Links öffnen sich automatisch

Valnar94 · 18.07.2010, 18:18

Wenn ich im Browser bin öffnen sich nach einer bestimmten zeit von selbst illegale seiten.
Es passiert aber auch wenn ich auf eine seite gehen will,das er mich Automatisch auf eine illegale seite bringt (nich immer aber aber oft)

Und es gibt da noch ein problem wenn ich auf die seite hxxp://Drei.to gehe kommt da immer so eine grafik das ich Trojaner und sonst was hätte.Es ist aber auch schon in anderen seiten passiert blos mir fallen gerade keine ein

Hoffe ihr könnt mir helfen

Habe auch schon mit Malwarebytes,RSIT,HJT gescannt

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4323

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

18.07.2010 17:53:54
mbam-log-2010-07-18 (17-53-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 229757
Laufzeit: 1 Stunde(n), 8 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Hier RSIT

RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-07-18 18:40:28
Microsoft® Windows Vista™ Ultimate  Service Pack 1
System drive C: has 280 GB (93%) free of 300 GB
Total RAM: 511 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:46, on 18.07.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Users\Administrator\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (file missing)

--
End of file - 3360 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]
"C-Media Speaker Configuration"=C:\PROGRA~1\C-Media\WIN_ME\Setup.exe [2003-01-10 864256]
"Lachesis"=C:\Program Files\Razer\Lachesis\razerhid.exe [2007-09-12 172032]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]
"AVMWlanClient"=C:\Program Files\avmwlanstick\wlangui.exe [2009-05-07 1904640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-20 233888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-18 18:40:28 ----D---- C:\rsit
2010-07-18 17:59:37 ----D---- C:\Program Files\trend micro
2010-07-16 20:51:18 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-16 20:51:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-16 20:51:16 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-15 13:33:09 ----D---- C:\Program Files\Winamp Detect
2010-07-15 13:32:45 ----D---- C:\Users\Administrator\AppData\Roaming\Winamp
2010-07-15 13:32:45 ----D---- C:\Program Files\Winamp
2010-07-15 10:18:51 ----D---- C:\Program Files\Common Files\Skype
2010-07-11 22:20:54 ----D---- C:\Users\Administrator\AppData\Roaming\vlc
2010-07-11 22:19:45 ----D---- C:\Program Files\VideoLAN
2010-07-11 22:16:33 ----D---- C:\Users\Administrator\AppData\Roaming\FreeVideoConverter
2010-07-11 22:09:03 ----A---- C:\Windows\system32\devil.dll
2010-07-11 22:09:03 ----A---- C:\Windows\system32\avisynth.dll
2010-07-11 22:09:01 ----A---- C:\Windows\system32\yv12vfw.dll
2010-07-11 22:09:01 ----A---- C:\Windows\system32\i420vfw.dll
2010-07-11 22:09:01 ----A---- C:\Windows\system32\AVSredirect.dll
2010-07-11 12:42:35 ----D---- C:\Spiele
2010-06-23 13:07:46 ----A---- C:\Windows\uninst.exe
2010-06-21 17:35:35 ----D---- C:\Users\Administrator\AppData\Roaming\Youtube Downloader HD

======List of files/folders modified in the last 1 months======

2010-07-18 18:40:24 ----D---- C:\Windows\Temp
2010-07-18 18:40:24 ----D---- C:\Windows\Minidump
2010-07-18 18:40:24 ----D---- C:\Windows
2010-07-18 18:18:15 ----D---- C:\Windows\Prefetch
2010-07-18 17:59:37 ----D---- C:\Program Files
2010-07-18 14:10:08 ----D---- C:\Users\Administrator\AppData\Roaming\Skype
2010-07-18 12:02:27 ----D---- C:\Windows\system32\catroot2
2010-07-17 18:15:25 ----A---- C:\Windows\DUMP5b7d.tmp
2010-07-16 20:51:18 ----D---- C:\Windows\system32\drivers
2010-07-16 12:56:53 ----D---- C:\ProgramData
2010-07-16 11:42:04 ----SHD---- C:\System Volume Information
2010-07-15 10:18:58 ----SHD---- C:\Windows\Installer
2010-07-15 10:18:55 ----D---- C:\Windows\system32\Tasks
2010-07-15 10:18:51 ----D---- C:\Program Files\Common Files
2010-07-12 15:33:29 ----D---- C:\Windows\winsxs
2010-07-12 09:17:14 ----D---- C:\Windows\System32
2010-07-12 08:55:21 ----A---- C:\Windows\win.ini
2010-07-11 22:08:57 ----RSD---- C:\Windows\Fonts
2010-07-11 13:52:10 ----D---- C:\Users\Administrator\AppData\Roaming\gtk-2.0
2010-07-11 11:53:23 ----D---- C:\Program Files\Mozilla Firefox
2010-07-10 21:42:03 ----D---- C:\Program Files\CCleaner
2010-06-19 20:40:49 ----D---- C:\Program Files\7-Zip
2010-06-19 20:36:26 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2008-01-21 145464]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-17 691696]
R0 videX32;videX32; C:\Windows\system32\DRIVERS\videX32.sys [2008-12-16 13976]
R1 ACEDRV05;ACEDRV05; \??\C:\Windows\system32\drivers\ACEDRV05.sys [2009-04-25 97792]
R2 ACEDRV09;ACEDRV09; \??\C:\Windows\system32\drivers\ACEDRV09.sys [2009-05-26 110304]
R2 enodpl;enodpl; C:\Windows\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 tandpl;tandpl; C:\Windows\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832]
R3 LachesisFltr;Lachesis Mouse Driver; C:\Windows\system32\drivers\Lachesis.sys [2007-08-08 12032]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 2314752]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-10-29 43520]
S1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S1 ntiomin;ntiomin; C:\Windows\system32\drivers\ntiomin.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 2314752]
S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2009-05-07 4352]
S3 BELKIN;Belkin Wireless G USB Network Adapter; C:\Windows\system32\DRIVERS\BLKWGU.sys []
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\Windows\system32\drivers\cmaudio.sys [2002-11-18 377358]
S3 cpuz130;cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-09-17 27672]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
S3 fwlanusbn;FRITZ!WLAN N; C:\Windows\system32\DRIVERS\fwlanusbn.sys [2009-05-07 440832]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\ADMINI~1\AppData\Local\Temp\NGKF007.tmp []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 Mkd2kfNt;Mkd2kfNt; C:\Windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]
S3 Mkd2Nadr;Mkd2Nadr; C:\Windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 SaiKCB03;SaiKCB03; C:\Windows\system32\DRIVERS\SaiKCB03.sys [2008-10-22 106496]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys []
S3 VIAudio;VIA AC'97 Audiocontroller; C:\Windows\system32\drivers\ac97via.sys [2006-11-02 68096]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 XDva285;XDva285; \??\C:\Windows\system32\XDva285.sys []
S3 XDva321;XDva321; \??\C:\Windows\system32\XDva321.sys []
S3 XDva349;XDva349; \??\C:\Windows\system32\XDva349.sys []
S3 xnacc;Treiberdienst XBOX 360-Controller für Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-21 521216]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [2009-05-07 368640]
S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-05-06 2785582]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe []
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

--- --- ---

info.txtRSIT Logfile:

Code:

