| |
| |||||||
Log-Analyse und Auswertung: PC fährt nicht herunter,Programme hängen sich auf etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.09.2010, 14:04
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  PC fährt nicht herunter,Programme hängen sich auf etc. Dann bitte jetzt CF ausführen  ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.09.2010, 16:39
| #17 |
 | PC fährt nicht herunter,Programme hängen sich auf etc.Code:
ATTFilter ComboFix 10-09-28.03 - Zandy 29.09.2010 16:27:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.1963 [GMT 2:00]
ausgeführt von:: c:\users\Zandy\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinPCap
C:\start
c:\users\Zandy\AppData\Roaming\Aqdizi
c:\users\Zandy\AppData\Roaming\Aqdizi\ezoq.muu
c:\users\Zandy\AppData\Roaming\Desktopicon
c:\users\Zandy\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Zandy\AppData\Roaming\Desktopicon\uninst.exe
Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-28 bis 2010-09-29 ))))))))))))))))))))))))))))))
.
2010-09-29 14:39 . 2010-09-29 14:40 -------- d-----w- c:\users\Zandy\AppData\Local\temp
2010-09-29 12:53 . 2010-09-29 12:53 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-09-28 19:42 . 2010-09-28 19:42 -------- d-----w- C:\_OTL
2010-09-28 13:42 . 2010-09-28 13:48 -------- d-----w- c:\users\Zandy\AppData\Roaming\FreeScreenToVideo
2010-09-28 13:42 . 2010-09-28 13:42 -------- d-----w- c:\program files\Free Screen To Video
2010-09-27 11:59 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 11:59 . 2010-09-27 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 11:59 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-25 15:33 . 2010-09-25 15:33 -------- d-----w- c:\program files\Orbitdownloader
2010-09-23 13:10 . 2010-09-25 11:59 -------- d-----w- c:\program files\Duplicate Music Files Finder
2010-09-20 13:02 . 2010-09-20 13:02 -------- d-----w- c:\program files\iPod
2010-09-20 13:02 . 2010-09-20 13:03 -------- d-----w- c:\program files\iTunes
2010-09-20 13:00 . 2010-09-20 13:00 -------- d-----w- c:\program files\Apple Software Update
2010-09-20 13:00 . 2010-09-20 13:00 -------- d-----w- c:\program files\Bonjour
2010-09-18 16:25 . 2010-09-18 16:25 -------- d-----w- c:\users\Zandy\AppData\Roaming\ProgSense
2010-09-17 21:27 . 2010-09-17 21:43 -------- d-----w- c:\programdata\FLEXnet
2010-09-17 21:20 . 2010-09-17 21:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-17 19:25 . 2010-09-17 19:25 -------- d-----w- c:\users\Zandy\AppData\Roaming\Download Manager
2010-09-17 15:05 . 2010-09-17 15:05 -------- d-----w- c:\users\Zandy\Deskto
2010-09-17 06:35 . 2010-09-16 15:20 28048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED9EEC5D-C01E-4A04-8570-8884A14C9265}\mpasdlta.vdm
2010-09-17 06:35 . 2010-09-17 06:35 12300688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED9EEC5D-C01E-4A04-8570-8884A14C9265}\mpasbase.vdm
2010-09-16 12:58 . 2010-09-16 12:58 -------- d-----w- c:\programdata\Ableton
2010-09-16 12:58 . 2010-09-16 12:58 -------- d-----w- c:\users\Zandy\AppData\Roaming\Ableton
2010-09-07 13:52 . 2010-09-25 14:57 -------- d-----w- c:\users\Zandy\AppData\Roaming\Notepad++
2010-09-07 13:52 . 2010-09-25 14:57 -------- d-----w- c:\program files\Notepad++
2010-09-02 18:42 . 2010-09-02 18:43 -------- d-----w- c:\program files\QuickTime
2010-09-01 07:12 . 2010-09-01 07:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 14:33 . 2006-11-02 15:33 656262 ----a-w- c:\windows\system32\perfh007.dat
2010-09-29 14:33 . 2006-11-02 15:33 121228 ----a-w- c:\windows\system32\perfc007.dat
2010-09-29 14:24 . 2010-02-16 15:35 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-29 14:18 . 2008-09-20 17:02 -------- d-----w- c:\users\Zandy\AppData\Roaming\Skype
2010-09-29 14:18 . 2008-09-20 17:07 -------- d-----w- c:\users\Zandy\AppData\Roaming\skypePM
2010-09-29 13:11 . 2009-03-07 16:18 -------- d-----w- c:\users\Zandy\AppData\Roaming\Orbit
2010-09-28 13:57 . 2009-09-06 08:31 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-25 15:16 . 2007-11-30 12:49 111616 ----a-w- c:\users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 14:59 . 2009-09-26 21:56 -------- d-----w- c:\program files\TeamViewer
2010-09-25 14:57 . 2008-12-14 11:29 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-09-25 14:28 . 2008-01-02 16:42 8052 ----a-w- c:\users\Zandy\AppData\Local\d3d9caps.dat
2010-09-25 11:52 . 2009-11-30 14:33 -------- d-----w- c:\program files\trend micro
2010-09-24 21:14 . 2010-03-03 20:48 0 ----a-w- c:\windows\system32\Access.dat
