10
"{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C8645A63-4331-460A-ADD9-784985428D62}" = REFLEX Modellflugsimulator
"{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting
"{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
"{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (UPSWSDBSERVER)
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA9629DA-5715-48BA-B054-28169702B176}" = FOSS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CANONBJ_Deinstall_CNMCP5n.DLL" = Canon i965
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m" = HDAUDIO Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Free FLV Converter_is1" = Free FLV Converter V 6.7.3
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Slp32V4" = Smart Label Printer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"UPS WorldShip" = UPS WorldShip
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"Winston_is1" = Winston Version 2010W
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoomPlayer" = Zoom Player (remove only)
"ZoomPlayerLang" = Zoom Player deutsche Sprachdateien (entfernen)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.09.2010 04:36:32 | Computer Name = xxxxx | Source = Application Error | ID = 1000
Description = Faulting application wmc.exe, version 1.0.0.0, faulting module wmc.exe,
 version 1.0.0.0, fault address 0x00004404.
 
Error - 07.09.2010 13:59:29 | Computer Name =xxxxx | Source = ThreadLib | ID = 0
Description =
 
Error - 21.09.2010 11:15:50 | Computer Name = xxxxx | Source = Application Error | ID = 1000
Description = Faulting application flashutil10i_plugin.exe, version 10.1.82.76,
faulting module unknown, version 0.0.0.0, fault address 0x7ca145a3.
 
Error - 21.09.2010 12:57:51 | Computer Name = xxxxx | Source = IFXWlxEN | ID = 2687344
Description = Failed to create instance of IWlxEvent interface.
 
Error - 21.09.2010 13:03:02 | Computer Name = xxxxx | Source = IFXWlxEN | ID = 2687344
Description = Failed to create instance of IWlxEvent interface.
 
Error - 21.09.2010 13:14:09 | Computer Name = xxxxxx | Source = IFXWlxEN | ID = 2687344
Description = Failed to create instance of IWlxEvent interface.
 
Error - 21.09.2010 13:17:27 | Computer Name = xxxxx | Source = IFXWlxEN | ID = 2687344
Description = Failed to create instance of IWlxEvent interface.
 
Error - 21.09.2010 14:41:04 | Computer Name = xxxx | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module abovekegubixudum.dll, version 0.0.0.0, fault address 0x000126d7.
 
Error - 22.09.2010 06:42:30 | Computer Name = xxxxxx | Source = ThreadLib | ID = 0
Description =
 
Error - 22.09.2010 09:00:55 | Computer Name = xxxxxx | Source = IFXWlxEN | ID = 2687344
Description = Failed to create instance of IWlxEvent interface.
 
[ Credential Manager Events ]
Error - 07.06.2010 04:27:32 | Computer Name = xxxxx| Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: ***@xxxxxx Credentials:
 Password  Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 10.06.2010 11:53:43 | Computer Name = xxxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *****@xxxxxxxx Credentials:
 Fingerprints  Error: (0xC5161003) The requested biometrics operation could not
be successfully completed.
 
Error - 30.06.2010 04:39:32 | Computer Name = xxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *****@xxxxxxx Credentials:
 Password  Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 06.07.2010 10:47:32 | Computer Name =xxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *****@xxxxxxxx Credentials:
 Fingerprints  Error: (0xC5161001) The fingerprints provided do not match.
 
Error - 02.08.2010 04:36:20 | Computer Name = xxxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *******@xxxxxxx Credentials:
 Fingerprints  Error: (0xC5161001) The fingerprints provided do not match.
 
Error - 02.08.2010 07:05:33 | Computer Name =xxxxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *******@xxxxxxxxxx Credentials:
 Password  Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 03.08.2010 17:24:24 | Computer Name = xxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: ****@xxxxxxxxxx Credentials:
 Password  Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 05.08.2010 10:28:28 | Computer Name = xxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *****@xxxxxxxxx Credentials:
 Password  Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 13.08.2010 09:44:10 | Computer Name =xxxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: ********@xxxxxxxxx Credentials:
 Password  Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 13.09.2010 11:11:21 | Computer Name = xxxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: ****@xxxxxxxx Credentials:
 Fingerprints  Error: (0xC5161003) The requested biometrics operation could not
be successfully completed.
 
[ System Events ]
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The MSSQL$UPSWSDBSERVER service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The O&O Defrag service terminated unexpectedly.  It has done this
1 time(s).
 
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The SLPMONX service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The hpqwmiex service terminated unexpectedly.  It has done this 1
time(s).
 
Error - 22.09.2010 09:34:35 | Computer Name = xxxxxxxxxxxxx| Source = Service Control Manager | ID = 7000
Description = The USB-Flachbettscanner service failed to start due to the following
 error:  %%1058
 
Error - 22.09.2010 09:43:40 | Computer Name = xxxxxxxxxxxxxxx| Source = Service Control Manager | ID = 7000
Description = The USB-Flachbettscanner service failed to start due to the following
 error:  %%1058
 
Error - 22.09.2010 09:53:31 | Computer Name = xxxxxxxxxxxx| Source = Service Control Manager | ID = 7000
Description = The USB-Flachbettscanner service failed to start due to the following
 error:  %%1058
 
Error - 23.09.2010 05:41:41 | Computer Name = xxxxxxxxxx| Source = Service Control Manager | ID = 7000
Description = The USB-Flachbettscanner service failed to start due to the following
 error:  %%1058
 
 
< End of report >
--- --- ---
OTL Logfile:
Code:
OTL logfile created on: 23.09.2010 12:27:13 - Run 2
OTL by OldTimer - Version 3.2.14.1    Folder = F:\Documents and Settings\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): E:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 6,84 Gb Total Space | 5,01 Gb Free Space | 73,29% Space Free | Partition Type: NTFS
Drive D: | 6,84 Gb Total Space | 3,49 Gb Free Space | 50,98% Space Free | Partition Type: NTFS
Drive E: | 59,94 Gb Total Space | 13,35 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 5,93 Gb Free Space | 30,35% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3,79 Gb Total Space | 0,02 Gb Free Space | 0,51% Space Free | Partition Type: FAT32
 
Computer Name: xxxxxxxx
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - F:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - F:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - F:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation)
PRC - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - F:\Program Files\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe (Microsoft Corporation)
PRC - F:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - F:\WINDOWS\system32\slpmonx.exe (Seiko Instruments USA, Inc.)
PRC - F:\WINDOWS\system32\slpservice.exe (ProdEx Technologies)
PRC - F:\Program Files\Medion\ScanPanel\ScnPanel.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - F:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools)
MOD - F:\WINDOWS\system32\arpdump.dll ()
MOD - F:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - F:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - F:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
MOD - F:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll (Cognizance Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- F:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (EvtEng) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (ASBroker) -- F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (IviRegMgr) -- F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ASChannel) -- F:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (IAANTMon) Intel(R) -- F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (MSSQL$UPSWSDBSERVER) -- F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$UPSWSDBSERVER) -- F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (O&O Defrag) -- F:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (SLPMONX) -- F:\WINDOWS\system32\slpservice.exe (ProdEx Technologies)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (MEMSWEEP2) -- F:\WINDOWS\System32\1.tmp File not found
DRV - (avgntflt) -- F:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASENUM) -- F:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- F:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- F:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Cdralw2k) -- F:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- F:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (avipbb) -- F:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- F:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (HDAudBus) -- F:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SynTP) -- F:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NETw4x32) Intel(R) -- F:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- F:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- F:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (s24trans) -- F:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (nv) -- F:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HpqKbFiltr) -- F:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (tifm21) -- F:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (GTIPCI21) -- F:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (HBtnKey) -- F:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSF_DPV) -- F:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- F:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- F:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (b57w2k) -- F:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Accelerometer) -- F:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (hpdskflt) -- F:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (IFXTPM) -- F:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (iaStor) -- F:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (SampleScanner) -- F:\WINDOWS\system32\drivers\ArtecGT.sys (  )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {CA98C7ED-AC2C-42F4-B531-6CDEB5DB2AAE}:1.9.1
 
FF - HKLM\software\mozilla\Firefox\extensions\\{CA98C7ED-AC2C-42F4-B531-6CDEB5DB2AAE}: F:\Documents and Settings\***\Local Settings\Application Data\{CA98C7ED-AC2C-42F4-B531-6CDEB5DB2AAE} [2010.09.21 12:33:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.01.18 21:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.08.23 16:12:43 | 000,000,000 | ---D | M]
 