ATTFilter

logfile of random's system information tool 1.08 2010-07-18 18:40:50

======Uninstall list======

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
AVM FRITZ!WLAN-->C:\Program Files\avmwlanstick\instwcli.exe -d1
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended DEU Language Pack-->MsiExec.exe /X{C911A0C2-2236-3164-AA47-F2566C01AE5E}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{1C2B3CEA-482E-4453-B3E2-C9731337828A}
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86 
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86 
Microsoft SQL Server Compact 3.5 SP2 DEU-->MsiExec.exe /I{0125D081-30D0-4A97-82A8-C28D444B6256}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C++ 2010 Express - DEU\setup.exe
Microsoft Visual C++ 2010 Express - DEU-->MsiExec.exe /X{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
osu!-->"C:\Windows\osu!\uninstall.exe" "/U:C:\Program Files\osu!\Uninstall\uninstall.xml"
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Razer Lachesis-->C:\Program Files\InstallShield Installation Information\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}\Setup.exe -runfromtemp -l0x0009 -removeonly
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Unterstützungsdateien für Microsoft SQL Server 2008-Setup -->MsiExec.exe /X{9AA2D735-3375-42D4-9A61-3FFEF82599D6}
VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows-Soundschemas-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: ADMiN-01
Event Code: 14204
Message: Dienst "WMPNetworkSvc" wurde gestartet.
Record Number: 200125
Source Name: Microsoft-Windows-WMPNSS-Service
Time Written: 20100718163917.000000-000
Event Type: Informationen
User: 

Computer Name: ADMiN-01
Event Code: 7036
Message: Dienst "Windows Media Player-Netzwerkfreigabedienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 200126
Source Name: Service Control Manager
Time Written: 20100718163917.000000-000
Event Type: Informationen
User: 

Computer Name: ADMiN-01
Event Code: 14344
Message: Ein neuer Medienserver konnte nicht initialisiert werden, da ein Fehler "0xc00d2711" in "WMCreateDeviceRegistration()" aufgetreten ist. Die Komponenten "Windows Media DRM" auf dem Computer sind möglicherweise beschädigt. Überprüfen Sie, ob die geschützten Dateien richtig in Windows Media Player wiedergegeben werden, und starten Sie dann den "WMPNetworkSvc"-Dienst neu.
Record Number: 200127
Source Name: Microsoft-Windows-WMPNSS-Service
Time Written: 20100718163919.000000-000
Event Type: Fehler
User: 

Computer Name: ADMiN-01
Event Code: 14344
Message: Ein neuer Medienserver konnte nicht initialisiert werden, da ein Fehler "0xc00d2711" in "WMCreateDeviceRegistration()" aufgetreten ist. Die Komponenten "Windows Media DRM" auf dem Computer sind möglicherweise beschädigt. Überprüfen Sie, ob die geschützten Dateien richtig in Windows Media Player wiedergegeben werden, und starten Sie dann den "WMPNetworkSvc"-Dienst neu.
Record Number: 200128
Source Name: Microsoft-Windows-WMPNSS-Service
Time Written: 20100718163919.000000-000
Event Type: Fehler
User: 

Computer Name: ADMiN-01
Event Code: 7036
Message: Dienst "Kryptografiedienste" befindet sich jetzt im Status "Ausgeführt".
Record Number: 200129
Source Name: Service Control Manager
Time Written: 20100718164016.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: ADMiN-01
Event Code: 1033
Message: Die Richtlinien werden ausgeschlossen, da sie nur mit dem override-only-Attribut definiert wurden.
Richtliniennamen=(IIS-W3SVC-MaxConcurrentRequests) (Shell-InBoxGames-FreeCell-EnableGame) (Shell-InBoxGames-FreeCell-EnableGame_w) (Shell-InBoxGames-Hearts-EnableGame) (Shell-InBoxGames-Hearts-EnableGame_w) (Shell-InBoxGames-Minesweeper-EnableGame) (Shell-InBoxGames-Minesweeper-EnableGame_w) (Shell-InBoxGames-PurblePlace-EnableGame) (Shell-InBoxGames-PurblePlace-EnableGame_w) (Shell-InBoxGames-Shanghai-EnableGame) (Shell-InBoxGames-Shanghai-EnableGame_w) (Shell-InBoxGames-Solitaire-EnableGame) (Shell-InBoxGames-Solitaire-EnableGame_w) (Shell-InBoxGames-SpiderSolitaire-EnableGame) (Shell-InBoxGames-SpiderSolitaire-EnableGame_w) (Shell-PremiumInBoxGames-Chess-EnableGame) (Shell-PremiumInBoxGames-Chess-EnableGame_w) (TabletPCInkBall-EnableGame) (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w) (nfs-admincmdtools-enabled) (nfs-adminmmc-enabled) (nfs-clientcmdtools-enabled) (nfs-clientcore-enabled) (sua-EnableSUA) 
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
SKU-ID=5e802570-4657-4e84-bfbc-6a0e531b84af
Record Number: 34190
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100718163932.000000-000
Event Type: Informationen
User: 

Computer Name: ADMiN-01
Event Code: 1003
Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen.
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
Lizenzierungsstatus=
{1,[1f59edc8-ad79-4d96-a62d-c33ee78da2ec, 8, 0xC004F014,0x0]}

{1,[30fab9cc-8614-4339-989f-7ce61fb7a5c4, 8, 0xC004F014,0x0]}

{1,[33a7e8d3-e2ab-413b-96a6-27c83b21c695, 8, 0xC004F014,0x0]}

{1,[56a13760-2b9c-406f-be8a-8f2ef22f10b5, 8, 0xC004F014,0x0]}

{1,[5e802570-4657-4e84-bfbc-6a0e531b84af, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}

{1,[a79a48fc-70d9-4413-ab47-81cf5d08f7ee, 8, 0xC004F014,0x0]}

{1,[d6a70f3f-2052-4633-a9aa-25ea0cdff672, 8, 0xC004F014,0x0]}

{1,[f00fa8e9-ac0f-4f43-a259-a26c110cbbf9, 8, 0xC004F014,0x0]}

{1,[f79b5e33-4a4e-451c-9e8a-55dcc9bdb89d, 8, 0xC004F014,0x0]}

{1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]}

Record Number: 34191
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100718163932.000000-000
Event Type: Informationen
User: 

Computer Name: ADMiN-01
Event Code: 1005
Message: Ergebnis der Inanspruchnahme von Windows-Rechten: hr=0x0

Record Number: 34192
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100718163933.000000-000
Event Type: Informationen
User: 

Computer Name: ADMiN-01
Event Code: 902
Message: Der Softwarelizenzierungsdienst wurde gestartet.

Record Number: 34193
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100718163934.000000-000
Event Type: Informationen
User: 

Computer Name: ADMiN-01
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 34194
Source Name: SecurityCenter
Time Written: 20100718164135.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: ADMiN-01
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys	
Record Number: 79832
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100718164044.248428-000
Event Type: Überwachung gescheitert
User: 

Computer Name: ADMiN-01
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys	
Record Number: 79833
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100718164044.506237-000
Event Type: Überwachung gescheitert
User: 

Computer Name: ADMiN-01
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys	
Record Number: 79834
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100718164044.756234-000
Event Type: Überwachung gescheitert
User: 

Computer Name: ADMiN-01
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys	
Record Number: 79835
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100718164045.045293-000
Event Type: Überwachung gescheitert
User: 

Computer Name: ADMiN-01
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys	
Record Number: 79836
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100718164045.310915-000
Event Type: Überwachung gescheitert
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"VS100COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 10.0\Common7\Tools\

-----------------EOF-----------------

--- --- ---

Und hier HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:46, on 18.07.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Users\XXX\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (file missing)

--
End of file - 3360 bytes

cosinus · 22.07.2010, 14:36

Hallo und

Zitat:

Und es gibt da noch ein problem wenn ich auf die seite hxxp://Drei.to gehe kommt da immer so eine grafik das ich Trojaner und sonst was hätte.