2010-09-24 15:05 . 2010-04-12 13:08 -------- d-----w- c:\program files\JDownloader
2010-09-21 19:16 . 2010-04-15 15:45 -------- d-sh--r- c:\users\Zandy\AppData\Roaming\dx10ac
2010-09-20 13:02 . 2009-01-30 21:42 -------- d-----w- c:\program files\Common Files\Apple
2010-09-17 21:24 . 2007-05-23 12:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-17 21:06 . 2010-04-01 19:48 -------- d-----w- c:\program files\Ask.com
2010-09-14 18:21 . 2010-07-08 15:04 -------- d-----w- c:\users\Zandy\AppData\Roaming\PhotoScape
2010-09-14 14:41 . 2007-12-01 21:15 582544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm
2010-09-13 15:08 . 2009-02-05 13:57 -------- d-----w- c:\programdata\ArcSoft
2010-09-13 15:08 . 2007-05-23 11:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-13 15:07 . 2009-02-06 14:16 2564863 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-09-11 19:23 . 2007-11-30 14:50 -------- d-----w- c:\users\Zandy\AppData\Roaming\dvdcss
2010-09-06 17:56 . 2008-02-17 09:00 -------- d-----w- c:\users\Zandy\AppData\Roaming\StarOffice8
2010-09-04 12:19 . 2009-09-06 08:31 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-30 20:19 . 2007-05-23 11:09 -------- d-----w- c:\program files\Roxio
2010-08-28 16:20 . 2009-02-05 13:57 -------- d-----w- c:\program files\ArcSoft
2010-08-28 16:19 . 2009-07-13 15:31 -------- d-----w- c:\program files\ElcomSoft
2010-08-28 16:19 . 2008-09-20 17:01 -------- d-----r- c:\program files\Skype
2010-08-28 16:17 . 2010-06-17 20:30 -------- d-----w- c:\program files\thriXXX
2010-08-27 13:57 . 2007-05-23 11:09 -------- d-----w- c:\programdata\Roxio
2010-08-24 18:44 . 2010-05-11 16:15 -------- d-sh--w- c:\users\Zandy\AppData\Roaming\lowsec
2010-08-24 13:00 . 2007-12-01 21:15 12120464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasbase.vdm
2010-08-05 21:05 . 2009-03-03 20:42 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-11 17:38 . 2010-04-24 20:00 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 17:38 . 2010-07-11 17:38 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 17:22 . 2010-04-24 20:03 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 17:22 . 2010-04-24 20:03 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
.
------- Sigcheck -------
[-] 2010-03-30 . 1171B07E27991296D379472B12174349 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"spc1030"="c:\windows\vspc1030.exe" [2008-02-22 684032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
c:\users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom USB Wireless LAN Utility.lnk - c:\program files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [2009-1-19 3477504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"{68657190-7121-20E8-42E7-B6B473543351}"=c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe
"userinit"=c:\users\Zandy\AppData\Roaming\sdra64.exe
"Windows Update"=c:\users\Zandy\AppData\Roaming\netssh.exe
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=c:\users\Zandy\AppData\Roaming\netssh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=c:\windows\vVX1000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"spc1030"=c:\windows\vspc1030.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PlayMovie"="d:\bearbeitungsprogramme\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"d-x10c"=c:\users\Zandy\AppData\Roaming\dx10ac\d-xdiag10c.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-01 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};d:\bearbeitungsprogramme\PlayMovie\000.fcl [2008-05-16 61424]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2006-02-11 48768]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2006-02-11 50560]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2006-02-11 122752]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\DRIVERS\spc1030.sys [2008-06-11 3035776]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\DRIVERS\zd1211u.sys [2004-07-05 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]
2010-08-31 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-13 16:51]
2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {38C40A29-A3EC-4951-93B1-95FA03AA6BE0} = 192.168.178.1,192.168.178.2
TCP: {5B175FDC-3A19-4105-AE85-EF088487102C} = 192.168.182.1,192.168.182.2
TCP: {9CE15D25-E061-4EA7-A67B-2FBB0BF7B106} = 192.168.182.1,192.168.182.2
TCP: {D08FD11B-68BB-4DB9-B05C-0694FD0A3F17} = 192.168.182.1,192.168.182.2
FF - ProfilePath - c:\users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-BMIMZMHMFM - c:\users\Zandy\AppData\Local\Temp\Rcx.exe