[2010.01.15 20:59:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla\Extensions
[2010.09.21 18:04:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions
[2010.08.28 12:54:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.25 21:26:09 | 000,000,000 | ---D | M] (Flash and Video Download) -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010.08.28 12:54:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010.09.21 18:04:46 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions
[2008.07.28 12:07:36 | 000,069,632 | ---- | M] (UPS) -- F:\Program Files\Mozilla Firefox\plugins\NPEltr32.dll
[2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- F:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2009.11.03 04:14:39 | 000,001,392 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.03 04:14:39 | 000,002,344 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.03 04:14:39 | 000,006,805 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.03 04:14:39 | 000,001,178 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.03 04:14:39 | 000,000,801 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,734 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - F:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [avgnt] F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] F:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [IAAnotif] F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PTHOSTTR] F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKCU..\Run: [ISUSPM] F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanPanel.lnk = F:\Program Files\Medion\ScanPanel\ScnPanel.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00  [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} hxxp://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (APSHook.dll) - F:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (F:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll) - F:\Program Files\Hewlett-Packard\IAM\Bin\OCGina.dll (Cognizance Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - F:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\OneCard: DllName - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\HP Cityscape Wide.bmp
O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\HP Cityscape Wide.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.11 13:07:50 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - F:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: clicover - (F:\WINDOWS\system32\arpdump.dll) - F:\WINDOWS\system32\arpdump.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.23 12:25:12 | 000,000,000 | RH-D | C] -- F:\Documents and Settings\***\Recent
[2010.09.23 12:06:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTL.exe
[2010.09.22 18:02:49 | 000,045,056 | ---- | C] (ULTIMA ELECTRONICS CORP.) -- F:\WINDOWS\System32\RemovePlus.exe
[2010.09.22 18:02:33 | 000,000,000 | ---D | C] -- F:\Program Files\Medion
[2010.09.22 15:40:42 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2010.09.22 15:37:14 | 000,000,000 | ---D | C] -- F:\Program Files\ERUNT
[2010.09.22 14:27:47 | 000,000,000 | ---D | C] -- F:\Program Files\Sophos
[2010.09.22 14:14:08 | 000,519,680 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTM.exe
[2010.09.21 21:43:53 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro
[2010.09.21 19:18:41 | 000,000,000 | ---D | C] -- F:\Program Files\Safer Networking
[2010.09.21 12:33:57 | 000,000,000 | ---D | C] -- F:\Documents and Settings\***\Local Settings\Application Data\{CA98C7ED-AC2C-42F4-B531-6CDEB5DB2AAE}
[2010.09.15 16:02:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\***\Application Data\Google
[2010.09.15 16:01:46 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Google
[2010.09.15 15:57:42 | 000,000,000 | ---D | C] -- F:\Program Files\Google
[2010.08.26 17:23:34 | 000,644,400 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mscomct2.ocx
[2010.03.29 20:57:15 | 000,018,120 | ---- | C] (  ) -- F:\WINDOWS\System32\drivers\ArtecGT.sys
[2004.08.04 14:00:00 | 000,192,512 | ---- | C] ( ) -- F:\WINDOWS\abovekegubixudum.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.23 12:27:50 | 000,564,800 | ---- | M] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys
[2010.09.23 12:05:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTL.exe
[2010.09.23 11:46:06 | 000,535,230 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.23 11:46:06 | 000,450,520 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010.09.23 11:46:06 | 000,075,330 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010.09.23 11:42:16 | 000,001,202 | ---- | M] () -- F:\WINDOWS\ScnPanel.ini
[2010.09.23 11:41:51 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010.09.23 11:41:48 | 000,077,918 | ---- | M] () -- F:\WINDOWS\System32\nvModes.001
[2010.09.23 11:41:27 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010.09.23 11:41:24 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010.09.23 11:41:17 | 000,122,802 | ---- | M] () -- F:\WINDOWS\System32\OODBS.lor
[2010.09.22 19:05:19 | 005,767,168 | -H-- | M] () -- F:\Documents and Settings\***\NTUSER.DAT
[2010.09.22 19:04:58 | 000,000,531 | ---- | M] () -- F:\WINDOWS\win.ini
[2010.09.22 19:04:54 | 006,520,490 | -H-- | M] () -- F:\Documents and Settings\***\Local Settings\Application Data\IconCache.db
[2010.09.22 18:56:59 | 000,011,463 | ---- | M] () -- F:\WINDOWS\Dusb3ar.ini
[2010.09.22 18:56:59 | 000,002,662 | ---- | M] () -- F:\WINDOWS\Ausba3.INI
[2010.09.22 18:10:08 | 000,000,589 | ---- | M] () -- F:\Documents and Settings\***\Desktop\My.lnk
[2010.09.22 18:03:21 | 000,030,720 | ---- | M] () -- F:\WINDOWS\EWhiteu12.dat
[2010.09.22 18:03:21 | 000,000,004 | ---- | M] () -- F:\WINDOWS\AErroru3.dat
[2010.09.22 18:03:19 | 000,030,720 | ---- | M] () -- F:\WINDOWS\EDarku12.dat
[2010.09.22 18:03:16 | 000,000,006 | ---- | M] () -- F:\WINDOWS\EExpou.dat
[2010.09.22 18:03:16 | 000,000,003 | ---- | M] () -- F:\WINDOWS\EOffsetu.dat
[2010.09.22 18:03:16 | 000,000,003 | ---- | M] () -- F:\WINDOWS\EGain6.dat
[2010.09.22 18:02:49 | 000,001,614 | ---- | M] () -- F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanPanel.lnk
[2010.09.22 15:37:14 | 000,000,617 | ---- | M] () -- F:\Documents and Settings\***\Desktop\NTREGOPT.lnk
[2010.09.22 15:37:14 | 000,000,598 | ---- | M] () -- F:\Documents and Settings\***\Desktop\ERUNT.lnk
[2010.09.22 14:58:29 | 000,000,681 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to Cleanup.exe.lnk
[2010.09.22 12:21:41 | 000,000,873 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to xxxxxxxx.xls.lnk
[2010.09.22 09:41:20 | 000,000,000 | ---- | M] () -- F:\WINDOWS\Ariqukaye.bin
[2010.09.22 07:51:02 | 000,293,376 | ---- | M] () -- F:\Documents and Settings\***\Desktop\52u8lxww.exe
[2010.09.21 21:43:53 | 000,001,740 | ---- | M] () -- F:\Documents and Settings\***\Desktop\HijackThis.lnk
[2010.09.21 21:41:04 | 000,519,680 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTM.exe
[2010.09.21 19:16:29 | 000,000,178 | -HS- | M] () -- F:\Documents and Settings\***\ntuser.ini
[2010.09.21 18:51:32 | 000,020,992 | ---- | M] () -- F:\Documents and Settings\***\My Documents\Wunschzettel.doc
[2010.09.21 16:58:33 | 000,000,120 | ---- | M] () -- F:\WINDOWS\Gjimecahalevete.dat
[2010.09.21 12:25:53 | 000,050,176 | -H-- | M] () -- F:\WINDOWS\System32\arpdump.dll
[2010.09.20 20:43:13 | 000,002,181 | ---- | M] () -- F:\Documents and Settings\***\Desktop\REFLEX Modellflugsimulator.lnk
[2010.09.20 14:29:11 | 000,077,918 | ---- | M] () -- F:\WINDOWS\System32\nvModes.dat
[2010.09.20 11:40:03 | 000,112,128 | ---- | M] () -- F:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.16 16:19:22 | 000,000,616 | ---- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.09.15 15:57:51 | 000,001,768 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2010.09.14 21:55:10 | 000,028,622 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Re_ Vent Window  Four Winns Liberator xxxxxxxxx.eml
[2010.09.14 12:37:00 | 000,083,841 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Expedia  Reisebestätigung - xxxxx (Reiseplan-Nr. 000000000000).eml
[2010.09.14 08:45:36 | 002,125,423 | ---- | M] () -- F:\Documents and Settings\***\Desktop\plesk8.pdf
[2010.09.12 12:02:33 | 000,000,724 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Bank***.lnk
[2010.09.10 16:48:11 | 000,000,275 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to *** xxx.xls.lnk
[2010.09.10 16:48:03 | 000,000,278 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to xxxxxxxxxxx.xls.lnk
[2010.08.29 13:26:34 | 000,951,440 | ---- | M] () -- F:\Documents and Settings\***\My Documents\small-block.pdf
[2010.08.26 17:23:34 | 000,644,400 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\mscomct2.ocx
 
========== Files Created - No Company Name ==========
 
[2010.09.22 18:10:08 | 000,000,589 | ---- | C] () -- F:\Documents and Settings\***\Desktop\My.lnk
[2010.09.22 18:02:49 | 000,001,614 | ---- | C] () -- F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanPanel.lnk
[2010.09.22 18:02:49 | 000,001,202 | ---- | C] () -- F:\WINDOWS\ScnPanel.ini
[2010.09.22 18:02:49 | 000,000,766 | ---- | C] () -- F:\WINDOWS\Uninstall.ico
[2010.09.22 18:02:29 | 000,001,704 | ---- | C] () -- F:\WINDOWS\ePlus.ini
[2010.09.22 15:37:14 | 000,000,617 | ---- | C] () -- F:\Documents and Settings\***\Desktop\NTREGOPT.lnk
[2010.09.22 15:37:14 | 000,000,598 | ---- | C] () -- F:\Documents and Settings\***\Desktop\ERUNT.lnk
[2010.09.22 14:58:29 | 000,000,681 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to Cleanup.exe.lnk
[2010.09.22 14:14:03 | 000,293,376 | ---- | C] () -- F:\Documents and Settings\***\Desktop\52u8lxww.exe
[2010.09.21 22:44:20 | 000,083,841 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Expedia  Reisebestätigung - xxxxx- (Reiseplan-Nr. 000000).eml
[2010.09.21 21:43:53 | 000,001,740 | ---- | C] () -- F:\Documents and Settings\***\Desktop\HijackThis.lnk
[2010.09.21 18:51:32 | 000,020,992 | ---- | C] () -- F:\Documents and Settings\***\My Documents\Wunschzettel.doc
[2010.09.21 12:33:58 | 000,000,120 | ---- | C] () -- F:\WINDOWS\Gjimecahalevete.dat
[2010.09.21 12:33:58 | 000,000,000 | ---- | C] () -- F:\WINDOWS\Ariqukaye.bin
[2010.09.21 12:32:23 | 000,564,800 | ---- | C] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys
[2010.09.21 12:25:53 | 000,050,176 | -H-- | C] () -- F:\WINDOWS\System32\arpdump.dll
[2010.09.15 15:57:51 | 000,001,768 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2010.09.14 21:55:10 | 000,028,622 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Re_ Vent Window  Four Winns Liberator xxxxxxx.eml
[2010.09.14 08:45:36 | 002,125,423 | ---- | C] () -- F:\Documents and Settings\***\Desktop\plesk8.pdf
[2010.09.12 12:02:33 | 000,000,724 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Bank***.lnk
[2010.09.10 16:48:11 | 000,000,275 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to *** XXX.xls.lnk
[2010.09.10 16:48:03 | 000,000,278 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to XXXXXX.xls.lnk
[2010.08.29 13:26:34 | 000,951,440 | ---- | C] () -- F:\Documents and Settings\***\My Documents\xxxxxx.pdf
[2010.08.25 17:41:25 | 000,000,873 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to xxxxxxx.xls.lnk
[2010.05.17 20:23:17 | 000,000,241 | ---- | C] () -- F:\WINDOWS\wstdUPSWSHIP.INI
[2010.03.29 20:57:18 | 000,200,704 | ---- | C] () -- F:\WINDOWS\Ausba3.dll
[2010.03.29 20:57:18 | 000,011,463 | ---- | C] () -- F:\WINDOWS\Dusb3ar.ini
[2010.03.29 20:57:18 | 000,002,662 | ---- | C] () -- F:\WINDOWS\Ausba3.INI
[2010.03.08 17:44:17 | 000,024,576 | R--- | C] () -- F:\WINDOWS\System32\Arsetup.dll
[2010.03.08 17:44:17 | 000,000,282 | R--- | C] () -- F:\WINDOWS\System32\Arsetup.ini
[2010.02.08 17:06:36 | 000,000,040 | ---- | C] () -- F:\WINDOWS\ed3_programmer.ini
[2010.02.07 15:49:56 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\FnF4.txt
[2010.01.15 22:52:06 | 000,112,128 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.15 21:27:03 | 000,085,504 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll
[2010.01.15 21:27:03 | 000,000,547 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.01.15 21:21:52 | 000,001,298 | ---- | C] () -- F:\WINDOWS\MultiTimer.ini
[2010.01.15 20:07:58 | 000,000,166 | ---- | C] () -- F:\WINDOWS\hbcikrnl.ini
[2010.01.14 18:12:22 | 000,006,656 | ---- | C] () -- F:\WINDOWS\System32\CNMVS5n.DLL
[2010.01.14 17:59:08 | 000,001,406 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2010.01.12 19:58:00 | 000,036,864 | ---- | C] () -- F:\WINDOWS\System32\SlpApi42.dll
[2010.01.12 19:54:30 | 000,087,552 | ---- | C] () -- F:\WINDOWS\System32\cpwmon2k.dll
[2010.01.12 15:23:20 | 000,204,800 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeW7.dll
[2010.01.12 15:23:20 | 000,200,704 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeA6.dll
[2010.01.12 15:23:20 | 000,192,512 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeP6.dll
[2010.01.12 15:23:20 | 000,192,512 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeM6.dll
[2010.01.12 15:23:20 | 000,188,416 | ---- | C] () -- F:\WINDOWS\System32\IVIresizePX.dll
[2010.01.12 15:23:19 | 000,020,480 | ---- | C] () -- F:\WINDOWS\System32\IVIresize.dll
[2007.08.09 03:18:00 | 001,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2007.08.09 03:18:00 | 001,474,560 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2007.08.09 03:18:00 | 001,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2007.08.09 03:18:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2007.03.16 14:13:44 | 000,012,547 | ---- | C] () -- F:\WINDOWS\System32\argomon.dll
[2003.04.08 13:41:20 | 000,180,224 | ---- | C] () -- F:\WINDOWS\System32\nssckbi.dll
[2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- F:\WINDOWS\System32\UNACEV2.DLL
[1998.05.07 03:10:00 | 000,069,632 | R--- | C] () -- F:\WINDOWS\System32\ODMA32.dll
[1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\QSwitch.txt
[1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\DSwitch.txt
[1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\AtStart.txt
[1980.01.04 02:00:13 | 000,039,859 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\FASTWiz.log
< End of report >
--- --- ---


Danke sehr ....