Warum gehst Du auch auf solche illegalen Seiten?

Wird ja wohl eine seriöse Seite sein, wenn man da massenhaft Downloads zu Filmen findet

bitte nen Vollscan mit akutalisiertem Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Valnar94 · 24.07.2010, 14:36

Hey cosinus

Danke das du dir die zeit nimmst mir zu helfen

Achja und das mit der grafik bei drei.to scheint bei jedem aufzutauchen nich nur an meine PC das habe ich festgestellt.

Und aus diesem grunde werde ich nich mehr auf diese seite gehen ich versprech es

Hier die logs

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4343

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

24.07.2010 15:06:31
mbam-log-2010-07-24 (15-06-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 228531
Laufzeit: 1 Stunde(n), 10 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.07.2010 15:09:36 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 40,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293,14 Gb Total Space | 271,64 Gb Free Space | 92,67% Space Free | Partition Type: NTFS
Drive D: | 172,62 Gb Total Space | 172,52 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ADMIN-01
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe File not found
SRV - (Ati External Event Utility) -- C:\Windows\System32\Ati2evxx.exe File not found
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found
DRV - (XDva321) -- C:\Windows\System32\XDva321.sys File not found
DRV - (XDva285) -- C:\Windows\System32\XDva285.sys File not found
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (GarenaPEngine) -- C:\Users\ADMINI~1\AppData\Local\Temp\NGKF007.tmp File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (cpuz130) -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (BELKIN) -- C:\Windows\System32\DRIVERS\BLKWGU.sys File not found
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (ACEDRV05) -- C:\Windows\System32\drivers\ACEDRV05.sys (Protect Software GmbH)
DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (SaiKCB03) -- C:\Windows\System32\drivers\SaiKCB03.sys (Saitek)
DRV - (Mkd2kfNt) -- C:\Windows\System32\drivers\Mkd2kfNT.sys (AhnLab, Inc.)
DRV - (Mkd2Nadr) -- C:\Windows\System32\drivers\Mkd2Nadr.sys (AhnLab, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (LachesisFltr) -- C:\Windows\System32\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys ()
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (VIAudio) -- C:\Windows\System32\drivers\ac97via.sys (VIA Technologies, Inc.)
DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys ()
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\Windows\System32\drivers\cmaudio.sys (C-Media Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 97 CA 12 50 91 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.22 15:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.21 16:35:06 | 000,000,000 | ---D | M]
 
[2010.07.23 17:10:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C3CD744D-2FAE-4640-8297-16B5DA423104} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [C-Media Speaker Configuration] C:\Program Files\C-Media\WIN_ME\Setup.exe ()
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0be94666-eb28-11de-a99a-0010dcc197b3}\Shell - "" = AutoRun
O33 - MountPoints2\{0be94666-eb28-11de-a99a-0010dcc197b3}\Shell\AutoRun\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\{1d3c0a63-2ff8-11de-9d01-0010dcc197b3}\Shell - "" = AutoRun
O33 - MountPoints2\{1d3c0a63-2ff8-11de-9d01-0010dcc197b3}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{22f0e68e-712c-11de-b819-0010dcc197b3}\Shell - "" = AutoRun
O33 - MountPoints2\{22f0e68e-712c-11de-b819-0010dcc197b3}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{5c21a6d6-3dad-11df-9873-001f3f0c32eb}\Shell - "" = AutoRun
O33 - MountPoints2\{5c21a6d6-3dad-11df-9873-001f3f0c32eb}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{c43b1a62-f461-11de-ac53-0010dcc197b3}\Shell - "" = AutoRun
O33 - MountPoints2\{c43b1a62-f461-11de-ac53-0010dcc197b3}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.24 13:44:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.24 13:44:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.24 13:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.15 13:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010.07.15 13:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010.07.15 10:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.07.11 22:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.07.11 22:09:03 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010.07.11 22:09:03 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010.07.11 22:09:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010.07.11 22:09:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2010.07.11 12:42:35 | 000,000,000 | ---D | C] -- C:\Spiele
[2010.07.11 12:42:35 | 000,000,000 | ---D | C] -- \Spiele
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.24 15:09:05 | 003,670,016 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat
[2010.07.24 13:55:36 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.24 13:55:36 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.24 13:54:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.24 13:54:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.24 13:47:11 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010.07.24 13:47:11 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010.07.24 13:44:46 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.23 20:48:37 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010.07.22 15:51:35 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010.07.12 08:55:21 | 000,000,302 | ---- | M] () -- C:\Windows\win.ini
[2010.07.11 17:40:31 | 000,015,666 | ---- | M] () -- C:\Windows\System32\shutdown.rar
[2010.07.11 17:40:18 | 000,015,666 | ---- | M] () -- C:\Windows\System32\LOL.rar
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.24 13:44:46 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.15 13:33:09 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010.07.11 22:09:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.07.11 17:40:31 | 000,015,666 | ---- | C] () -- C:\Windows\System32\shutdown.rar
[2010.07.11 17:40:18 | 000,015,666 | ---- | C] () -- C:\Windows\System32\LOL.rar
[2010.05.12 14:09:53 | 000,000,074 | ---- | C] () -- C:\Windows\Wininit.INI
[2010.05.07 15:06:26 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.05.01 22:23:01 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.01.26 18:00:20 | 000,000,036 | ---- | C] () -- C:\Windows\mafosav.INI
[2009.12.03 17:20:01 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.11.30 20:36:04 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2009.11.30 20:36:04 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2009.08.21 12:24:07 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2009.08.21 12:21:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.08.21 12:20:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.08.21 12:19:33 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.07.15 12:40:24 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.05.30 15:27:49 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.05.30 15:27:49 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.05.30 15:27:49 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.04.22 18:12:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.04.22 18:12:07 | 000,004,333 | ---- | C] () -- C:\Windows\mixerdef.ini
[2009.04.22 18:11:39 | 000,028,165 | ---- | C] () -- C:\Windows\cmijack.ini
[2009.04.22 18:11:39 | 000,018,240 | ---- | C] () -- C:\Windows\cmaudio.ini
[2009.04.22 18:11:34 | 000,000,415 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2009.04.14 08:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2008.10.22 14:57:08 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCCB03_0C.dll
[2008.10.22 14:57:08 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCCB03_10.dll
[2008.10.22 14:57:08 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCCB03_0A.dll
[2008.10.22 14:57:08 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCCB03_11.dll
[2008.10.22 14:57:06 | 000,843,776 | ---- | C] () -- C:\Windows\System32\SaiCCB03.Dll
[2008.10.22 14:57:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCCB03_07.dll
[2008.10.22 14:57:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCCB03_09.dll
[2008.10.22 14:57:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCCB03_0402.dll
[2008.01.21 04:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1913.08.01 16:18:54 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.07.2010 15:09:36 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 40,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293,14 Gb Total Space | 271,64 Gb Free Space | 92,67% Space Free | Partition Type: NTFS
Drive D: | 172,62 Gb Total Space | 172,52 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ADMIN-01
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A13F94-5C59-49AC-9B06-2341BCC122F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{06F90765-A87B-4E65-A91A-BFBCCEB9DFF5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0E06CAB5-067F-4AA4-9907-0289539D7C76}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher | 
"{37EB1D09-3775-439E-BBFD-0CBD17357FA8}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher | 
"{5A5EECE0-EAF4-45CC-A64F-A7D6DB9D9CE1}" = lport=8371 | protocol=17 | dir=in | name=league of legends launcher | 
"{5DF18D78-2A72-4508-95C1-D9404CA8481E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6D64F43F-997A-4451-BC95-28148624112A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7D7B5B5E-D0C1-493D-B681-28F1393D7228}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8D202534-E0E1-4B06-8D03-E29786999833}" = lport=8371 | protocol=6 | dir=in | name=league of legends launcher | 
"{A3D09BF4-669E-4B88-87FE-144A91331997}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B5E5B613-8F69-4CAA-B1FB-A76BC95865A7}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher | 
"{C4791184-1A2D-4463-AEC2-DB17F63D718D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CB2D5BF9-8424-4D8A-B62D-C58546902C01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD6D93A5-5D58-4E56-BF1D-CC80784CC07F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FE4CE62B-96BA-41F1-BC01-9CE0B4C24664}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe | 
"{FF4FABF3-DBB5-4A79-A80C-73409F107B14}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FF2898-9680-4687-B0E8-C909FEA59BF3}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe | 
"{1520EEC8-62C0-4E3B-9494-529CED2A616D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B700756-548E-4426-9395-23DBAFA8494E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{402C04EA-B4E7-4B5D-885B-DE481FAE1C09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{45523B7F-CD84-4DA6-AA2E-EAE1F865A929}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E30A577-D5A1-4A7B-A514-000646D51352}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{60B5A7E7-6657-4B46-841C-B8F6E7001821}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{6BED4DB6-E0C4-40BB-90CE-B25C44D5FBD0}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{70D064C0-2EB1-467F-B263-FB55469212B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{71B5DDD9-374E-4A8B-A529-0BA0E478533C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{78E66F98-2C7C-4207-B989-117ECFF3028B}" = protocol=6 | dir=out | app=system | 
"{A59BC587-9F9B-4D79-8E22-6CCAED092F58}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe | 
"{AB89AFA9-5312-4695-ACDE-DCD509640344}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C39E32BA-87CA-4B29-9F42-F40657CB2CC3}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{C7BDD3D9-92B1-4D2F-96FF-388CCAFE037D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA3B0A3F-1B22-4E38-95B9-22127E5B20BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD2C7617-AA22-4A25-9F5B-4145C4927879}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD9DF447-F9AD-4816-8C02-D61A641CD68D}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe | 
"{F99EDFAF-A584-4642-AF2D-1105BC95F26A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{934528B2-09B3-C6E5-288A-4E554E6DF2B9}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"osu!" = osu!
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