MSConfigStartUp-LosAlamos - c:\windows\system32\sshnas21.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-29 16:39
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\d:\bearbeitungsprogramme\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2780370485-2775809281-2979314199-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,e8,20,01,50,99,dc,33,e0,d7,a3,74,96,6b,73,2f,63,e9,c8,ba,12,
f3,94,9a,85,38,7f,1e,00,c7,e6,a2,97,c4,5b,8c,b4,73,e9,1d,2b,65,19,a6,f9,6a,\
"rkeysecu"=hex:9b,5a,b7,02,6e,ed,18,d4,57,55,ba,a0,1e,c9,49,72
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(836)
c:\windows\System32\guard32.dll
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2010-09-29 16:45:18
ComboFix-quarantined-files.txt 2010-09-29 14:45
Vor Suchlauf: 14 Verzeichnis(se), 56.898.908.160 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 56.724.508.672 Bytes frei
- - End Of File - - FCFE09711B073FE17FA14EB365969841
 gab kleine anlaufschwierigkeiten aber am ende liefs wunderbar  |
|
30.09.2010, 12:51
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. Combofix - Scripten
__________________1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Filelook::
c:\windows\System32\shsvcs.dll
c:\windows\system32\drivers\netbt.sys
Dirlook::
c:\program files\thriXXX
File::
c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe
c:\users\Zandy\AppData\Roaming\sdra64.exe
c:\users\Zandy\AppData\Roaming\netssh.exe
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"{68657190-7121-20E8-42E7-B6B473543351}"=-
"userinit"=-
"Windows Update"=-
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
30.09.2010, 23:00
| #19 |
| | PC fährt nicht herunter,Programme hängen sich auf etc. Ich hoffe mal ich hab alles richtig gemacht Code:
ATTFilter ComboFix 10-09-30.01 - Zandy 30.09.2010 23:38:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2086 [GMT 2:00]
ausgeführt von:: d:\allgemein\PC säubern\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Zandy\Desktop\CFScript.txt.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe"
"c:\users\Zandy\AppData\Roaming\netssh.exe"
"c:\users\Zandy\AppData\Roaming\sdra64.exe"
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-28 bis 2010-09-30 ))))))))))))))))))))))))))))))
.
2010-09-30 21:46 . 2010-09-30 21:46 -------- d-----w- c:\users\Zandy\AppData\Local\temp
2010-09-30 21:46 . 2010-09-30 21:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-29 12:53 . 2010-09-29 12:53 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-09-28 19:42 . 2010-09-28 19:42 -------- d-----w- C:\_OTL
2010-09-28 13:42 . 2010-09-28 13:48 -------- d-----w- c:\users\Zandy\AppData\Roaming\FreeScreenToVideo
2010-09-28 13:42 . 2010-09-28 13:42 -------- d-----w- c:\program files\Free Screen To Video
2010-09-27 11:59 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 11:59 . 2010-09-27 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 11:59 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-25 15:33 . 2010-09-25 15:33 -------- d-----w- c:\program files\Orbitdownloader
2010-09-23 13:10 . 2010-09-25 11:59 -------- d-----w- c:\program files\Duplicate Music Files Finder
2010-09-20 13:02 . 2010-09-20 13:02 -------- d-----w- c:\program files\iPod
2010-09-20 13:02 . 2010-09-20 13:03 -------- d-----w- c:\program files\iTunes
2010-09-20 13:00 . 2010-09-20 13:00 -------- d-----w- c:\program files\Apple Software Update
2010-09-20 13:00 . 2010-09-20 13:00 -------- d-----w- c:\program files\Bonjour
2010-09-18 16:25 . 2010-09-18 16:25 -------- d-----w- c:\users\Zandy\AppData\Roaming\ProgSense
2010-09-17 21:27 . 2010-09-17 21:43 -------- d-----w- c:\programdata\FLEXnet
2010-09-17 21:20 . 2010-09-17 21:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-17 19:25 . 2010-09-17 19:25 -------- d-----w- c:\users\Zandy\AppData\Roaming\Download Manager
2010-09-17 15:05 . 2010-09-17 15:05 -------- d-----w- c:\users\Zandy\Deskto
2010-09-16 12:58 . 2010-09-16 12:58 -------- d-----w- c:\programdata\Ableton
2010-09-16 12:58 . 2010-09-16 12:58 -------- d-----w- c:\users\Zandy\AppData\Roaming\Ableton
2010-09-07 13:52 . 2010-09-25 14:57 -------- d-----w- c:\users\Zandy\AppData\Roaming\Notepad++
2010-09-07 13:52 . 2010-09-25 14:57 -------- d-----w- c:\program files\Notepad++
2010-09-02 18:42 . 2010-09-02 18:43 -------- d-----w- c:\program files\QuickTime
2010-09-01 07:12 . 2010-09-01 07:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 21:33 . 2008-09-20 17:02 -------- d-----w- c:\users\Zandy\AppData\Roaming\Skype
2010-09-30 21:10 . 2006-11-02 15:33 656262 ----a-w- c:\windows\system32\perfh007.dat