Gruss Andreas

cosinus 23.09.2010 16:02
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
MOD - F:\WINDOWS\system32\arpdump.dll ()
DRV - (MEMSWEEP2) -- F:\WINDOWS\System32\1.tmp File not found
O36 - AppCertDlls: clicover - (F:\WINDOWS\system32\arpdump.dll) - F:\WINDOWS\system32\arpdump.dll ()
[2004.08.04 14:00:00 | 000,192,512 | ---- | C] ( ) -- F:\WINDOWS\abovekegubixudum.dll
[2010.09.23 12:27:50 | 000,564,800 | ---- | M] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys
[2010.09.22 09:41:20 | 000,000,000 | ---- | M] () -- F:\WINDOWS\Ariqukaye.bin
[2010.09.21 16:58:33 | 000,000,120 | ---- | M] () -- F:\WINDOWS\Gjimecahalevete.dat
[2010.09.21 12:25:53 | 000,050,176 | -H-- | M] () -- F:\WINDOWS\System32\arpdump.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.


Danach bitte folgendes machen, denn wir brauchen den Quarantäneordner:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

luko 23.09.2010 19:11
lief wie am Schnuerchen
Ist nun alles wieder gut auf meinem Pferdemarkt ???

Many Thanks
Luko



Logfile OTL

All processes killed
========== OTL ==========
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File F:\WINDOWS\System32\1.tmp File not found not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\clicover:F:\WINDOWS\system32\arpdump.dll deleted successfully.
F:\WINDOWS\system32\arpdump.dll moved successfully.
F:\WINDOWS\abovekegubixudum.dll moved successfully.
File move failed. F:\WINDOWS\system32\drivers\tdjzasdk.sys scheduled to be moved on reboot.
F:\WINDOWS\Ariqukaye.bin moved successfully.
F:\WINDOWS\Gjimecahalevete.dat moved successfully.
File F:\WINDOWS\System32\arpdump.dll not found.
========== COMMANDS ==========
F:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Luko
->Temp folder emptied: 167610 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 537893 bytes

Total Files Cleaned = 1,00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 09232010_195417

Files\Folders moved on Reboot...
File move failed. F:\WINDOWS\system32\drivers\tdjzasdk.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 23.09.2010 19:22
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

luko 23.09.2010 20:54
HAllo Arne

URGENT

Mein NB verfügt über keine Wiederherstellungskonsole, CF verlangt nach Internetzugang zum herunterladen der Konsole.

Firewall, Avira, alle Sicherheit ist OFF.
NB ist seit dem Befall ebenso Offline und sollte es meiner Meinung nach auch bis zum OK deinerseits auch bleiben.

Soll ich nun Sicherheit herstellen und downloaden oder Alternative , bitte .

Alles steht und wartet -- Bitte schnelle Info

Danke sehr

Andreas

cosinus 23.09.2010 21:08
Ja, bitte installieren.

luko 23.09.2010 21:25
Grand Malheur....
Wollte CF mit NO beenden, um die Sicheheit aktiviren zu können.
Aber dann hat es den Lauf ohne die Wiederherstellung mit Neustart durchgeführt. Sorry, das konnte ich nicht wissen.

DAs Log habe ich eben als CFlog.yip hochgeladen.

Hoffe Du bist nicht sauer, mir tut mein Fehler sehr leid....

Machst Du mit mir trotzdem weiter ...???

Andreashxxp://www.trojaner-board.de/images/smilies/headbang.gif

cosinus 23.09.2010 21:50
Zitat:
Wollte CF mit NO beenden, um die Sicheheit aktiviren zu können.
Schädlinge fliegen nicht von allein auf den PC. Wenn mal vorübergehend die Windows-Firewall aus ist, ist das kein großes Risiko. Man kann auch gut komplett ohne Software-Firewall und Virenscanner auskommen. Mach erstmal das Log mit CF, die Wiederherstellungskonsole kann man notfalls auch über die Windows-CD erreichen/nachinstallieren oder auch manuell über CF.

luko 23.09.2010 22:04
Hallo Arne,

OK.

Das CFlog habe ich als CFlog.zip vor ca 20 min per upload gesendet.

...oder soll ich es extra anonymisieren und hierher posten`?

Danke
Luko

cosinus 23.09.2010 22:14
Logs kannst und solltest Du ruhig hier direkt posten. Der UCh ist eigentlich nur für neue malware samples gedacht. Aber gut, ich komm da auch ran ;)


Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tdjzasdk]
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

luko 23.09.2010 22:51
Hallo Arne,

CFlog2 wie folgt.

Danke und eine Gute Nacht



Combofix Logfile:
Code:
ComboFix 10-09-23.01 - **** 23.09.2010  23:28:17.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.3455.2941 [GMT 2:00]
ausgeführt von:: f:\documents and settings\****\Desktop\Cofi.exe
Benutzte Befehlsschalter :: f:\documents and settings\****\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((  Dateien erstellt von 2010-08-23 bis 2010-09-23  ))))))))))))))))))))))))))))))
.

2010-09-23 19:46 . 2010-09-23 20:12        --------        d-----w-        F:\Cofi
2010-09-23 18:01 . 2010-09-23 18:01        214801        ----a-w-        F:\_OTL.zip
2010-09-23 17:54 . 2010-09-23 17:54        --------        d-----w-        F:\_OTL
2010-09-22 16:02 . 2001-07-10 16:00        45056        ----a-w-        f:\windows\system32\RemovePlus.exe
2010-09-22 16:02 . 2010-09-22 16:02        --------        d-----w-        f:\program files\Medion
2010-09-22 13:37 . 2010-09-22 13:37        --------        d-----w-        f:\program files\ERUNT
2010-09-22 12:27 . 2010-09-22 12:54        --------        d-----w-        f:\program files\Sophos
2010-09-21 19:43 . 2010-09-21 19:43        --------        d-----w-        f:\program files\Trend Micro
2010-09-21 17:18 . 2010-09-21 17:18        --------        d-----w-        f:\program files\Safer Networking
2010-09-21 10:32 . 2010-09-23 21:30        564800        ----a-w-        f:\windows\system32\drivers\tdjzasdk.sys
2010-09-15 13:57 . 2010-09-15 13:57        --------        d-----w-        f:\program files\Google

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 16:03 . 2010-03-08 16:05        4        ----a-w-        f:\windows\AErroru3.dat
2010-09-22 16:03 . 2010-03-08 16:05        30720        ----a-w-        f:\windows\EWhiteu12.dat
2010-09-22 16:03 . 2010-03-08 16:05        30720        ----a-w-        f:\windows\EDarku12.dat
2010-09-22 16:03 . 2010-03-08 16:05        6        ----a-w-        f:\windows\EExpou.dat
2010-09-22 16:03 . 2010-03-08 16:05        3        ----a-w-        f:\windows\EOffsetu.dat
2010-09-22 16:03 . 2010-03-08 16:05        3        ----a-w-        f:\windows\EGain6.dat
2010-09-22 16:02 . 1980-01-04 00:04        --------        d--h--w-        f:\program files\InstallShield Installation Information
2010-09-21 15:35 . 1980-01-04 00:26        117760        ----a-w-        f:\documents and settings\****\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-21 15:32 . 2010-01-15 18:07        --------        d-----w-        f:\program files\StarMoney 6.0
2010-09-21 14:57 . 2010-05-17 18:19        --------        d-----w-        f:\program files\UPS
2010-09-20 20:52 . 2010-02-07 20:09        --------        d-----w-        f:\program files\REFLEX
2010-09-20 12:29 . 2010-05-01 12:37        77918        ----a-w-        f:\windows\system32\nvModes.dat
2010-09-16 14:19 . 2010-01-15 16:57        --------        d-----w-        f:\program files\Opera
2010-08-17 13:17 . 2004-08-04 12:00        58880        ----a-w-        f:\windows\system32\spoolsv.exe
2010-08-12 17:47 . 2010-03-18 11:29        256        ----a-w-        f:\windows\system32\pool.bin
2010-07-22 15:49 . 2004-08-04 12:00        590848        ----a-w-        f:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-01-14 12:52        5120        ----a-w-        f:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2004-08-04 12:00        149504        ----a-w-        f:\windows\system32\schannel.dll
.

(((((((((((((((((((((((((((((  SnapShot@2010-09-23_20.09.51  )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2010-09-23 18:00        75330              f:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-09-23 20:13        75330              f:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-09-23 20:13        450520              f:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-09-23 18:00        450520              f:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="f:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"QlbCtrl.exe"="f:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"SynTPEnh"="f:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PTHOSTTR"="f:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"CognizanceTS"="f:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IntelZeroConfig"="f:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2007-08-09 8470528]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2007-08-09 81920]
"nwiz"="nwiz.exe" [2007-08-09 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
ScanPanel.lnk - f:\program files\Medion\ScanPanel\ScnPanel.exe [2010-9-22 1732608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21        548352        ------w-        f:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 14:08        434176        ------w-        f:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 00:30        74240        ------r-        f:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=f:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=f:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
backup=f:\windows\pss\UPS WorldShip Messaging Utility.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
backup=f:\windows\pss\UPS WorldShip PLD Reminder Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagull Drivers]
ssdal_nc.exe startup [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
2006-01-16 21:01        53248        ------w-        f:\windows\system32\accelerometerST.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06        976832        ----a-w-        f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04        35760        ----a-w-        f:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-19 21:29        623960        ----a-w-        f:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00        208952        ----a-w-        f:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-11-01 12:47        1101824        ------w-        f:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NA1Messenger]
2009-12-01 19:36        24576        ----a-w-        f:\program files\UPS\WSTD\UPSNA1Msgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 07:12        729088        ------w-        f:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 16:36        872448        ------w-        f:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-20 14:31        149280        ----a-w-        f:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"f:\\Program Files\\Opera\\opera.exe"=
"f:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"f:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\WINDOWS\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\system32\\javaw.exe"=
"f:\\WINDOWS\\system32\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6160:TCP"= 6160:TCP:*:Disabled:Seagull Driver Networking

R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [04.09.2009 15:50 9968]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [04.09.2009 15:49 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [04.01.1980 02:23 108289]
R2 ASChannel;Local Communication Channel;f:\windows\System32\svchost.exe -k Cognizance [04.08.2004 14:00 14336]
R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;f:\program files\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [04.05.2005 00:04 9150464]
R3 GTIPCI21;GTIPCI21;f:\windows\system32\drivers\gtipci21.sys [13.01.2010 22:16 88192]
R3 IFXTPM;IFXTPM;f:\windows\system32\drivers\ifxtpm.sys [21.10.2005 12:19 36352]
S2 ASBroker;Logon Session Broker;f:\windows\System32\svchost.exe -k Cognizance [04.08.2004 14:00 14336]
S2 SampleScanner;USB-Flachbettscanner;f:\windows\system32\drivers\ArtecGT.sys [29.03.2010 20:57 18120]
S3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [04.09.2009 15:50 7408]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;f:\program files\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [03.05.2005 21:42 323584]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - tdjzasdk