cosinus · 26.07.2010, 14:51

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C3CD744D-2FAE-4640-8297-16B5DA423104} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O33 - MountPoints2\{0be94666-eb28-11de-a99a-0010dcc197b3}\Shell - "" = AutoRun
O33 - MountPoints2\{0be94666-eb28-11de-a99a-0010dcc197b3}\Shell\AutoRun\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\{1d3c0a63-2ff8-11de-9d01-0010dcc197b3}\Shell - "" = AutoRun
O33 - MountPoints2\{1d3c0a63-2ff8-11de-9d01-0010dcc197b3}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{22f0e68e-712c-11de-b819-0010dcc197b3}\Shell - "" = AutoRun
O33 - MountPoints2\{22f0e68e-712c-11de-b819-0010dcc197b3}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{5c21a6d6-3dad-11df-9873-001f3f0c32eb}\Shell - "" = AutoRun
O33 - MountPoints2\{5c21a6d6-3dad-11df-9873-001f3f0c32eb}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{c43b1a62-f461-11de-ac53-0010dcc197b3}\Shell - "" = AutoRun
O33 - MountPoints2\{c43b1a62-f461-11de-ac53-0010dcc197b3}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
[2010.07.11 17:40:31 | 000,015,666 | ---- | M] () -- C:\Windows\System32\shutdown.rar
[2010.07.11 17:40:18 | 000,015,666 | ---- | M] () -- C:\Windows\System32\LOL.rar
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Valnar94 · 27.07.2010, 14:36

So habe ich jetzt gemacht aber ich habe einen bluescreen bekommen den ich fast immer bekomme.

Ich weis nich ob das jetzt überhaupt richtig ist oder ob ich es nochmal machen muss.

auf jedenfall habe ich eine desktop.ini und eine photothumb.db in meinem desktop bekommen.

desktop.ini:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Norton AntiVirus.lnk=@C:\PROGRA~1\NORTON~2\Branding\muis.dll,-101

und die andere kann ich nich öffnen ist eine system datei.

cosinus · 27.07.2010, 15:07

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Valnar94 · 27.07.2010, 15:49

So habe ich gemacht nur leider hat sich keine txt geöffnet und ich habe auch Unter C: nichts gefunden nur diese komischen durchsichtigen dateien die von OTL kamen und meine standart ordner aber keine txt

ich hab vergessen sie cofi.exe zu benennen

So ähh was nun nochmal? sorry

mfg: Valnar94

cosinus · 27.07.2010, 16:28

Ja bitte nochmal ausführen

Valnar94 · 27.07.2010, 17:18

So ich habs jetzt weitere 2 ,al probiert aber es klappt immer noch nich

Ich habe alles getan wie du es beschrieben hast.

zuerst kommt diese erste meldung die mann bestätigen muss dann kommt danach das hier:

hxxp://yfrog.com/n3unbenanntirj

mfg Valnar94

Valnar94 · 27.07.2010, 20:34

Ich habs jetzt hingekriegt doch nur im abgesicherten modus aber das ist glaub ich mal egal

.

hier der log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-07-26.04 - Administrator 27.07.2010  21:09:34.1.1 - x86 MINIMAL
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.49.1031.18.511.173 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ADMINI~1\AppData\Roaming\.#
c:\users\ADMINI~1\AppData\Roaming\.#\MBX@D40@1C22748.###
c:\users\ADMINI~1\AppData\Roaming\.#\MBX@D40@1C22778.###
c:\users\Administrator\AppData\Roaming\.#\MBX@D40@1C22748.###
c:\users\Administrator\AppData\Roaming\.#\MBX@D40@1C22778.###
c:\windows\system32\AVSredirect.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-27 bis 2010-07-27  ))))))))))))))))))))))))))))))
.