2010-09-30 21:10 . 2006-11-02 15:33 121228 ----a-w- c:\windows\system32\perfc007.dat
2010-09-30 21:09 . 2008-09-20 17:07 -------- d-----w- c:\users\Zandy\AppData\Roaming\skypePM
2010-09-30 21:03 . 2010-02-16 15:35 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-29 13:11 . 2009-03-07 16:18 -------- d-----w- c:\users\Zandy\AppData\Roaming\Orbit
2010-09-28 13:57 . 2009-09-06 08:31 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-26 13:15 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-26 13:15 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-26 13:15 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-25 15:16 . 2007-11-30 12:49 111616 ----a-w- c:\users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 14:59 . 2009-09-26 21:56 -------- d-----w- c:\program files\TeamViewer
2010-09-25 14:57 . 2008-12-14 11:29 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-09-25 14:28 . 2008-01-02 16:42 8052 ----a-w- c:\users\Zandy\AppData\Local\d3d9caps.dat
2010-09-25 11:52 . 2009-11-30 14:33 -------- d-----w- c:\program files\trend micro
2010-09-24 21:14 . 2010-03-03 20:48 0 ----a-w- c:\windows\system32\Access.dat
2010-09-24 15:05 . 2010-04-12 13:08 -------- d-----w- c:\program files\JDownloader
2010-09-21 19:16 . 2010-04-15 15:45 -------- d-sh--r- c:\users\Zandy\AppData\Roaming\dx10ac
2010-09-20 13:02 . 2009-01-30 21:42 -------- d-----w- c:\program files\Common Files\Apple
2010-09-17 21:24 . 2007-05-23 12:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-17 21:06 . 2010-04-01 19:48 -------- d-----w- c:\program files\Ask.com
2010-09-14 18:21 . 2010-07-08 15:04 -------- d-----w- c:\users\Zandy\AppData\Roaming\PhotoScape
2010-09-13 15:08 . 2009-02-05 13:57 -------- d-----w- c:\programdata\ArcSoft
2010-09-13 15:08 . 2007-05-23 11:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-13 15:07 . 2009-02-06 14:16 2564863 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-09-11 19:23 . 2007-11-30 14:50 -------- d-----w- c:\users\Zandy\AppData\Roaming\dvdcss
2010-09-06 17:56 . 2008-02-17 09:00 -------- d-----w- c:\users\Zandy\AppData\Roaming\StarOffice8
2010-09-04 12:19 . 2009-09-06 08:31 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-30 20:19 . 2007-05-23 11:09 -------- d-----w- c:\program files\Roxio
2010-08-28 16:20 . 2009-02-05 13:57 -------- d-----w- c:\program files\ArcSoft
2010-08-28 16:19 . 2009-07-13 15:31 -------- d-----w- c:\program files\ElcomSoft
2010-08-28 16:19 . 2008-09-20 17:01 -------- d-----r- c:\program files\Skype
2010-08-28 16:17 . 2010-06-17 20:30 -------- d-----w- c:\program files\thriXXX
2010-08-27 13:57 . 2007-05-23 11:09 -------- d-----w- c:\programdata\Roxio
2010-08-24 18:44 . 2010-05-11 16:15 -------- d-sh--w- c:\users\Zandy\AppData\Roaming\lowsec
2010-08-05 21:05 . 2009-03-03 20:42 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-11 17:38 . 2010-04-24 20:00 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 17:38 . 2010-07-11 17:38 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 17:22 . 2010-04-24 20:03 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 17:22 . 2010-04-24 20:03 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\system32\drivers\netbt.sys ---
Company: Microsoft Corporation
File Description: MBT Transport driver
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: netbt.sys
File size: 184320
Created time: 2006-11-02 08:57
Modified time: 2006-11-02 08:57
MD5: E3A168912E7EEFC3BD3B814720D68B41
SHA1: BD7F554CDB56ACF7EA70060A8FAF1D8B450A3223
--- c:\windows\System32\shsvcs.dll ---
Company: Microsoft Corporation
File Description: Windows-Shelldienste-DLL
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: SHSVCS.DLL.MUI
File size: 245248
Created time: 2006-11-02 08:46
Modified time: 2010-03-30 15:35
MD5: 1171B07E27991296D379472B12174349
SHA1: B98D961ED172581FDE7D26AAE6F0BCEF2F5FAD89
---- Directory of c:\program files\thriXXX ----
2010-06-17 20:28 . 2008-05-10 22:00 26624 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\fc3DSexVillaRun.DE.exe
2008-04-11 12:37 . 2008-04-11 12:37 1470 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\LibTheora License.txt
2007-10-09 13:15 . 2007-10-09 13:15 9326 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\app.ico
2007-09-03 05:55 . 2007-09-03 05:55 413696 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\OpenAL32.dll
2006-11-16 09:49 . 2006-11-16 09:49 2795 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\JasPer License.txt
2006-11-16 09:49 . 2006-11-16 09:49 3936 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\LibPNG License.txt