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance        REG_MULTI_SZ          ASBroker ASChannel
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - f:\documents and settings\****\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-23 23:30
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tdjzasdk]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="F9913F8294CC12911F1D1E2073E2B1AC1082BE49C335F616FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA6A0AC4980AC79337C866BEAF3C4D2ABCA18010F8ADDB3A8EBF76567B6F958D13913E45D4CDAAEB110E07961DD24554FA25FD3CE91BCF0BA64E4F9941B0509DEFAB36B3FAED8FE304AF1E23F9A688E2006D79B135D59616ADB4BADAFD53931A82931F7C588C8F73EBD9E9AD2E289381139D403FE23A7480F6A8C05CC4229BA894B16841D73F74EDD8341B27C32B2EEE8841AD54863D0CB56A67B25197D9AF6376A63320450EA996537A566B24A43B444B463873B5D3275C1B05DDA52E90797B5170C455141D6D502770D117E2DCE6E9399DEAEB316DA36A5A76F134EAD9B35DD63F826EAAD26E4AF672D357BA39CE6990AAD03A55811DCAA3460E2F133B94BDE6507DE4E40F78A42B12D765D3B28C96DDC64E49630CA22CD7DD080B92877383A3704218BE89EEEE0FD2D1DE74222297D6E115421EE37A0DEB1DAC5B47E1E4045F8353F475AA01E867F3B98744E6CFA0721AD78F3A9B5D4838387B186ECAA0AA94DD333B80CB70980E75E77EFB59F979ED72F99CF395AA2B42857E8E56ECE21E6598917ACB9D384736E8EEF5D1707BD2C7CFAA70CBBED51BED8BBB09D3FF0754CC9F7AB836117C7D4CFB95A5051220EEA7BE83313116E89C1539C750FE2A95A014C325332C5D7EFEF4C40B37208240D6C45C9F2E25F0AD9B45AD444AA9EC786FE92C19840709F7DE326769D022475A5124EDD408E10A6B5DDB034D0F87D4A16935421A5CA2AAE542225A65B4F5130A4958F5C19BA4F5CF2DBA37CF116CD690960CBC0CA0003773E73968D56400026BB8185EE9FA30EF8CB9EFE65A3B0A00EC0DAB8847C264E9FE570485B1CCC64D77F36B1B2199583FADEE9941A828BCBD487CD5C4551152201DC890E365E83767FE9E617BAEF74A5182E5939B9537EEB1085D6FD4E06B8DA2B968140B6EF857207589BBE0D33B43538215747D5FCF45C44CC67E860F9121860EC6D3AE9CB08580F8CB0B72392E2B07801259DF70AED412B4E4569ADB234BB971B3ADB508D546D692B558EEA649BDDA97CD79C1928FB00B3640A5560D5C76DFBC025096075C6389FBD0EDB47A49146CF275829292C4842FE48A30194300A97E964C1A8816AD106EC33B1B40E6E8B37A275E2AE0B0C0C76E09AD348D733CAEA75ECF62791F37AE5BFDAEB390806E3411043091995E297CFE4DD3109B0F0EDD9E4A7FE7360BFD92D3C6A3D08754F883AB8CEAE5C14ED4D43C779A32796A06C1B33446981359D9DF239FC79C586D5FA3A6F398D6BC413A68AFA396B0774A051A90E5797C9C7830714C30E489B61C6529F3E0BB0C1DBD7AD26234C18"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(752)
f:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
f:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
f:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
f:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
f:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
f:\program files\SUPERAntiSpyware\SASWINLO.dll
f:\windows\system32\WININET.dll
f:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
f:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
f:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
f:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
f:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
f:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
f:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
f:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
f:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll
f:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
f:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
f:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
f:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
f:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
f:\windows\system32\xenroll.dll
f:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
f:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'Explorer.exe'(1484)
f:\windows\system32\WININET.dll
f:\windows\system32\APSHook.dll
f:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\IEFRAME.dll
f:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
f:\windows\system32\mshtml.dll
f:\windows\system32\msls31.dll
.
Zeit der Fertigstellung: 2010-09-23  23:31:18
ComboFix-quarantined-files.txt  2010-09-23 21:31
ComboFix2.txt  2010-09-23 20:12

Vor Suchlauf: 6.215.966.720 bytes free
Nach Suchlauf: 6.202.245.120 bytes free

- - End Of File - - 12D91590B660FB0E215DCB00C8ADA236
--- --- ---

cosinus 24.09.2010 10:52
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

luko 24.09.2010 12:17
Hallo Arne,

hab die OSAM scann results durchgesehen und alle unknown gecheckt
bis auf die tdjzasdk.dll sind es alles Trelber fuer Label-Drucker oder progs for RIM Blackberry.

OSAM log

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:59:24 on 24.09.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Bioscrypt Inc." - F:\WINDOWS\system32\APSHook.dll

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - F:\WINDOWS\system32\OODBS.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"accelerometercp.CPL" - "Hewlett-Packard Corporation" - F:\WINDOWS\system32\accelerometercp.CPL
"cttune.cpl" - ? - F:\WINDOWS\system32\cttune.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - F:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - F:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - F:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvtuicpl.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - F:\WINDOWS\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Accelerometer" - "Hewlett-Packard Corporation" - F:\WINDOWS\system32\accelerometercp.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - F:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"CognizanceWS" - "Cognizance Corporation" - F:\PROGRA~1\HEWLET~1\IAM\Bin\Settings.dll
"PTHOST.CPL" - " Hewlett-Packard Development Company, L.P" - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOST.CPL
"QlbConfig" - " Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbConfg.cpl
"SMAX4CP" - "Analog Devices, Inc." - F:\Program Files\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - F:\Cofi\catchme.sys  (File not found)
"Cdr4_xp" (Cdr4_xp) - "Sonic Solutions" - F:\WINDOWS\system32\drivers\Cdr4_xp.sys
"Cdralw2k" (Cdralw2k) - "Sonic Solutions" - F:\WINDOWS\system32\drivers\Cdralw2k.sys
"Changer" (Changer) - ? - F:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Conexant Setup API" (UIUSys) - ? - F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS  (File not found)
"i2omgmt" (i2omgmt) - ? - F:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - F:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - F:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - F:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - F:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - F:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - F:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - F:\WINDOWS\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASENUM.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"tdjzasdk" (tdjzasdk) - "MHcwcUpSHNOlv4VJ" - F:\WINDOWS\system32\drivers\tdjzasdk.sys  (Hidden file | Hidden registry entry, rootkit activity)
"WDICA" (WDICA) - ? - F:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - f:\WINDOWS\system32\Rundll32.exe f:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - F:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - F:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? - deskpan.dll  (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? -  (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - F:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? -  (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - f:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - f:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - F:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - F:\Program Files\WinRAR\rarext.dll
{ABE00001-0123-ABED-1248-0248ADFA1909} "Zoom Player ShellExt" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{A3256902-51FA-45A0-8A97-FC1143C169D9} "Diagnostics ActiveX WebControl" - "Microsoft Corporation" - F:\WINDOWS\Downloaded Program Files\DiagWAPI.dll / hxxp://support.microsoft.com/mats/DiagWebControl.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} "TeamOn Import Object" - "TeamOn Systems, Inc. " - F:\WINDOWS\Downloaded Program Files\TOImport.dll / https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} "Credential Manager for HP ProtectTools" - "Bioscrypt Inc." - F:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - F:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-----( %UserProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - F:\Documents and Settings\xxxxx\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CognizanceTS" - "Cognizance Corporation" - rundll32.exe F:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
"IAAnotif" - "Intel Corporation" - F:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"IntelZeroConfig" - "Intel Corporation" - "F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
"nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet /nodetect
"PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Broadcom 802.11 Wireless LAN Adapter Logon Provider" - "Broadcom Corporation" - F:\WINDOWS\System32\BCMLogon.dll
"Credential Manager" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
"IntelNetProvCredMan" - ? - c:\windows\system32\netprovcredman.dll  (File not found)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Argox Language Monitor" - ? - F:\WINDOWS\system32\argomon.dll  (File found, but it contains no detailed information)
"CutePDF Writer Monitor" - ? - F:\WINDOWS\system32\cpwmon2k.dll  (File found, but it contains no detailed information)
"Seagull Network Monitor" - "Seagull Scientific, Inc." - F:\WINDOWS\system32\ssnetmon.dll
"Seiko SLP Monitor" - "Seiko Instruments USA, Inc." - F:\WINDOWS\system32\SLPMON.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\sched.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMon) - "Intel Corporation" - F:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\jqs.exe
"Local Communication Channel" (ASChannel) - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll
"Logon Session Broker" (ASBroker) - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
"MSSQL$UPSWSDBSERVER" (MSSQL$UPSWSDBSERVER) - "Microsoft Corporation" - F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
"MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - F:\WINDOWS\system32\oodag.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Security Platform Management Service" (IFXSpMgtSrv) - "Infineon Technologies AG" - F:\WINDOWS\system32\IFXSPMGT.exe
"SLPMONX" (SLPMONX) - "ProdEx Technologies" - F:\WINDOWS\system32\slpservice.exe
"SQLAgent$UPSWSDBSERVER" (SQLAgent$UPSWSDBSERVER) - "Microsoft Corporation" - F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE
"Trusted Platform Core Service" (IFXTCS) - "Infineon Technologies AG" - F:\WINDOWS\system32\IFXTCS.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WMDM PMSP Service" (WMDM PMSP Service) - "Microsoft Corporation" - F:\WINDOWS\system32\MsPMSPSv.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
"IfxWlxEN" - "Infineon Technologies AG" - F:\WINDOWS\system32\IfxWlxEN.dll
"OneCard" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
"WgaLogon" - "Microsoft Corporation" - F:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