2010-07-27 19:20 . 2010-07-27 19:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-07-27 13:27 . 2010-07-27 13:27	--------	d-----w-	C:\_OTL
2010-07-27 12:22 . 2010-07-27 13:05	--------	d-----w-	C:\SMBX
2010-07-26 12:06 . 2010-07-26 13:04	--------	d-----w-	c:\users\Administrator\.thumbnails
2010-07-26 12:01 . 2010-07-27 16:09	--------	d-----w-	c:\users\Administrator\.gimp-2.6
2010-07-26 12:01 . 2010-07-26 12:01	--------	d-----w-	c:\program files\GIMP-2.0
2010-07-25 12:10 . 2010-07-25 12:10	--------	d-----w-	c:\users\Administrator\AppData\Roaming\AnvSoft
2010-07-25 12:10 . 2010-07-25 12:10	--------	d-----w-	c:\users\ADMINI~1\AppData\Roaming\AnvSoft
2010-07-25 12:10 . 2010-07-25 12:10	--------	d-----w-	c:\program files\AnvSoft
2010-07-24 11:44 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-24 11:44 . 2010-07-24 11:44	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-24 11:44 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-15 11:38 . 2010-07-15 11:38	6377472	----a-w-	c:\programdata\Skype\Plugins\Plugins\45493F11828C44489701861DAA3C28F2\WinampInfo.exe
2010-07-15 11:33 . 2010-07-15 11:33	--------	d-----w-	c:\program files\Winamp Detect
2010-07-15 11:32 . 2010-07-24 14:56	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Winamp
2010-07-15 11:32 . 2010-07-24 14:56	--------	d-----w-	c:\users\ADMINI~1\AppData\Roaming\Winamp
2010-07-15 11:32 . 2010-07-23 18:49	--------	d-----w-	c:\program files\Winamp
2010-07-15 08:18 . 2010-07-15 08:18	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-11 20:20 . 2010-07-11 20:22	--------	d-----w-	c:\users\Administrator\AppData\Roaming\vlc
2010-07-11 20:20 . 2010-07-11 20:22	--------	d-----w-	c:\users\ADMINI~1\AppData\Roaming\vlc
2010-07-11 20:19 . 2010-07-11 20:19	--------	d-----w-	c:\program files\VideoLAN
2010-07-11 20:16 . 2010-07-12 06:55	--------	d-----w-	c:\users\Administrator\AppData\Roaming\FreeVideoConverter
2010-07-11 20:16 . 2010-07-12 06:55	--------	d-----w-	c:\users\ADMINI~1\AppData\Roaming\FreeVideoConverter
2010-07-11 20:09 . 2009-09-27 07:39	369152	----a-w-	c:\windows\system32\avisynth.dll
2010-07-11 20:09 . 2004-02-22 08:11	719872	----a-w-	c:\windows\system32\devil.dll
2010-07-11 20:09 . 2004-01-24 22:00	70656	----a-w-	c:\windows\system32\yv12vfw.dll
2010-07-11 20:09 . 2004-01-24 22:00	70656	----a-w-	c:\windows\system32\i420vfw.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 16:08 . 2009-10-19 16:13	--------	d-----w-	c:\users\Administrator\AppData\Roaming\gtk-2.0
2010-07-27 16:08 . 2009-10-19 16:13	--------	d-----w-	c:\users\ADMINI~1\AppData\Roaming\gtk-2.0
2010-07-27 14:30 . 2009-08-17 16:24	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Skype
2010-07-27 14:30 . 2009-08-17 16:24	--------	d-----w-	c:\users\ADMINI~1\AppData\Roaming\Skype
2010-07-19 18:55 . 2008-01-21 02:22	6144	----a-w-	c:\windows\system32\drivers\RDPCDD.sys
2010-07-10 19:42 . 2009-04-22 19:00	--------	d-----w-	c:\program files\CCleaner
2010-06-21 15:41 . 2010-06-21 15:35	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Youtube Downloader HD
2010-06-21 15:41 . 2010-06-21 15:35	--------	d-----w-	c:\users\ADMINI~1\AppData\Roaming\Youtube Downloader HD
2010-06-19 18:40 . 2009-05-07 16:23	--------	d-----w-	c:\program files\7-Zip
2010-06-15 15:37 . 2010-05-26 16:51	--------	d-----w-	c:\users\Administrator\AppData\Roaming\PhotoScape
2010-06-15 15:37 . 2010-05-26 16:51	--------	d-----w-	c:\users\ADMINI~1\AppData\Roaming\PhotoScape
2010-06-08 20:54 . 2010-06-08 20:54	--------	d-----w-	c:\programdata\Saitek
2010-06-08 20:53 . 2010-06-08 20:53	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_SaiKCB03_01005.Wdf
2010-06-07 14:26 . 2009-04-22 16:46	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-06-07 14:24 . 2010-06-07 14:24	--------	d-----w-	c:\users\Administrator\AppData\Roaming\ijjigame
2010-06-07 14:24 . 2010-06-07 14:24	--------	d-----w-	c:\users\ADMINI~1\AppData\Roaming\ijjigame
2010-06-06 14:51 . 2010-06-06 14:50	--------	d-----w-	c:\program files\avmwlanstick
2010-06-06 14:35 . 2010-03-31 18:02	--------	d-----w-	c:\program files\GRETECH
2010-06-06 13:23 . 2010-05-31 13:09	--------	d-----w-	c:\users\Administrator\AppData\Roaming\ICQ
2010-06-06 13:23 . 2010-05-31 13:09	--------	d-----w-	c:\users\ADMINI~1\AppData\Roaming\ICQ
2010-06-05 14:12 . 2009-05-30 13:27	21840	----atw-	c:\windows\system32\SIntfNT.dll
2010-06-05 14:12 . 2009-05-30 13:27	17212	----atw-	c:\windows\system32\SIntf32.dll
2010-06-05 14:12 . 2009-05-30 13:27	12067	----atw-	c:\windows\system32\SIntf16.dll
2010-06-04 15:26 . 2009-04-22 16:01	69104	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-04 15:26 . 2009-04-22 16:01	69104	----a-w-	c:\users\ADMINI~1\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-04 15:24 . 2010-05-25 18:46	0	----a-w-	c:\windows\system32\Access.dat
2010-05-30 20:16 . 2010-05-30 20:16	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2010-05-30 20:16 . 2010-05-30 20:10	--------	d-----w-	c:\program files\Microsoft SQL Server
2010-05-30 20:15 . 2010-05-30 18:27	--------	d-----w-	c:\program files\Microsoft.NET
2010-05-30 20:03 . 2010-05-30 20:03	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2010-05-30 20:03 . 2010-05-30 20:03	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-05-30 20:02 . 2010-05-30 20:02	113440	----a-w-	c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2010-05-30 19:59 . 2010-05-30 19:58	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2010-05-30 19:58 . 2010-05-30 19:58	--------	d-----w-	c:\program files\Microsoft Help Viewer
2010-05-30 19:58 . 2010-05-30 19:58	--------	d-----w-	c:\program files\Microsoft SDKs
2010-05-30 19:58 . 2010-05-30 19:58	--------	d-----w-	c:\program files\Common Files\Merge Modules
2010-05-30 19:58 . 2006-11-02 12:35	--------	d-----w-	c:\program files\MSBuild
2010-05-30 19:35 . 2010-05-22 18:21	0	----a-w-	c:\users\Administrator\AppData\Local\prvlcl.dat
2010-05-30 19:35 . 2010-05-22 18:21	0	----a-w-	c:\users\ADMINI~1\AppData\Local\prvlcl.dat
2010-05-30 19:07 . 2008-01-21 08:24	698862	----a-w-	c:\windows\system32\perfh007.dat
2010-05-30 19:07 . 2008-01-21 08:24	156186	----a-w-	c:\windows\system32\perfc007.dat
2010-05-29 13:50 . 2010-05-25 18:44	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Tunngle
2010-05-29 13:50 . 2010-05-25 18:44	--------	d-----w-	c:\users\ADMINI~1\AppData\Roaming\Tunngle
2010-05-01 20:23 . 2010-05-01 20:23	43520	----a-w-	c:\windows\system32\CmdLineExt03.dll
2010-04-30 17:27 . 2010-04-30 17:27	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2010-04-02 13:06 . 2010-04-02 13:06	2185	----a-w-	c:\program files\Common Files\unins000.dat
2010-02-10 14:18 . 2010-04-12 15:07	2131336	----a-w-	c:\program files\Common Files\AskToolbarInstaller.exe
2008-10-15 17:44 . 2008-10-15 17:44	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"C-Media Speaker Configuration"="c:\progra~1\C-Media\WIN_ME\Setup.exe" [2003-01-10 864256]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57	26192168	----a-r-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 06:43	604704	----a-w-	c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32	74752	----a-w-	c:\program files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C-Media Mixer"=Mixer.exe /startup