2006-11-16 09:49 . 2006-11-16 09:49 1475 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\OggVorbis Copying.txt
2006-11-16 09:49 . 2006-11-16 09:49 6406 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\OpenSSL License.txt
2006-11-16 09:49 . 2006-11-16 09:49 1116 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\zlib License.txt
2006-11-16 09:39 . 2006-11-16 09:39 53248 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\ogg.dll
2006-11-16 09:36 . 2006-11-16 09:36 1200128 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\vorbis.dll
2006-11-16 09:36 . 2006-11-16 09:36 77824 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\vorbisfile.dll
2006-07-11 17:35 . 2006-07-11 17:35 503808 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\msvcp71.dll
2006-07-11 17:35 . 2006-07-11 17:35 348160 ----a-w- c:\program files\thriXXX\3D SexVilla 2 - Everlust\Binaries\msvcr71.dll
------- Sigcheck -------
[-] 2010-03-30 . 1171B07E27991296D379472B12174349 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"spc1030"="c:\windows\vspc1030.exe" [2008-02-22 684032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
c:\users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom USB Wireless LAN Utility.lnk - c:\program files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [2009-1-19 3477504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"{68657190-7121-20E8-42E7-B6B473543351}"=c:\users\Zandy\AppData\Roaming\Exyfx\abems.exe
"userinit"=c:\users\Zandy\AppData\Roaming\sdra64.exe
"Windows Update"=c:\users\Zandy\AppData\Roaming\netssh.exe
"{433CD6D5-15A6-14F8-9AAC-3730B91D3876}"=c:\users\Zandy\AppData\Roaming\netssh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=c:\windows\vVX1000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"spc1030"=c:\windows\vspc1030.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PlayMovie"="d:\bearbeitungsprogramme\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"d-x10c"=c:\users\Zandy\AppData\Roaming\dx10ac\d-xdiag10c.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-01 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};d:\bearbeitungsprogramme\PlayMovie\000.fcl [2008-05-16 61424]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2006-02-11 48768]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2006-02-11 50560]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2006-02-11 122752]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\DRIVERS\spc1030.sys [2008-06-11 3035776]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\DRIVERS\zd1211u.sys [2004-07-05 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]
2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]
2010-08-31 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-13 16:51]
2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {5B175FDC-3A19-4105-AE85-EF088487102C} = 192.168.182.1,192.168.182.2
TCP: {9CE15D25-E061-4EA7-A67B-2FBB0BF7B106} = 192.168.182.1,192.168.182.2
TCP: {D08FD11B-68BB-4DB9-B05C-0694FD0A3F17} = 192.168.182.1,192.168.182.2
FF - ProfilePath - c:\users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-30 23:46
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\d:\bearbeitungsprogramme\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2780370485-2775809281-2979314199-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,e8,20,01,50,99,dc,33,e0,d7,a3,74,96,6b,73,2f,63,e9,c8,ba,12,
f3,94,9a,85,38,7f,1e,00,c7,e6,a2,97,c4,5b,8c,b4,73,e9,1d,2b,65,19,a6,f9,6a,\
"rkeysecu"=hex:9b,5a,b7,02,6e,ed,18,d4,57,55,ba,a0,1e,c9,49,72
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-30 23:50:04
ComboFix-quarantined-files.txt 2010-09-30 21:49
ComboFix2.txt 2010-09-29 14:45
Vor Suchlauf: 17 Verzeichnis(se), 64.094.289.920 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 63.968.358.400 Bytes frei
- - End Of File - - 50DFC7EFB31FAC0B6F4EB19F873C5B5C
|
|
01.10.2010, 08:23
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. Machs bitte nochmal aber mit diesem Script für CF: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.10.2010, 14:10
| #21 |
| | PC fährt nicht herunter,Programme hängen sich auf etc. bekomme ich mal ne zwischeninfo obs besser wird?Code:
ATTFilter ComboFix 10-09-30.03 - Zandy 01.10.2010 14:31:50.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2008 [GMT 2:00]
ausgeführt von:: d:\allgemein\PC säubern\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Zandy\Desktop\CFScript.txt.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-01 bis 2010-10-01 ))))))))))))))))))))))))))))))
.