bootkit remover log

.\debug.cpp(238) : Debug log started at 24.09.2010 - 11:06:13
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf7358000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf7347000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf7487000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf72bd000 0x0008a000 "tdjzasdk.sys"
.\debug.cpp(256) : 0xf789b000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xf789f000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf729f000 0x0001e000 "pcmcia.sys"
.\debug.cpp(256) : 0xf7497000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf7280000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf798b000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xf725a000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xf78a3000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xf7a50000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf74a7000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf7242000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf716c000 0x000d6000 "iaStor.sys"
.\debug.cpp(256) : 0xf74b7000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf74c7000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf714c000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf713a000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf74d7000 0x0000a000 "PxHelp20.sys"
.\debug.cpp(256) : 0xf7123000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf7096000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf7069000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf74e7000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf74f7000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf704f000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf7507000 0x00009000 "hpdskflt.sys"
.\debug.cpp(256) : 0xf7587000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xf7627000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xf593b000 0x00687000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xf5927000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf58ff000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xf56dc000 0x00223000 "\SystemRoot\system32\DRIVERS\NETw4x32.sys"
.\debug.cpp(256) : 0xf77e7000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xf56b8000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf77ef000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf566c000 0x0004c000 "\SystemRoot\system32\drivers\tifm21.sys"
.\debug.cpp(256) : 0xf5658000 0x00014000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0xf5642000 0x00016000 "\SystemRoot\system32\DRIVERS\gtipci21.sys"
.\debug.cpp(256) : 0xf6fb9000 0x00004000 "\SystemRoot\system32\DRIVERS\SMCLIB.SYS"
.\debug.cpp(256) : 0xf562e000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf7637000 0x00009000 "\SystemRoot\system32\DRIVERS\IFXTPM.SYS"
.\debug.cpp(256) : 0xf6530000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf77f7000 0x00005000 "\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys"
.\debug.cpp(256) : 0xf6520000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS"
.\debug.cpp(256) : 0xf55b3000 0x0007b000 "\SystemRoot\system32\DRIVERS\Wdf01000.sys"
.\debug.cpp(256) : 0xf780f000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf557d000 0x00036000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xf79c5000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf7817000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf6510000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf6500000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf64f0000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf555a000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xf64e0000 0x0000a000 "\SystemRoot\system32\DRIVERS\Accelerometer.sys"
.\debug.cpp(256) : 0xf6fa9000 0x00003000 "\SystemRoot\system32\DRIVERS\cpqbttn.sys"
.\debug.cpp(256) : 0xf64d0000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xf77ff000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xf6fa5000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xf6fa1000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xf7bb3000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf79c7000 0x00002000 "\SystemRoot\System32\Drivers\RootMdm.sys"
.\debug.cpp(256) : 0xf7807000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xf64c0000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf794f000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf4b94000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf5fe2000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf5fd2000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf7867000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf4b83000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf5fc2000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf786f000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf7877000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf787f000 0x00007000 "\SystemRoot\system32\DRIVERS\RimSerial.sys"
.\debug.cpp(256) : 0xf4b53000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xf7647000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf79d1000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf4acd000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf63d6000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf63ca000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xf7667000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xb664f000 0x00049000 "\SystemRoot\system32\drivers\ADIHdAud.sys"
.\debug.cpp(256) : 0xb662b000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xb7bc3000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb6573000 0x00018000 "\SystemRoot\system32\drivers\AEAudio.sys"
.\debug.cpp(256) : 0xb6541000 0x00032000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys"
.\debug.cpp(256) : 0xb6444000 0x000fd000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
.\debug.cpp(256) : 0xb6394000 0x000b0000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
.\debug.cpp(256) : 0xb7bb3000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xb5347000 0x00023000 "\SystemRoot\system32\DRIVERS\ATSwpDrv.sys"
.\debug.cpp(256) : 0xf7a3b000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf7bad000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf7a3d000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xb7eb3000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf7a1d000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf7a1f000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xb15ce000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xb15c6000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xb1b98000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xb0376000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xb031d000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xb02f5000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xb02cf000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb02ad000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xb137d000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xb136d000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xb134d000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xb15be000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xb0288000 0x00025000 "\??\F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys"
.\debug.cpp(256) : 0xb15b6000 0x00006000 "\??\F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"
.\debug.cpp(256) : 0xb025d000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xb01ed000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xb133d000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xb01d1000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xf7a23000 0x00002000 "\??\F:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xb130d000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb0889000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xb15a6000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbd000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf7ad4000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbd012000 0x0058e000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xafe5c000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xf120d000 0x00005000 "\SystemRoot\system32\DRIVERS\AegisP.sys"
.\debug.cpp(256) : 0xb7596000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xb7592000 0x00003000 "\SystemRoot\system32\DRIVERS\s24trans.sys"
.\debug.cpp(256) : 0xafdb7000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xafd2a000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xb74c3000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xb54d0000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xaf8a8000 0x00003000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xaf231000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xf75f7000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xaf9dc000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xb0dae000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xaf02d000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0xf77b7000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{953ad796-1f97-4aac-b0c3-24ea46dfc091}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000009f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}"
.\debug.cpp(400) : Destination "\Device\AegisP_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{953ad796-1f97-4aac-b0c3-24ea46dfc091}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#5&1e8dc1e5&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\00000084"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#29012a0c23f99#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000099"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#HPQ0004#3&b1bfb68&0#{dd2a6682-735e-4e8e-8a59-d9dccf1ebece}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_309F103C&REV_01#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_309F103C&REV_01#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination "\Device\avgio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d53dfcd&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&13a91e62&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04b4&Pid_6560#5&d18036f&0&7#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ0_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CC21C58B-1D58-4387-80E2-ABD0813FF1C8}"
.\debug.cpp(400) : Destination "\Device\{CC21C58B-1D58-4387-80E2-ABD0813FF1C8}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHTS721010G9SA00_________________________MCZOC10Q#4&21eb004c&1&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&b98aba7&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_103C309F&REV_0900#4&4b994d5&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\000000a0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000009f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04a9&Pid_1088#21a185#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000009f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________HN03____#304b363648363345333920372020202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#5&1e8dc1e5&0#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\000000b5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000009f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}"
.\debug.cpp(400) : Destination "\Device\{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ1_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM4"
.\debug.cpp(400) : Destination "\??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&28738126&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_STORAGE_DEVICE&Rev_9407#000000009407&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\000000bd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0619&Pid_0104#SLP200#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM5"
.\debug.cpp(400) : Destination "\??\Root#PORTS#0001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#IFX0102#4&28738126&0#{c3fa81c6-2299-48f4-bd45-915e62b4db92}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05e3&Pid_0715#000000009407#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2fd112f1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803D&SUBSYS_309F103C&REV_00#4&2ec23395&0&34F0#{50dd5230-ba8a-11d1-bf5d-0000f805f530}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f3e24f80-0dde-11df-bd8d-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a4752e3-55ef-11bd-890b-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04a9&Pid_1088#21a185#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803B&SUBSYS_309F103C&REV_00#4&2ec23395&0&32F0#{2c9f2281-eb3c-11d6-80af-0001020c74d4}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature2E2E2E2EOffset1B5E4A000Length4E200A000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature2E2E2E2EOffset697E5BE00Length1B5E42200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ2_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{497A4ECC-B9EC-412D-A21C-39B82050F518}"
.\debug.cpp(400) : Destination "\Device\{497A4ECC-B9EC-412D-A21C-39B82050F518}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1a3ab2ba&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803D&SUBSYS_309F103C&REV_00#4&2ec23395&0&34F0#{6d2b71e2-8e3d-11d4-8980-005004fce90d}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{03E4CC9C-9686-C7EF-80B2-66DFC94A5ED0}"
.\debug.cpp(400) : Destination "\Device\{03E4CC9C-9686-C7EF-80B2-66DFC94A5ED0}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature2E2E2E2EOffset7E00Length1B5E42200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{779B5372-5274-4BF3-9BFF-99B0E9EA7B52}"
.\debug.cpp(400) : Destination "\Device\{779B5372-5274-4BF3-9BFF-99B0E9EA7B52}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_309F103C&REV_01#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&28738126&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_309F103C&REV_01#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS.SYS"
.\debug.cpp(400) : Destination "\Device\S24Trans.sys"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_08ff&Pid_2580#5&5f89f3b&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0"
.\debug.cpp(400) : Destination "\Device\Pcmcia0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________HN03____#304b363648363345333920372020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a4752e6-55ef-11bd-890b-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D4E66A3B-00E1-41EF-93F5-56A8785F3286}"
.\debug.cpp(400) : Destination "\Device\{D4E66A3B-00E1-41EF-93F5-56A8785F3286}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination "\Device\ARP1394"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\s24trans_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}"
.\debug.cpp(400) : Destination "\Device\s24trans_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000009e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DsdaFilter"
.\debug.cpp(400) : Destination "\Device\DsdaFilter"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ3_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN011D#4&28738126&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP"
.\debug.cpp(400) : Destination "\Device\000000a0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination "\Device\ssmctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000032"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\K:"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803A&SUBSYS_309F103C&REV_00#4&2ec23395&0&31F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{56907941-3afe-11d4-ae2c-00a0cc242d2c}"
.\debug.cpp(400) : Destination "\Device\0000009f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________HN03____#304b363648363345333920372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a4752e5-55ef-11bd-890b-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ4_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&216ac67a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#6&2057da98&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&b98aba7&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a4752e4-55ef-11bd-890b-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SASKUTIL"
.\debug.cpp(400) : Destination "\Device\SASKUTIL"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0619&Pid_0104#SLP200#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6779F181-E1F6-4C29-BA46-133B38F573C6}"
.\debug.cpp(400) : Destination "\Device\{6779F181-E1F6-4C29-BA46-133B38F573C6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP"
.\debug.cpp(400) : Destination "\Device\AegisP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{9a4e7718-010f-11df-8c3a-001302611560}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FLUSB-0"
.\debug.cpp(400) : Destination "\Device\FLUSB-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ5_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A9521895-284F-4CEC-8C06-5337869E27E4}"
.\debug.cpp(400) : Destination "\Device\{A9521895-284F-4CEC-8C06-5337869E27E4}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_08ff&Pid_2580#5&5f89f3b&0&2#{f880c068-aa80-4447-86b2-cf597fa31ed9}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}"
.\debug.cpp(400) : Destination "\Device\s24trans_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination "\Device\DmLoader"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination "\Device\MICH_AZ0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24Trans.sys"
.\debug.cpp(400) : Destination "\Device\S24Trans.sys"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\NamedPipe\Spooler\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5043852E-55CB-4687-8A13-85F35A9AEA67}"
.\debug.cpp(400) : Destination "\Device\{5043852E-55CB-4687-8A13-85F35A9AEA67}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#5&1e8dc1e5&0#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\000000b5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_029B&SUBSYS_309F103C&REV_A1#4&31b7bfb9&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV"
.\debug.cpp(400) : Destination "\Device\SASDIFSV"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{a8bdfc47-9b46-4bc3-97ea-7d092a5c1b72}"
.\debug.cpp(400) : Destination "\Device\0000009f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_309F103C&REV_01#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A87C2E0F-9A46-46b8-8EC4-E33355FBE1F7}#KeyboardFilter#5&70b590b&0&01#{3569dbe5-fa4f-4e7e-96ec-540202073739}"
.\debug.cpp(400) : Destination "\Device\0000009a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02#4&4878531&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\iaStor0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standard Modem"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{34699dc2-f125-4490-ae54-e7db91946f9e}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col01#3&563a312&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000009d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature2E2E2E2EOffset84DCA5E00LengthEFC4AC200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{34699dc2-f125-4490-ae54-e7db91946f9e}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_103C309F&REV_0900#4&4b994d5&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\000000a0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000009e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000009f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination "\Device\avipbb"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\F:
.\boot_cleaner.cpp(600) : \\.\F: -> \\.\PhysicalDrive0 at offset 0x00000001`b5e4a000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;

luko 24.09.2010 12:30
so... mitlerweile hat sich GMER mit AVIRA verhakt, XP musste per hard reset down und bootet nicht mehr . bei F8 in safe mode bleibt er bei isapnp.sys haengen.
Ich habe noch ein 2000er auf C.
Was sagt der Profi:
Datenrettung und ab dafuer ???

Danke Luko

cosinus 24.09.2010 13:31
Zitat:
o... mitlerweile hat sich GMER mit AVIRA verhakt
Du hast AntiVir vorher nicht abgestellt?? :wtf:

luko 24.09.2010 13:39
zu spaet geschaltet: hatte GMER angklickt zum verschieben und da ging es gleich los. Dachte dann: nicht so schlimm , zum scan dann Sicherheit und WLAN aus schalten.
Das war definitiv die falsche Reihenfolge .

Was meinst Du, Arne, bekomme ich das wieder hin, oder 3 Tage opfern und XP plaetten??? oder gleich die ganze Platte frisch machen (mit s0kill , das sind 5-6 Tage )

Zeit habe ich wirklich nicht viel, vor allem nicht uebrig dafuer ...

Luko

cosinus 24.09.2010 14:08
Kopier mal diese isapnp.sys => File-Upload.net - isapnp.sys

Über Dein laufendes Windows 2000 in den system32/drivers Ordner von XP.

luko 24.09.2010 15:24
Hallo Arne

XP ist wieder im Rennen... SATA controller aus und es lief wieder .
Lass uns bitte bei der Entwanzung weitermachen ..

Danke sehr

Luko

cosinus 25.09.2010 13:21
Wieso hast Du den SATA-Controller aktiviert?? :wtf:

Zitat:
"tdjzasdk" (tdjzasdk) - "MHcwcUpSHNOlv4VJ" - F:\WINDOWS\system32\drivers\tdjzasdk.sys (Hidden file | Hidden registry entry, rootkit activity)
Bitte mit OSAM deaktivieren und löschen, siehe Anleitung zu OSAM

luko 25.09.2010 20:16
HAllo Arne,

mit osam entfernt.