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-17 691696]
R1 ntiomin;ntiomin; [x]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-05-26 110304]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2009-05-07 4352]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys [x]
R3 cpuz130;cpuz130;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2009-05-07 440832]
R3 GarenaPEngine;GarenaPEngine;c:\users\ADMINI~1\AppData\Local\Temp\NGKF007.tmp [x]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-05-06 2785582]
R3 SaiKCB03;SaiKCB03;c:\windows\system32\DRIVERS\SaiKCB03.sys [2008-10-22 106496]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva285;XDva285;c:\windows\system32\XDva285.sys [x]
R3 XDva321;XDva321;c:\windows\system32\XDva321.sys [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-08 12032]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 16:23	38400	----a-w-	c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 09:50	30720	----a-w-	c:\windows\System32\soundschemes2.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Save YouTube Video
FF - ProfilePath - c:\users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ung1ardf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-27 21:20
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\ADMINI~1\AppData\Local\Temp\NGKF007.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,7c,63,4c,d2,94,46,45,88,a6,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,4c,4a,6a,c0,15,49,49,b2,55,0d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,7c,63,4c,d2,94,46,45,88,a6,72,\

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.669"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AAC"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.aiff"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.amf"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ASF"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.au"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AVI"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.avr"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.caf"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\GOM.exe"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.CDA"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.far"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.FLAC"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.FLV"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.htk"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.iff"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.it"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.itz"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KAR\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.KAR"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.M2V"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4A\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.M4A"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mat\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mat"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mdz"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MID"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MIDI"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIZ\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MIZ"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MKV"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MMM\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mod"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP1"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP2"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP3"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP4"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MPEG"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MPG"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mtm"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.NSA"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.nst"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.NSV"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.OGG"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.okt"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.osr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\GOM.exe"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.paf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.paf"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PLS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ptm"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pvf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.pvf"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.raw"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.rf64"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.RMI"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.s3m"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3z\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.s3z"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sd2"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sds\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sds"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sf"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.stm"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.stz"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.SWF"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ult"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Project64.exe"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.VLB"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.voc"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.w64"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wal\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.SkinZip"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.wav"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.webm"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wlz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.LangZip"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.WMA"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.WMV"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wsz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wve\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.wve"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xi"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xm"

[HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xmz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="089D9E3C110DEAE6534DBA40E5403C961E7752A7D55B88CFBCE7180C8A101E75F6E6E0707391D531DEACBDF2C7178C5D77E7E8854EE77F0CB05980B78979ED19AD711B919BA10DCBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D5D575E7D6A3B9808FEBC9E127BECC74C97A5FD6814BFAC5F487539C3B15F64898F968FAF499687692227756B3BEC13512AB6907E25814B098BF4BB8D4F393769FEE46FCAF4FBDB9379A1616F4D065DAFE7B50BC0F1C353C3B182703387C18D111739C00BC92B0C8AD4D93E2251575B5621D2FCA7B769355F719F72828CFDF5781205CBB68FE9618E91D32063428937ECF842684B4B1C950DD051506F26B832F9FB3FCC3A22C4DA44E31791393208C802E6BEC36A92C94CE32EA08C90AFFE3755B9E2F325F2092A3250AE0F4D4804A306B78277E58523E6DDB91C1FA197A4AE2F7D6F652B054C37C6B3AA896A3B70084E0B4FE3C4B41DA459F756F27F623FF60D5366B8A471649B52BB9FE502DA076F15D2E9D831C171FA9843E2E6AE2628A0DB19CE798E64EBA5876CA2FD2B864284F6D91B1E77E21C12C2C6DC4D568E7EF0697FB228869D4259019B529D1C3363A7F5B9AEEB0A615FC6E18361EEC05AA3E2EA0C22B951720BEBB973CC8632EBEE6A7762F571001DC0A9E3CE9205DBDEBEA2779A2F9458C92EC791F436EDEF4CAB96449745519188087E9BD1153F3C80389108566F952521D58CCEEF357CF887A6278AF2F5A09EA8C2BEC08793C018BD40C67FC27E8DE988700B198DF64F9561AF4BDBDD63E8A617C396EA423CA04A23488A9F347B3FF7A3334CFB46A9F734335BE52C996FA9D1841D671A27BEEA5054855A10D68762C92B1308E8EB0279E46A810FD6397ED36831AA43B1ADD11CCF0AF3675B26CB25F9EA4C2FB39EB650DC093E139725F8CD597587F4F6A2B0A98E0ECF19F17570A548C45FE215D684E5742372701119CAF136399778132895F8F7C11C072769A4F7182A0CF9295E2B9D29E2C05A48A3E68C357B7D7E17B1456519161F80B27C1C24F2265CFEF0D4ECCB1D85123925AA3F622FCF22EA7309043F2693E2842E7B0DA784549AB0CFAC13B8125C14A877E3CE27235BB4567E4A1B48F554B54A9A8931719BE356820FABE723F2CC34F76FDA9086B258268E746659380489A93CDB9BC7E5AC996218DA6EBBBA4CCE292B23F1859D2315A99272A210B8ED741475B77B15DC504E54CE4362E126CFF068F88A5BB27E5F74BA177A96146AF66D10C9DAC75CA1C0ED0AB4BDC932FA5154B0CC841E21AF75EC9405F3B040600760FB3ED371EBF4DEF8A10AA03D09C94A2E0146D1175CAA9507B9F8A930F09FA8CB798A96BD108BAF037D48AAA6C491D7C79DB99776F45E9662EEC348"
.
Zeit der Fertigstellung: 2010-07-27  21:25:51
ComboFix-quarantined-files.txt  2010-07-27 19:25

Vor Suchlauf: 16 Verzeichnis(se), 293.064.323.072 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 292.950.495.232 Bytes frei

- - End Of File - - C1CDD8DD292D17679F39CEC3ABC82951

--- --- ---

Mfg Valnar94

cosinus · 29.07.2010, 13:37

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Valnar94 · 29.07.2010, 16:05

Alles klar GMER hat nicht funktioniert.