2010-10-01 12:39 . 2010-10-01 12:39 -------- d-----w- c:\users\Zandy\AppData\Local\temp
2010-10-01 12:39 . 2010-10-01 12:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-01 12:10 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-01 12:06 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-10-01 12:06 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-10-01 12:06 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-10-01 12:05 . 2010-01-23 08:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 12:53 . 2010-09-29 12:53 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-09-28 19:42 . 2010-09-28 19:42 -------- d-----w- C:\_OTL
2010-09-28 13:42 . 2010-09-28 13:48 -------- d-----w- c:\users\Zandy\AppData\Roaming\FreeScreenToVideo
2010-09-28 13:42 . 2010-09-28 13:42 -------- d-----w- c:\program files\Free Screen To Video
2010-09-27 11:59 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 11:59 . 2010-09-27 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 11:59 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-25 15:33 . 2010-09-25 15:33 -------- d-----w- c:\program files\Orbitdownloader
2010-09-23 13:10 . 2010-09-25 11:59 -------- d-----w- c:\program files\Duplicate Music Files Finder
2010-09-20 13:02 . 2010-09-20 13:02 -------- d-----w- c:\program files\iPod
2010-09-20 13:02 . 2010-09-20 13:03 -------- d-----w- c:\program files\iTunes
2010-09-20 13:00 . 2010-09-20 13:00 -------- d-----w- c:\program files\Apple Software Update
2010-09-20 13:00 . 2010-09-20 13:00 -------- d-----w- c:\program files\Bonjour
2010-09-18 16:25 . 2010-09-18 16:25 -------- d-----w- c:\users\Zandy\AppData\Roaming\ProgSense
2010-09-17 21:27 . 2010-09-17 21:43 -------- d-----w- c:\programdata\FLEXnet
2010-09-17 21:20 . 2010-09-17 21:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-17 19:25 . 2010-09-17 19:25 -------- d-----w- c:\users\Zandy\AppData\Roaming\Download Manager
2010-09-17 15:05 . 2010-09-17 15:05 -------- d-----w- c:\users\Zandy\Deskto
2010-09-16 12:58 . 2010-09-16 12:58 -------- d-----w- c:\programdata\Ableton
2010-09-16 12:58 . 2010-09-16 12:58 -------- d-----w- c:\users\Zandy\AppData\Roaming\Ableton
2010-09-07 13:52 . 2010-09-25 14:57 -------- d-----w- c:\users\Zandy\AppData\Roaming\Notepad++
2010-09-07 13:52 . 2010-09-25 14:57 -------- d-----w- c:\program files\Notepad++
2010-09-02 18:42 . 2010-09-02 18:43 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 12:29 . 2006-11-02 15:33 656262 ----a-w- c:\windows\system32\perfh007.dat
2010-10-01 12:29 . 2006-11-02 15:33 121228 ----a-w- c:\windows\system32\perfc007.dat
2010-10-01 12:24 . 2008-09-20 17:02 -------- d-----w- c:\users\Zandy\AppData\Roaming\Skype
2010-10-01 12:21 . 2009-11-29 17:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-01 12:20 . 2010-02-16 15:35 12 ----a-w- c:\windows\bthservsdp.dat
2010-10-01 11:55 . 2008-09-20 17:07 -------- d-----w- c:\users\Zandy\AppData\Roaming\skypePM
2010-09-29 13:11 . 2009-03-07 16:18 -------- d-----w- c:\users\Zandy\AppData\Roaming\Orbit
2010-09-28 13:57 . 2009-09-06 08:31 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-26 13:15 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-26 13:15 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-26 13:15 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-25 15:16 . 2007-11-30 12:49 111616 ----a-w- c:\users\Zandy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-25 14:59 . 2009-09-26 21:56 -------- d-----w- c:\program files\TeamViewer
2010-09-25 14:57 . 2008-12-14 11:29 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-09-25 14:28 . 2008-01-02 16:42 8052 ----a-w- c:\users\Zandy\AppData\Local\d3d9caps.dat
2010-09-25 11:52 . 2009-11-30 14:33 -------- d-----w- c:\program files\trend micro
2010-09-24 21:14 . 2010-03-03 20:48 0 ----a-w- c:\windows\system32\Access.dat
2010-09-24 15:05 . 2010-04-12 13:08 -------- d-----w- c:\program files\JDownloader
2010-09-21 19:16 . 2010-04-15 15:45 -------- d-sh--r- c:\users\Zandy\AppData\Roaming\dx10ac
2010-09-20 13:02 . 2009-01-30 21:42 -------- d-----w- c:\program files\Common Files\Apple
2010-09-17 21:24 . 2007-05-23 12:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-17 21:06 . 2010-04-01 19:48 -------- d-----w- c:\program files\Ask.com
2010-09-14 18:21 . 2010-07-08 15:04 -------- d-----w- c:\users\Zandy\AppData\Roaming\PhotoScape
2010-09-13 15:08 . 2009-02-05 13:57 -------- d-----w- c:\programdata\ArcSoft
2010-09-13 15:08 . 2007-05-23 11:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-13 15:07 . 2009-02-06 14:16 2564863 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-09-11 19:23 . 2007-11-30 14:50 -------- d-----w- c:\users\Zandy\AppData\Roaming\dvdcss
2010-09-06 17:56 . 2008-02-17 09:00 -------- d-----w- c:\users\Zandy\AppData\Roaming\StarOffice8
2010-09-04 12:19 . 2009-09-06 08:31 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-01 07:12 . 2010-09-01 07:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-30 20:19 . 2007-05-23 11:09 -------- d-----w- c:\program files\Roxio
2010-08-28 16:20 . 2009-02-05 13:57 -------- d-----w- c:\program files\ArcSoft
2010-08-28 16:19 . 2009-07-13 15:31 -------- d-----w- c:\program files\ElcomSoft
2010-08-28 16:19 . 2008-09-20 17:01 -------- d-----r- c:\program files\Skype
2010-08-28 16:17 . 2010-06-17 20:30 -------- d-----w- c:\program files\thriXXX
2010-08-27 13:57 . 2007-05-23 11:09 -------- d-----w- c:\programdata\Roxio
2010-08-24 18:44 . 2010-05-11 16:15 -------- d-sh--w- c:\users\Zandy\AppData\Roaming\lowsec