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:07:25 on 25.09.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Opera Software Opera Internet Browser 10.62

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Bioscrypt Inc." - F:\WINDOWS\system32\APSHook.dll

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - F:\WINDOWS\system32\OODBS.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"accelerometercp.CPL" - "Hewlett-Packard Corporation" - F:\WINDOWS\system32\accelerometercp.CPL
"cttune.cpl" - ? - F:\WINDOWS\system32\cttune.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - F:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - F:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - F:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvtuicpl.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - F:\WINDOWS\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Accelerometer" - "Hewlett-Packard Corporation" - F:\WINDOWS\system32\accelerometercp.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - F:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"CognizanceWS" - "Cognizance Corporation" - F:\PROGRA~1\HEWLET~1\IAM\Bin\Settings.dll
"PTHOST.CPL" - " Hewlett-Packard Development Company, L.P" - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOST.CPL
"QlbConfig" - " Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbConfg.cpl
"SMAX4CP" - "Analog Devices, Inc." - F:\Program Files\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - F:\Cofi\catchme.sys  (File not found)
"Cdr4_xp" (Cdr4_xp) - "Sonic Solutions" - F:\WINDOWS\system32\drivers\Cdr4_xp.sys
"Cdralw2k" (Cdralw2k) - "Sonic Solutions" - F:\WINDOWS\system32\drivers\Cdralw2k.sys
"Changer" (Changer) - ? - F:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Conexant Setup API" (UIUSys) - ? - F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS  (File not found)
"i2omgmt" (i2omgmt) - ? - F:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - F:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - F:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - F:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - F:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - F:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - F:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - F:\WINDOWS\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASENUM.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - F:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - f:\WINDOWS\system32\Rundll32.exe f:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - F:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - F:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? - deskpan.dll  (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? -  (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - F:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? -  (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - f:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - f:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - F:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - F:\Program Files\WinRAR\rarext.dll
{ABE00001-0123-ABED-1248-0248ADFA1909} "Zoom Player ShellExt" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{A3256902-51FA-45A0-8A97-FC1143C169D9} "Diagnostics ActiveX WebControl" - "Microsoft Corporation" - F:\WINDOWS\Downloaded Program Files\DiagWAPI.dll / hxxp://support.microsoft.com/mats/DiagWebControl.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} "TeamOn Import Object" - "TeamOn Systems, Inc. " - F:\WINDOWS\Downloaded Program Files\TOImport.dll / https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} "Credential Manager for HP ProtectTools" - "Bioscrypt Inc." - F:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - F:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-----( %UserProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - F:\Documents and Settings\Luko\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CognizanceTS" - "Cognizance Corporation" - rundll32.exe F:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
"IAAnotif" - "Intel Corporation" - F:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"IntelZeroConfig" - "Intel Corporation" - "F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
"nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet /nodetect
"PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Broadcom 802.11 Wireless LAN Adapter Logon Provider" - "Broadcom Corporation" - F:\WINDOWS\System32\BCMLogon.dll
"Credential Manager" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
"IntelNetProvCredMan" - ? - c:\windows\system32\netprovcredman.dll  (File not found)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Argox Language Monitor" - ? - F:\WINDOWS\system32\argomon.dll  (File found, but it contains no detailed information)
"CutePDF Writer Monitor" - ? - F:\WINDOWS\system32\cpwmon2k.dll  (File found, but it contains no detailed information)
"Seagull Network Monitor" - "Seagull Scientific, Inc." - F:\WINDOWS\system32\ssnetmon.dll
"Seiko SLP Monitor" - "Seiko Instruments USA, Inc." - F:\WINDOWS\system32\SLPMON.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\sched.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMon) - "Intel Corporation" - F:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\jqs.exe
"Local Communication Channel" (ASChannel) - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll
"Logon Session Broker" (ASBroker) - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
"MSSQL$UPSWSDBSERVER" (MSSQL$UPSWSDBSERVER) - "Microsoft Corporation" - F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
"MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - F:\WINDOWS\system32\oodag.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Security Platform Management Service" (IFXSpMgtSrv) - "Infineon Technologies AG" - F:\WINDOWS\system32\IFXSPMGT.exe
"SLPMONX" (SLPMONX) - "ProdEx Technologies" - F:\WINDOWS\system32\slpservice.exe
"SQLAgent$UPSWSDBSERVER" (SQLAgent$UPSWSDBSERVER) - "Microsoft Corporation" - F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE
"Trusted Platform Core Service" (IFXTCS) - "Infineon Technologies AG" - F:\WINDOWS\system32\IFXTCS.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WMDM PMSP Service" (WMDM PMSP Service) - "Microsoft Corporation" - F:\WINDOWS\system32\MsPMSPSv.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
"IfxWlxEN" - "Infineon Technologies AG" - F:\WINDOWS\system32\IfxWlxEN.dll
"OneCard" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
"WgaLogon" - "Microsoft Corporation" - F:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---


DAnke .
LG Andreas

cosinus 25.09.2010 20:34
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

luko 25.09.2010 20:38
HAllo Arne auch diese Eklaerung will ich Dir atuerlich nicht schuldig bleiben :

Wieso ich einen SATA controller brauche?
Weil im NW9440 einen SATA Platte drin ist .

HP Bios option fuer Geraete > nativer SAT modus an /aus.
Bei XP geht es mit SATA on

Bei win 2K hab ich den Treiber einfach nicht richtig eingebunden bekommen.
SATA on :bootet 2k nur bis zum bluesceen abbruch
sata off : bootet 2 K tadellos.

Der fuer win2K passende controller erscheint auch bei 2000 ordentlich in der hardware, aber .... ???? Es geht nicht .. zumindest nicht mit SATA

LG Andreas

luko 25.09.2010 21:19
GetanOTL Logfile:
Code:
OTL logfile created on: 25.09.2010 22:11:27 - Run 3
OTL by OldTimer - Version 3.2.14.1    Folder = F:\Documents and Settings\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): E:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 6,84 Gb Total Space | 4,44 Gb Free Space | 64,97% Space Free | Partition Type: NTFS
Drive D: | 6,84 Gb Total Space | 3,49 Gb Free Space | 50,97% Space Free | Partition Type: NTFS
Drive E: | 59,94 Gb Total Space | 13,35 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 5,55 Gb Free Space | 28,42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3,79 Gb Total Space | 0,07 Gb Free Space | 1,95% Space Free | Partition Type: FAT32
 
Computer Name: xxxx
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - F:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - F:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - F:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - F:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation)
PRC - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - F:\Program Files\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe (Microsoft Corporation)
PRC - F:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - F:\WINDOWS\system32\slpmonx.exe (Seiko Instruments USA, Inc.)
PRC - F:\WINDOWS\system32\slpservice.exe (ProdEx Technologies)
 
 
========== Modules (SafeList) ==========
 
MOD - F:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools)
MOD - F:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - F:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - F:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
MOD - F:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll (Cognizance Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found
SRV - (HidServ) -- F:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (EvtEng) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (ASBroker) -- F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (IviRegMgr) -- F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ASChannel) -- F:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (IAANTMon) Intel(R) -- F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (MSSQL$UPSWSDBSERVER) -- F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$UPSWSDBSERVER) -- F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (O&O Defrag) -- F:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (SLPMONX) -- F:\WINDOWS\system32\slpservice.exe (ProdEx Technologies)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (catchme) -- F:\Cofi\catchme.sys File not found
DRV - (avgntflt) -- F:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASENUM) -- F:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- F:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- F:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Cdralw2k) -- F:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- F:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (avipbb) -- F:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- F:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (HDAudBus) -- F:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SynTP) -- F:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NETw4x32) Intel(R) -- F:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- F:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- F:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (s24trans) -- F:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (nv) -- F:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HpqKbFiltr) -- F:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (tifm21) -- F:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (GTIPCI21) -- F:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (HBtnKey) -- F:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSF_DPV) -- F:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- F:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- F:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (b57w2k) -- F:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Accelerometer) -- F:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (hpdskflt) -- F:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (IFXTPM) -- F:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (iaStor) -- F:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (SampleScanner) -- F:\WINDOWS\system32\drivers\ArtecGT.sys (  )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {CA98C7ED-AC2C-42F4-B531-6CDEB5DB2AAE}:1.9.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.01.18 21:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.08.23 16:12:43 | 000,000,000 | ---D | M]
 
[2010.01.15 20:59:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla\Extensions
[2010.09.21 18:04:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions
[2010.08.28 12:54:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.25 21:26:09 | 000,000,000 | ---D | M] (Flash and Video Download) -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010.08.28 12:54:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010.09.21 18:04:46 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions
[2008.07.28 12:07:36 | 000,069,632 | ---- | M] (UPS) -- F:\Program Files\Mozilla Firefox\plugins\NPEltr32.dll
[2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- F:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2009.11.03 04:14:39 | 000,001,392 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.03 04:14:39 | 000,002,344 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.03 04:14:39 | 000,006,805 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.03 04:14:39 | 000,001,178 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.03 04:14:39 | 000,000,801 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.23 22:09:27 | 000,000,027 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - F:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [avgnt] F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] F:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [IAAnotif] F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PTHOSTTR] F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKCU..\Run: [ISUSPM] F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} hxxp://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (F:\WINDOWS\system32\APSHook.dll) - F:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (F:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll) - F:\Program Files\Hewlett-Packard\IAM\Bin\OCGina.dll (Cognizance Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - F:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\OneCard: DllName - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\HP Cityscape Wide.bmp
O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\HP Cityscape Wide.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.11 13:07:50 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - F:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - F:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found
 
MsConfig - StartUpFolder: F:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanPanel.lnk - F:\Program Files\Medion\ScanPanel\ScnPanel.exe - ()
MsConfig - StartUpFolder: F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk - F:\Program Files\MICROSOFT SQL SERVER\80\TOOLS\BINN\sqlmangr.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: F:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk - F:\Program Files\UPS\WSTD\WSTDMessaging.exe - ()
MsConfig - StartUpFolder: F:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk - F:\Program Files\UPS\WSTD\wstdPldReminder.exe - (UPS)
MsConfig - StartUpReg: AccelerometerSysTrayApplet - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - F:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: IntelWireless - hkey= - key= - F:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
MsConfig - StartUpReg: NA1Messenger - hkey= - key= - F:\Program Files\UPS\WSTD\UPSNA1Msgr.exe ()
MsConfig - StartUpReg: Seagull Drivers - hkey= - key= - F:\WINDOWS\ssdal_nc.exe ()
MsConfig - StartUpReg: SoundMAX - hkey= - key= - F:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - F:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - F:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - f:\WINDOWS\system32\Rundll32.exe f:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - F:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - F:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "F:\WINDOWS\system32\rundll32.exe" "F:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3filter - F:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - F:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - F:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - F:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - F:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - F:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - F:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - F:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - F:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465003472846848)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.09.25 21:00:36 | 000,000,000 | RH-D | C] -- F:\Documents and Settings\***\Recent
[2010.09.25 20:51:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\***\Application Data\Online Solutions
[2010.09.23 23:57:04 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2010.09.23 23:27:32 | 000,000,000 | ---D | C] -- F:\Cofi16072C
[2010.09.23 21:46:05 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe
[2010.09.23 21:46:05 | 000,161,792 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe
[2010.09.23 21:46:05 | 000,136,704 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe
[2010.09.23 21:46:05 | 000,031,232 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe
[2010.09.23 21:46:01 | 000,000,000 | ---D | C] -- F:\Cofi
[2010.09.23 21:45:41 | 000,000,000 | ---D | C] -- F:\Qoobox
[2010.09.23 19:54:17 | 000,000,000 | ---D | C] -- F:\_OTL
[2010.09.23 12:06:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTL.exe
[2010.09.22 18:02:49 | 000,045,056 | ---- | C] (ULTIMA ELECTRONICS CORP.) -- F:\WINDOWS\System32\RemovePlus.exe
[2010.09.22 18:02:33 | 000,000,000 | ---D | C] -- F:\Program Files\Medion
[2010.09.22 15:40:42 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2010.09.22 15:37:14 | 000,000,000 | ---D | C] -- F:\Program Files\ERUNT
[2010.09.22 14:27:47 | 000,000,000 | ---D | C] -- F:\Program Files\Sophos
[2010.09.21 21:43:53 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro
[2010.09.21 19:18:41 | 000,000,000 | ---D | C] -- F:\Program Files\Safer Networking
[2010.09.15 16:02:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\***\Application Data\Google
[2010.09.15 16:01:46 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Google
[2010.09.15 15:57:42 | 000,000,000 | ---D | C] -- F:\Program Files\Google
[2010.03.29 20:57:15 | 000,018,120 | ---- | C] (  ) -- F:\WINDOWS\System32\drivers\ArtecGT.sys
 