OSAM Log:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:00:40 on 29.07.2010

OS: Windows Vista Ultimate Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ALSNDMGR.CPL" - ? - C:\Windows\system32\ALSNDMGR.CPL  (File signed by Microsoft | File found, but it contains no detailed information)
"Lachesis.cpl" - "Razer Inc." - C:\Windows\system32\Lachesis.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV05" (ACEDRV05) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV05.sys
"ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV09.sys
"ATITool Overclocking Utility" (ATITool) - ? - C:\Windows\System32\DRIVERS\ATITool.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"Belkin Wireless G USB Network Adapter" (BELKIN) - ? - C:\Windows\System32\DRIVERS\BLKWGU.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz130" (cpuz130) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"enodpl" (enodpl) - ? - C:\Windows\System32\drivers\enodpl.sys  (File found, but it contains no detailed information)
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys
"GarenaPEngine" (GarenaPEngine) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\NGKF007.tmp  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Mkd2kfNt" (Mkd2kfNt) - "AhnLab, Inc." - C:\Windows\System32\drivers\Mkd2kfNt.sys
"Mkd2Nadr" (Mkd2Nadr) - "AhnLab, Inc." - C:\Windows\System32\drivers\Mkd2Nadr.sys
"ntiomin" (ntiomin) - ? - C:\Windows\system32\drivers\ntiomin.sys  (File not found)
"SANDRA" (SANDRA) - ? - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"tandpl" (tandpl) - ? - C:\Windows\System32\drivers\tandpl.sys  (File found, but it contains no detailed information)
"XDva285" (XDva285) - ? - C:\Windows\system32\XDva285.sys  (File not found)
"XDva321" (XDva321) - ? - C:\Windows\system32\XDva321.sys  (File not found)
"XDva349" (XDva349) - ? - C:\Windows\system32\XDva349.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{7070D8E0-650A-46b3-B03C-9497582E6A74} "Windows Ultimate Extras" - "Microsoft Corporation" - %SystemRoot%\system32\soundschemes.exe /AddRegistration
{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} "Windows Ultimate Extras" - "Microsoft Corporation" - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe
"C-Media Speaker Configuration" - ? - C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER
"Lachesis" - ? - C:\Program Files\Razer\Lachesis\razerhid.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Ati External Event Utility" (Ati External Event Utility) - ? - C:\Windows\system32\Ati2evxx.exe  (File not found)
"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"UPnPService" (UPnPService) - ? - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Bootkit Remover kommt gleich

Mfg Valnar94

Valnar94 · 29.07.2010, 16:09

Bootkit Remover Log:

.\debug.cpp(238) : Debug log started at 29.07.2010 - 15:06:13
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows Vista Ultimate Edition Service Pack 1 (build 6001), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82438000 0x003aa000 "\SystemRoot\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x82405000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x82c0e000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x82c16000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x82c27000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x82c2f000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x82c70000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x82d50000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x82dcc000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x82dd9000 0x000f3000 "\SystemRoot\System32\Drivers\spvr.sys"
.\debug.cpp(256) : 0x82ecc000 0x00009000 "\SystemRoot\System32\Drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x82ed5000 0x00026000 "\SystemRoot\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0x82efb000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x82f41000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x82f49000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x82f70000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x82f7f000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x82f8e000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x82fd8000 0x00008000 "\SystemRoot\system32\drivers\viaide.sys"
.\debug.cpp(256) : 0x82fe0000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x82fee000 0x00008000 "\SystemRoot\system32\DRIVERS\videX32.sys"
.\debug.cpp(256) : 0x8640c000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8641c000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x86424000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x86442000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x86474000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x86484000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x864f5000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x86600000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x8662b000 0x0003a000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x86665000 0x000e9000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8674e000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x86808000 0x0010f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x86917000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x86950000 0x00010000 "\SystemRoot\system32\DRIVERS\viaagp.sys"
.\debug.cpp(256) : 0x86960000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x86968000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x86977000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x8699e000 0x00024000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x869c2000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x869d3000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x869f4000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x86a2e000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x86a39000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x86a42000 0x0000f000 "\SystemRoot\system32\DRIVERS\amdk7.sys"
.\debug.cpp(256) : 0x8b40c000 0x00788000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x86a51000 0x0009f000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x8bb94000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8bba1000 0x0000f000 "\SystemRoot\system32\DRIVERS\Rtnicxp.sys"
.\debug.cpp(256) : 0x8bbb0000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x8bbbb000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x86af0000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x86aff000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8c000000 0x003fa000 "\SystemRoot\system32\drivers\RTKVAC.SYS"
.\debug.cpp(256) : 0x86b17000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x86b44000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x86b69000 0x0002a000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0x8b400000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0x86b93000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x86bad000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x86bb7000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0x86bcf000 0x0002e000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x86769000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x867aa000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x867b5000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x867cc000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x867d7000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8d800000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x8d80f000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x8d823000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x8d838000 0x00089000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0x8d8c1000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8d8d1000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8d8dc000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8d8e7000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8d8e9000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x8d8f3000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x8d900000 0x00034000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x8d934000 0x0000a000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0x8d93e000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x8d94f000 0x0005f000 "\??\C:\Windows\system32\drivers\ACEDRV05.sys"
.\debug.cpp(256) : 0x8d9ae000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x8d9b7000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8d9be000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8d9e1000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8d9e8000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8d9f4000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8da15000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8da1d000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x8da34000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x8da36000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x8da3f000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x8da4f000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x8da58000 0x00003000 "\SystemRoot\system32\drivers\Lachesis.sys"
.\debug.cpp(256) : 0x8da5b000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x8da63000 0x00084000 "\SystemRoot\system32\DRIVERS\xnacc.sys"
.\debug.cpp(256) : 0x8dae7000 0x0001e000 "\SystemRoot\system32\DRIVERS\SaiKCB03.sys"
.\debug.cpp(256) : 0x8db05000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8db0d000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8db18000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8db26000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x8db2f000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8db45000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x8db59000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8db8b000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8dbd3000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8dbe9000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8d9c5000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x91409000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x91445000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x9144f000 0x0005a000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x914a9000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x914cc000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x914d9000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x914e4000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x914ec000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x98860000 0x00202000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x914fd000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x91507000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x98a80000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x98aa0000 0x0000e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x91516000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x91531000 0x00063000 "\??\C:\Windows\system32\drivers\ACEDRV09.sys"
.\debug.cpp(256) : 0x91594000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x915a4000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x915ce000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x915d8000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x915eb000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x91658000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x91675000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x9168e000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x916a3000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x916c2000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x916fb000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x91713000 0x00027000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x9173a000 0x0004e000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x91788000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
.\debug.cpp(256) : 0x9178f000 0x00002000 "\SystemRoot\System32\drivers\enodpl.sys"
.\debug.cpp(256) : 0x85802000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x858e0000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x858ea000 0x00002000 "\SystemRoot\System32\drivers\tandpl.sys"
.\debug.cpp(256) : 0x858ec000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x858f8000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x8590e000 0x000af000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0x859d2000 0x0006c000 "\SystemRoot\system32\DRIVERS\fwlanusbn.sys"
.\debug.cpp(256) : 0x779a0000 0x00127000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHP_DVD_Writer_200j______________________1.36____#5&32d12b21&0&1.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T1L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1532&PID_000C#5&1e91b199&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&272279af&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2a09437f&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C316&MI_00#7&5f88c4d&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD-ROM_TS-H352A_______________TS01____#5&32d12b21&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vanessa"
.\debug.cpp(400) : Destination="\Device\vanessa"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_38221462&REV_50#3&2b8e0b4b&0&8D#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381462&REV_80#3&2b8e0b4b&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10#3&2b8e0b4b&0&40#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6C311D6F-8441-4905-A34E-C838ED666FD0}"
.\debug.cpp(400) : Destination="\Device\NDMP3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) : Destination="\Device\Tun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7806E9A4-4D7A-4998-90D0-B612D26CA943}"
.\debug.cpp(400) : Destination="\Device\NDMP14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_000C&MI_01#7&3a1fcea2&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination="\Device\ParallelVdm0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{35378AAD-9B98-4AFB-B8A2-00F422070983}"
.\debug.cpp(400) : Destination="\Device\NDMP15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice"
.\debug.cpp(400) : Destination="\Device\SpDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination="\Device\PEAuth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&ad0f764&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM2"
.\debug.cpp(400) : Destination="\Device\Serial1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10#3&2b8e0b4b&0&40#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD-ROM_TS-H352A_______________TS01____#5&32d12b21&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{05F4D1FA-EF57-496D-89A5-883FA6894F7F}"
.\debug.cpp(400) : Destination="\Device\NDMP6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0738&PID_CB03#0D1E79F6#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_6_Model_6#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000055"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B2E638DD-F820-418F-B7A4-A2B58F3832B9}"
.\debug.cpp(400) : Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature80800425Offset100000Length4948FFF000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0738&PID_CB03&IG_00#7&bd3598c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_000C&MI_00#7&3b7a8112&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000073"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0738&PID_CB03&IG_00#7&bd3598c&0&0000#{3b0bc249-97f2-49c7-a5b4-8af34040e48d}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_30381462&REV_82#3&2b8e0b4b&0&83#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{479F004D-A34C-4997-9916-437EB7990B04}"
.\debug.cpp(400) : Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_000C&MI_00#7&3b7a8112&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000073"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d8aa809&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C316&MI_01&Col01#7&38f233b6&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000006e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0738&PID_CB03#0D1E79F6#{ec87f1e3-c13b-4100-b5f7-8b84d54260cb}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381462&REV_80#3&2b8e0b4b&0&82#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eb70da2e-2f65-11de-af1c-0010dcc197b3}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\00000060"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AB82D02A-6E16-4600-AEA3-9DF121F95266}"
.\debug.cpp(400) : Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{07C5FAB3-13C2-42C2-BFFA-D15DF0A9383D}"
.\debug.cpp(400) : Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C316&MI_01&Col02#7&38f233b6&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000006f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD5000AAKB-00H8A0___________________05.04E05#5&20177a7c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHP_DVD_Writer_200j______________________1.36____#5&32d12b21&0&1.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T1L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9A54B7DE-120A-43C4-B237-14A153AFE435}"
.\debug.cpp(400) : Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C316&MI_00#7&5f88c4d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4151&SUBSYS_2075148C&REV_00#4&79e4966&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&2f4e3638&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&304458ae&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381462&REV_80#3&2b8e0b4b&0&81#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_057C&PID_8401#001F3F0C32EB#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4600ec40-2f54-11de-95bd-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\enodpl"
.\debug.cpp(400) : Destination="\Device\enodpl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATHWLAN"
.\debug.cpp(400) : Destination="\Device\ATHWLAN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination="\Device\WANARPV6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000078"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C316#5&1e91b199&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0005#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_000C&MI_01#7&3a1fcea2&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{441234F5-DEAA-43CB-A47A-1F1E3DC6F2BC}"
.\debug.cpp(400) : Destination="\Device\NDMP7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination="\Device\NDMP8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4600ec3d-2f54-11de-95bd-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&12c4429e&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\FloppyPDO0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#MED8928#5&1910b099&0&UID268435456#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination="\Device\00000077"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4151&SUBSYS_2075148C&REV_00#4&79e4966&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACEDRV05"
.\debug.cpp(400) : Destination="\Device\ACEDRV05"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\00000060"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_38221462&REV_50#3&2b8e0b4b&0&8D#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature80800425Offset4949100000Length2B27900000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_057C&PID_8401#001F3F0C32EB#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\tandpl"
.\debug.cpp(400) : Destination="\Device\tandpl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0738&PID_CB03&IG_00#7&bd3598c&0&0000#{a7aaaad0-99ff-45a1-87f5-2cfaef10f6a0}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2a09437f&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4600ec41-2f54-11de-95bd-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{180F0C5B-E52F-42D0-9872-09CAE6FF6621}"
.\debug.cpp(400) : Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_057C&PID_8401#001F3F0C32EB#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\RaidPort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1532&PID_000C&MI_00#6&7e71b08&0&0000#{d2f9ad00-6ae9-11d5-88f8-0080c8ef5b74}"
.\debug.cpp(400) : Destination="\Device\00000071"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4600ec42-2f54-11de-95bd-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{737A20C3-2927-422C-9420-698FD1EDC3D1}"
.\debug.cpp(400) : Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACEDRV09"
.\debug.cpp(400) : Destination="\Device\ACEDRV09"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#MED8928#5&1910b099&0&UID268435456#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination="\Device\00000077"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_38221462&REV_50#3&2b8e0b4b&0&8D#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&12c4429e&0&0#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\FloppyPDO0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_38221462&REV_50#3&2b8e0b4b&0&8D#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#3&2b8e0b4b&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;

Mfg Valnar94

cosinus · 29.07.2010, 16:18

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Valnar94 · 29.07.2010, 19:31

Also SUPERAntiSpyware hat 7 Funde gemacht.

Und Malwarebytes hab ich vergessen zu patchen

Aber ich werde es wiederholen.

hier der log:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/29/2010 at 08:23 PM

Application Version : 4.41.1000

Core Rules Database Version : 5285
Trace Rules Database Version: 3097

Scan type : Complete Scan
Total Scan Time : 01:30:43

Memory items scanned : 493
Memory threats detected : 0
Registry items scanned : 8177
Registry threats detected : 4
File items scanned : 106533
File threats detected : 3

Rogue.AntivirusSoft
HKU\.DEFAULT\Software\avsoft
HKU\S-1-5-18\Software\avsoft

Malware.Trace
HKU\.DEFAULT\SOFTWARE\AVSUITE
HKU\S-1-5-18\SOFTWARE\AVSUITE

Trojan.Agent/Gen-FraudTool[Tiny]
C:\QOOBOX\QUARANTINE\C\USERS\ADMINI~1\APPDATA\ROAMING\.#\MBX@D40@1C22778.###.VIR

Application.PowerReg Scheduler
C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\ASCOMP SOFTWARE\CLEANING SUITE\RESTORE\POWERREG SCHEDULER V3.EXE

Adware.Tracking Cookie
cdn5.specificclick.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SHBP5FR9 ]

Mfg Valnar94

27.07.2010, 16:28	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Links öffnen sich automatisch Ja bitte nochmal ausführen __________________ Logfiles bitte immer in CODE-Tags posten

29.07.2010, 16:18	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Links öffnen sich automatisch Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Links öffnen sich automatisch

Antiviren-, Firewall- und andere Schutzprogramme: Links öffnen sich automatisch