2010-08-05 21:05 . 2009-03-03 20:42 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-11 17:38 . 2010-04-24 20:00 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 17:38 . 2010-07-11 17:38 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 17:38 . 2010-07-11 17:38 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 17:22 . 2010-04-24 20:03 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 17:22 . 2010-04-24 20:03 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
.
------- Sigcheck -------
[-] 2010-03-30 . 1171B07E27991296D379472B12174349 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"spc1030"="c:\windows\vspc1030.exe" [2008-02-22 684032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
c:\users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom USB Wireless LAN Utility.lnk - c:\program files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [2009-1-19 3477504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=c:\windows\vVX1000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"spc1030"=c:\windows\vspc1030.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PlayMovie"="d:\bearbeitungsprogramme\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"d-x10c"=c:\users\Zandy\AppData\Roaming\dx10ac\d-xdiag10c.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2780370485-2775809281-2979314199-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-31 29184]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-01 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};d:\bearbeitungsprogramme\PlayMovie\000.fcl [2008-05-16 61424]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2006-02-11 48768]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2006-02-11 50560]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2006-02-11 122752]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\DRIVERS\spc1030.sys [2008-06-11 3035776]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\DRIVERS\zd1211u.sys [2004-07-05 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]
2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 19:19]
2010-08-31 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-13 16:51]
2010-10-01 c:\windows\Tasks\User_Feed_Synchronization-{BB2AC692-2CD6-4C68-9DFC-5B9F61E87B2F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Zandy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {5B175FDC-3A19-4105-AE85-EF088487102C} = 192.168.182.1,192.168.182.2
TCP: {9CE15D25-E061-4EA7-A67B-2FBB0BF7B106} = 192.168.182.1,192.168.182.2
TCP: {D08FD11B-68BB-4DB9-B05C-0694FD0A3F17} = 192.168.182.1,192.168.182.2
FF - ProfilePath - c:\users\Zandy\AppData\Roaming\Mozilla\Firefox\Profiles\ffmk5zx8.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-01 14:39
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\d:\bearbeitungsprogramme\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2780370485-2775809281-2979314199-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,e8,20,01,50,99,dc,33,e0,d7,a3,74,96,6b,73,2f,63,e9,c8,ba,12,
f3,94,9a,85,38,7f,1e,00,c7,e6,a2,97,c4,5b,8c,b4,73,e9,1d,2b,65,19,a6,f9,6a,\
"rkeysecu"=hex:9b,5a,b7,02,6e,ed,18,d4,57,55,ba,a0,1e,c9,49,72
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-10-01 14:43:08
ComboFix-quarantined-files.txt 2010-10-01 12:43
ComboFix2.txt 2010-09-30 21:50
ComboFix3.txt 2010-09-29 14:45
Vor Suchlauf: 17 Verzeichnis(se), 61.247.483.904 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 61.206.691.840 Bytes frei
- - End Of File - - 3E8205DD5EEF9639B18A2F97AAF5D987
|
|
01.10.2010, 14:45
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. So, es wird langsam besser. Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.10.2010, 19:35
| #23 |
| | PC fährt nicht herunter,Programme hängen sich auf etc. OK ist runter was jetzt? |
|
01.10.2010, 20:14
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2010, 09:32
| #25 |
| | PC fährt nicht herunter,Programme hängen sich auf etc. Ich hoffe ,dass ich alles richtig gemacht hab aber beim remover bin ich mir nich so sicher Bootkit: Code:
ATTFilter .\debug.cpp(238) : Debug log started at 02.10.2010 - 08:29:29
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition (build 6000), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x83000000 0x003a1000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x833a1000 0x00034000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x802c6000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x80266000 0x00060000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8025d000 0x00009000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x80255000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x8021a000 0x0003b000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x8051f000 0x000e1000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x804a4000 0x0007b000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8020d000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x80461000 0x00043000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x80204000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x80459000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x8044a000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x80425000 0x00025000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x80415000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8040e000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0x80400000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x807b6000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x807ae000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x80790000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x8075f000 0x00031000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8074f000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x80738000 0x00017000 "\SystemRoot\System32\Drivers\DRVMCDB.SYS"