========== Files - Modified Within 90 Days ==========
 
[2010.09.25 21:06:22 | 000,535,230 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.25 21:06:22 | 000,450,520 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010.09.25 21:06:22 | 000,075,330 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010.09.25 21:01:52 | 000,077,918 | ---- | M] () -- F:\WINDOWS\System32\nvModes.001
[2010.09.25 21:01:46 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010.09.25 21:01:32 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010.09.25 21:01:30 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010.09.25 21:01:25 | 000,126,003 | ---- | M] () -- F:\WINDOWS\System32\OODBS.lor
[2010.09.25 21:00:43 | 005,767,168 | -H-- | M] () -- F:\Documents and Settings\***\NTUSER.DAT
[2010.09.25 21:00:39 | 000,000,531 | ---- | M] () -- F:\WINDOWS\win.ini
[2010.09.25 20:51:59 | 000,564,800 | ---- | M] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys
[2010.09.25 20:51:53 | 005,805,264 | -H-- | M] () -- F:\Documents and Settings\***\Local Settings\Application Data\IconCache.db
[2010.09.25 20:42:55 | 000,000,619 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to osam.exe.lnk
[2010.09.25 20:40:54 | 000,077,918 | ---- | M] () -- F:\WINDOWS\System32\nvModes.dat
[2010.09.24 16:20:16 | 000,000,178 | -HS- | M] () -- F:\Documents and Settings\***\ntuser.ini
[2010.09.23 23:55:24 | 000,001,202 | ---- | M] () -- F:\WINDOWS\ScnPanel.ini
[2010.09.23 23:30:20 | 000,000,227 | ---- | M] () -- F:\WINDOWS\system.ini
[2010.09.23 22:09:27 | 000,000,027 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts
[2010.09.23 21:39:24 | 003,851,266 | R--- | M] () -- F:\Documents and Settings\***\Desktop\Cofi.exe
[2010.09.23 20:01:31 | 000,214,801 | ---- | M] () -- F:\_OTL.zip
[2010.09.23 12:05:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTL.exe
[2010.09.22 18:56:59 | 000,011,463 | ---- | M] () -- F:\WINDOWS\Dusb3ar.ini
[2010.09.22 18:56:59 | 000,002,662 | ---- | M] () -- F:\WINDOWS\Ausba3.INI
[2010.09.22 18:10:08 | 000,000,589 | ---- | M] () -- F:\Documents and Settings\***\Desktop\My.lnk
[2010.09.22 18:03:21 | 000,030,720 | ---- | M] () -- F:\WINDOWS\EWhiteu12.dat
[2010.09.22 18:03:21 | 000,000,004 | ---- | M] () -- F:\WINDOWS\AErroru3.dat
[2010.09.22 18:03:19 | 000,030,720 | ---- | M] () -- F:\WINDOWS\EDarku12.dat
[2010.09.22 18:03:16 | 000,000,006 | ---- | M] () -- F:\WINDOWS\EExpou.dat
[2010.09.22 18:03:16 | 000,000,003 | ---- | M] () -- F:\WINDOWS\EOffsetu.dat
[2010.09.22 18:03:16 | 000,000,003 | ---- | M] () -- F:\WINDOWS\EGain6.dat
[2010.09.22 14:58:29 | 000,000,681 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to Cleanup.exe.lnk
[2010.09.22 12:21:41 | 000,000,873 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to Kawapreise.xls.lnk
[2010.09.21 21:43:53 | 000,001,740 | ---- | M] () -- F:\Documents and Settings\***\Desktop\HijackThis.lnk
[2010.09.21 18:51:32 | 000,020,992 | ---- | M] () -- F:\Documents and Settings\***\My Documents\Wunschzettel.doc
[2010.09.20 20:43:13 | 000,002,181 | ---- | M] () -- F:\Documents and Settings\***\Desktop\REFLEX Modellflugsimulator.lnk
[2010.09.20 11:40:03 | 000,112,128 | ---- | M] () -- F:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.16 16:19:22 | 000,000,616 | ---- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.09.15 15:57:51 | 000,001,768 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2010.09.14 21:55:10 | 000,028,622 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Re_ Vent Window  Four Winns Liberator 211 SE 1986.eml
[2010.09.14 12:37:00 | 000,083,841 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Expedia  Reisebestätigung - Köln (2) - 5 Okt 2010 - (Reiseplan-Nr. 1759836991).eml
[2010.09.14 08:45:36 | 002,125,423 | ---- | M] () -- F:\Documents and Settings\***\Desktop\plesk8.pdf
[2010.09.12 12:02:33 | 000,000,724 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Bank***.lnk
[2010.09.10 16:48:11 | 000,000,275 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to *** LVM.xls.lnk
[2010.09.10 16:48:03 | 000,000,278 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to CARB-SWAP.xls.lnk
[2010.08.29 13:26:34 | 000,951,440 | ---- | M] () -- F:\Documents and Settings\***\My Documents\small-block.pdf
[2010.08.19 11:58:17 | 002,930,676 | ---- | M] () -- F:\Documents and Settings\***\My Documents\Spondon.rar
[2010.08.17 11:16:11 | 000,298,194 | ---- | M] () -- F:\Documents and Settings\***\My Documents\Trinken_ist_wie_Yoga.pdf
[2010.08.14 11:56:34 | 000,107,008 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 19:47:14 | 000,000,256 | ---- | M] () -- F:\WINDOWS\System32\pool.bin
[2010.08.12 19:45:16 | 006,326,721 | ---- | M] () -- F:\Documents and Settings\***\My Documents\Backup-(2010-08-12).ipd
[2010.08.10 22:23:49 | 000,009,931 | ---- | M] () -- F:\Documents and Settings\***\Desktop\KontenD.pdf
[2010.07.08 17:24:52 | 000,011,494 | ---- | M] () -- F:\Documents and Settings\***\Desktop\news0710.php
[2010.07.01 22:52:55 | 000,000,338 | ---- | M] () -- F:\Documents and Settings\***\Desktop\AUDIO.lnk
 
========== Files Created - No Company Name ==========
 
[2010.09.25 20:42:55 | 000,000,619 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to osam.exe.lnk
[2010.09.23 21:46:05 | 000,256,512 | ---- | C] () -- F:\WINDOWS\PEV.exe
[2010.09.23 21:46:05 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe
[2010.09.23 21:46:05 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe
[2010.09.23 21:46:05 | 000,077,312 | ---- | C] () -- F:\WINDOWS\MBR.exe
[2010.09.23 21:46:05 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe
[2010.09.23 21:42:44 | 003,851,266 | R--- | C] () -- F:\Documents and Settings\***\Desktop\Cofi.exe
[2010.09.23 20:01:31 | 000,214,801 | ---- | C] () -- F:\_OTL.zip
[2010.09.22 18:10:08 | 000,000,589 | ---- | C] () -- F:\Documents and Settings\***\Desktop\My.lnk
[2010.09.22 18:02:49 | 000,001,202 | ---- | C] () -- F:\WINDOWS\ScnPanel.ini
[2010.09.22 18:02:49 | 000,000,766 | ---- | C] () -- F:\WINDOWS\Uninstall.ico
[2010.09.22 18:02:29 | 000,001,704 | ---- | C] () -- F:\WINDOWS\ePlus.ini
[2010.09.22 14:58:29 | 000,000,681 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to Cleanup.exe.lnk
[2010.09.21 22:44:20 | 000,083,841 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Expedia  Reisebestätigung - Köln (2) - 5 Okt 2010 - (Reiseplan-Nr. 1759836991).eml
[2010.09.21 21:43:53 | 000,001,740 | ---- | C] () -- F:\Documents and Settings\***\Desktop\HijackThis.lnk
[2010.09.21 18:51:32 | 000,020,992 | ---- | C] () -- F:\Documents and Settings\***\My Documents\Wunschzettel.doc
[2010.09.21 12:32:23 | 000,564,800 | ---- | C] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys
[2010.09.15 15:57:51 | 000,001,768 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2010.09.14 21:55:10 | 000,028,622 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Re_ Vent Window  Four Winns Liberator 211 SE 1986.eml
[2010.09.14 08:45:36 | 002,125,423 | ---- | C] () -- F:\Documents and Settings\***\Desktop\plesk8.pdf
[2010.09.12 12:02:33 | 000,000,724 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Bank***.lnk
[2010.09.10 16:48:11 | 000,000,275 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to *** LVM.xls.lnk
[2010.09.10 16:48:03 | 000,000,278 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to CARB-SWAP.xls.lnk
[2010.08.29 13:26:34 | 000,951,440 | ---- | C] () -- F:\Documents and Settings\***\My Documents\small-block.pdf
[2010.08.25 17:41:25 | 000,000,873 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to Kawapreise.xls.lnk
[2010.08.19 11:58:16 | 002,930,676 | ---- | C] () -- F:\Documents and Settings\***\My Documents\Spondon.rar
[2010.08.17 11:16:11 | 000,298,194 | ---- | C] () -- F:\Documents and Settings\***\My Documents\Trinken_ist_wie_Yoga.pdf
[2010.08.12 19:45:16 | 006,326,721 | ---- | C] () -- F:\Documents and Settings\***\My Documents\Backup-(2010-08-12).ipd
[2010.08.10 22:23:48 | 000,009,931 | ---- | C] () -- F:\Documents and Settings\***\Desktop\KontenD.pdf
[2010.07.08 17:25:17 | 000,011,494 | ---- | C] () -- F:\Documents and Settings\***\Desktop\news0710.php
[2010.07.01 22:52:54 | 000,000,338 | ---- | C] () -- F:\Documents and Settings\***\Desktop\AUDIO.lnk
[2010.05.17 20:23:17 | 000,000,241 | ---- | C] () -- F:\WINDOWS\wstdUPSWSHIP.INI
[2010.03.29 20:57:18 | 000,200,704 | ---- | C] () -- F:\WINDOWS\Ausba3.dll
[2010.03.29 20:57:18 | 000,011,463 | ---- | C] () -- F:\WINDOWS\Dusb3ar.ini
[2010.03.29 20:57:18 | 000,002,662 | ---- | C] () -- F:\WINDOWS\Ausba3.INI
[2010.03.08 17:44:17 | 000,024,576 | R--- | C] () -- F:\WINDOWS\System32\Arsetup.dll
[2010.03.08 17:44:17 | 000,000,282 | R--- | C] () -- F:\WINDOWS\System32\Arsetup.ini
[2010.02.08 17:06:36 | 000,000,040 | ---- | C] () -- F:\WINDOWS\ed3_programmer.ini
[2010.02.07 15:49:56 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\FnF4.txt
[2010.01.15 22:52:06 | 000,112,128 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.15 21:27:03 | 000,085,504 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll
[2010.01.15 21:27:03 | 000,000,547 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.01.15 21:21:52 | 000,001,298 | ---- | C] () -- F:\WINDOWS\MultiTimer.ini
[2010.01.15 20:07:58 | 000,000,166 | ---- | C] () -- F:\WINDOWS\hbcikrnl.ini
[2010.01.14 18:12:22 | 000,006,656 | ---- | C] () -- F:\WINDOWS\System32\CNMVS5n.DLL
[2010.01.14 17:59:08 | 000,001,406 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2010.01.12 19:58:00 | 000,036,864 | ---- | C] () -- F:\WINDOWS\System32\SlpApi42.dll
[2010.01.12 19:54:30 | 000,087,552 | ---- | C] () -- F:\WINDOWS\System32\cpwmon2k.dll
[2010.01.12 15:23:20 | 000,204,800 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeW7.dll
[2010.01.12 15:23:20 | 000,200,704 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeA6.dll
[2010.01.12 15:23:20 | 000,192,512 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeP6.dll
[2010.01.12 15:23:20 | 000,192,512 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeM6.dll
[2010.01.12 15:23:20 | 000,188,416 | ---- | C] () -- F:\WINDOWS\System32\IVIresizePX.dll
[2010.01.12 15:23:19 | 000,020,480 | ---- | C] () -- F:\WINDOWS\System32\IVIresize.dll
[2007.08.09 03:18:00 | 001,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2007.08.09 03:18:00 | 001,474,560 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2007.08.09 03:18:00 | 001,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2007.08.09 03:18:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2007.03.16 14:13:44 | 000,012,547 | ---- | C] () -- F:\WINDOWS\System32\argomon.dll
[2003.04.08 13:41:20 | 000,180,224 | ---- | C] () -- F:\WINDOWS\System32\nssckbi.dll
[2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- F:\WINDOWS\System32\UNACEV2.DLL
[1998.05.07 03:10:00 | 000,069,632 | R--- | C] () -- F:\WINDOWS\System32\ODMA32.dll
[1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\QSwitch.txt
[1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\DSwitch.txt
[1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\AtStart.txt
[1980.01.04 02:00:13 | 000,039,859 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\FASTWiz.log
 
========== LOP Check ==========
 
[2010.01.16 14:42:07 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ACD Systems
[2010.01.13 23:35:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Infineon
[2010.01.14 15:22:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\LightScribe
[2010.03.29 20:45:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Research In Motion
[2010.01.16 15:49:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\ACD Systems
[2010.05.08 17:38:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\FreeFLVConverter
[2010.04.04 17:48:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\ImgBurn
[2010.01.13 23:35:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Infineon
[2010.02.06 13:40:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\InterVideo
[2010.09.25 20:53:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Online Solutions
[2010.01.15 18:59:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Opera
[2010.03.29 20:46:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Research In Motion
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.01.16 14:42:07 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ACD Systems
[2010.01.16 20:02:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Adobe
[1980.01.04 02:23:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Avira
[2010.09.15 16:01:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Google
[2010.01.13 23:35:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Infineon
[2010.01.12 15:23:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\InstallShield
[2010.01.13 22:33:34 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Intel
[2010.01.14 15:22:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\LightScribe
[2010.04.14 15:02:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.05.08 17:37:57 | 000,000,000 | --SD | M] -- F:\Documents and Settings\All Users\Application Data\Microsoft
[1980.01.04 01:50:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010.05.01 14:53:20 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010.02.06 14:27:51 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\QuickTime
[2010.03.29 20:45:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Research In Motion
[1980.01.04 02:26:07 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010.01.15 12:11:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010.06.10 09:31:02 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- F:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
 
< %APPDATA%\*. >
[2010.01.16 15:49:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\ACD Systems
[2010.01.16 14:47:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Adobe
[2010.01.18 16:44:34 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\AdobeAUM
[2010.01.16 20:03:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\AdobeUM
[2010.01.16 19:25:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Ahead
[2010.05.08 17:38:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\FreeFLVConverter
[2010.09.15 16:02:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Google
[2010.03.08 13:16:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Help
[2010.01.12 16:54:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\hpqLog
[1980.01.04 01:45:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Identities
[2010.04.04 17:48:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\ImgBurn
[2010.01.13 23:35:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Infineon
[2010.03.20 17:32:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\InstallShield
[2010.01.13 22:34:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Intel
[2010.02.06 13:40:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\InterVideo
[2010.01.15 19:20:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Macromedia
[2010.04.14 15:02:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Malwarebytes
[2010.01.30 20:25:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Media Player Classic
[2010.01.18 21:16:19 | 000,000,000 | --SD | M] -- F:\Documents and Settings\***\Application Data\Microsoft
[2010.01.15 20:59:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla
[2010.09.25 20:53:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Online Solutions
[2010.01.15 18:59:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Opera
[2010.03.29 20:46:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Research In Motion
[2010.01.30 22:20:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Roxio
[2010.01.20 16:28:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Sun
[1980.01.04 02:25:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\SUPERAntiSpyware.com
[2010.01.18 19:38:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Winamp
[2010.01.15 21:21:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\DesktopMgr.exe
[2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.20 17:33:23 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
[2010.03.20 17:33:23 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
[2010.03.20 17:33:23 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
[2010.01.12 19:49:55 | 000,025,214 | R--- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{53480370-6CA2-47EC-BC05-02B4B9271C31}\ARPPRODUCTICON.exe
[2010.01.12 19:49:55 | 000,025,214 | R--- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{53480370-6CA2-47EC-BC05-02B4B9271C31}\oodcnt_ds.53480300_6789_44B8_908F_AD7D7990104B.exe
[2010.01.12 19:49:55 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{53480370-6CA2-47EC-BC05-02B4B9271C31}\oodcnt_exe.53480300_6789_44B8_908F_AD7D7990104B.exe
[2010.01.12 21:33:27 | 000,057,344 | R--- | M] (Macrovision Corporation) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{7F362F06-A9A3-440F-8B19-6A01A72723C4}\ARPPRODUCTICON.exe
[1980.01.04 02:26:03 | 000,018,944 | R--- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
[1980.01.04 02:26:03 | 000,065,024 | R--- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
[2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\DesktopMgr.exe
[2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.01.15 22:27:59 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.01.15 22:27:59 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.01.15 22:27:59 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.01.15 22:27:59 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- F:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- F:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2005.10.12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- F:\WINDOWS\OemDir\iaStor.sys
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- F:\WINDOWS\system32\drivers\iaStor.sys
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- F:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys
[2005.10.12 13:08:52 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- F:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll
[2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- F:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- F:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- F:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- F:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- F:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- F:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- F:\WINDOWS\system32\user32.dll
[2004.08.04 14:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- F:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004.08.04 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- F:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- F:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- F:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- F:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- F:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- F:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- F:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- F:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- F:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- F:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[1980.01.04 02:15:24 | 000,094,208 | ---- | M] () -- F:\WINDOWS\system32\config\default.sav
[1980.01.04 02:15:24 | 000,659,456 | ---- | M] () -- F:\WINDOWS\system32\config\software.sav
[1980.01.04 02:15:23 | 000,917,504 | ---- | M] () -- F:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
< End of report >
--- --- ---


Danke sehr

Andreas

cosinus 26.09.2010 10:34
Zitat:
Bei win 2K hab ich den Treiber einfach nicht richtig eingebunden bekommen.
SATA on :bootet 2k nur bis zum bluesceen abbruch
sata off : bootet 2 K tadellos.
Achja die SATA-Geschichte kenn ich. Nur blöd wenn Du zwei OS hat, die nur in ihrer jew. eigenen Konfiguation booten. Wozu hast Du eigentlich noch ein Windows 2000 parallel installiert?


Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
DRV - (UIUSys) -- F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
[2010.09.21 12:32:23 | 000,564,800 | ---- | C] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

luko 26.09.2010 12:11
Hallo Arne,

2000 ist für ein KHK FiBu Programm , was mindestens genauso alt aber bezahlt ist. Nur läuft es nicht auf PCs mit über 1GB RAM. Sowas weiß man naturlich erst nachher.
Ein 2.tes System ist für mich schon Pflicht, aber mir fehlt es an Know How.
Ansich wollte ich ein daily XP Backup, um im Notfall von der USB HDD zu booten, aber auch da, nur Probleme.
Linux hatte ich mal kurz auf der alten Partition, kam aber auch nicht richtig damit zurecht. Win-verblödet eben !

Hier das Log von OTL.

P.S. Was weiß man eigentlich über meine Schädlinge ?
(wer warum woher wieso) google brachte mir wenig bis fast nichts .

All processes killed
========== OTL ==========
Service UIUSys stopped successfully!
Service UIUSys deleted successfully!
File F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found not found.
File F:\WINDOWS\System32\drivers\tdjzasdk.sys not found.
========== COMMANDS ==========
F:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: ****
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 621529 bytes
->Flash cache emptied: 517 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 09262010_122634

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 26.09.2010 12:20
Zitat:
Nur läuft es nicht auf PCs mit über 1GB RAM. Sowas weiß man naturlich erst nachher.
Häh? Das Windows 2000 läuft auch mit Deinen 3GB im RAM. Wieso läuft es denn angeblich nicht mit über 1 GB RAM unter XP, aber unter Windows 2000? :wtf:


Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

luko 26.09.2010 19:41
Nee Arne, falsch verstanden:
Das Fibu 2000 Prog grunzt da es mit den über 1GB RAM angeblich nicht umgehen kann. ( Info aus google /Forum) Win 2000 und XP haben natürlich nichts gg ausrechend RAM.

der alte Dell hat 512MB dann muß der aus dem Kinderzimmer ins Büro.


hier der

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4698

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.09.2010 20:16:50
mbam-log-2010-09-26 (20-16-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (F:\|)
Durchsuchte Objekte: 191092
Laufzeit: 36 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
F:\_OTL\MovedFiles\09232010_195417\F_WINDOWS\abovekegubixudum.dll (Trojan.Hiloti) -> No action taken.

luko 27.09.2010 09:10
Guten Morgen Arne

hier der Report von SASW

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 09/26/2010 bei 06:17 PM

Version der Applikation : 4.43.1000

Version der Kern-Datenbank : 5580
Version der Spur-Datenbank : 3392

Scan Art : kompletter Scann
Totale Scann-Zeit : 00:30:34

Gescannte Speicherelemente : 571
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 6755
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 18188
Erfasste Datei-Elemente : 0

cosinus 27.09.2010 12:18
Sieht ok aus, da wurde nur ein Überrest im OTL-Quarantäneordner gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

luko 27.09.2010 14:59
Hallo Arne,

Haben Fertig !
Die OTL-Quarantäne ist geleert.

Meinen lieben Dank and Dich und deine Mitstreiter.

Frage + Tip : wo bitte war der zentrale Spenden-Knopf zu finden ??
Neben dem Server sollte natürlich der Kaffee auch nicht ausgehen .

So denn, Grüße aus dem Norden

Andreas

cosinus 27.09.2010 15:39
Wir sind dann durch! :abklatsch:

Zitat:
Frage + Tip : wo bitte war der zentrale Spenden-Knopf zu finden ??
Folge doch einfach dem Link in meiner Sig! :wtf:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

luko 28.09.2010 14:59
Hallo Arne,

Updates Windows fehlgeschlagen , kümmere mich später darum.
Adobe pdf ist runter, Sumatra nun drauf.
JAVA alt st runter, aber ich weiß nicht ob JRE oder JDK jetzt neu drauf muß.
Firewal Freigaben auf OPERA reduziert.


ABER....da gibt es allerdings noch einen Trojaner im restore versteckt, der mir heute gemeldet wurde :
Avira sagt :

Virus or unwanted program 'TR/Drop.Softomat.AN [trojan]'
detected in file 'F:\System Volume Information\_restore{3241DCE8-E5CA-459C-864D-9FD4DFE241BD}\RP266\A0050961.dll.
Action performed: Deny access

MAB im quikscan findet den allerdings nicht.

Please help.


LG Andreas

cosinus 28.09.2010 15:19
Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:30 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130