.\debug.cpp(256) : 0x8072f000 0x00009000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
.\debug.cpp(256) : 0x8062b000 0x00104000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x80600000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x8b1c7000 0x00039000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8b0bf000 0x00108000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8b055000 0x0006a000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8b04d000 0x00008000 "\SystemRoot\system32\DRIVERS\wd.sys"
.\debug.cpp(256) : 0x8b017000 0x00036000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8b00f000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8b000000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x8b3f1000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8b3cc000 0x00025000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x8b3bb000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x8b39a000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8b392000 0x00008000 "\SystemRoot\system32\DRIVERS\AtiPcie.sys"
.\debug.cpp(256) : 0x8b389000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x8c034000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x91970000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x8c026000 0x0000e000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x91eff000 0x00701000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x91803000 0x0009d000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x8c019000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8c007000 0x00012000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8c0df000 0x0000c000 "\SystemRoot\system32\drivers\MicNgBas.sys"
.\debug.cpp(256) : 0x91bcc000 0x00034000 "\SystemRoot\system32\DRIVERS\yk60x86.sys"
.\debug.cpp(256) : 0x8c0fb000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x91b8f000 0x0003d000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x91b81000 0x0000e000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8c1bb000 0x00002000 "\SystemRoot\System32\Drivers\DLACDBHM.SYS"
.\debug.cpp(256) : 0x91b69000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x91910000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x8bd24000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys"
.\debug.cpp(256) : 0x91b0b000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0x91b00000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0x91ae6000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x91adc000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x91ac4000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0x91a99000 0x0002b000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x91a59000 0x00040000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x91a4e000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x91a37000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x91a2c000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x91a09000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8bdd8000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x91eec000 0x00013000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x91ed0000 0x0000f000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x91ec5000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x91eba000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8c1ad000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x91e90000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x91e86000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x91edf000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x92730000 0x0000d000 "\SystemRoot\system32\drivers\MicNgCap.sys"
.\debug.cpp(256) : 0x91e68000 0x0001e000 "\SystemRoot\system32\drivers\MicNgTun.sys"
.\debug.cpp(256) : 0x8c07e000 0x00003000 "\SystemRoot\system32\drivers\BdaSup.SYS"
.\debug.cpp(256) : 0x91e34000 0x00034000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x91e2a000 0x0000a000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0x8bcd4000 0x00010000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x926b1000 0x0003f000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x92684000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x91e05000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x92857000 0x001a9000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
.\debug.cpp(256) : 0x9198b000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x91902000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8c04a000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x91934000 0x00006000 "\SystemRoot\System32\Drivers\DLARTL_M.SYS"
.\debug.cpp(256) : 0x918a7000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x92668000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x92647000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8c16d000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8c175000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x9261c000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x9260e000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x919a6000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x92b2b000 0x000d5000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x9283e000 0x00019000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x92829000 0x00015000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x92815000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x92aa4000 0x00047000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x92a72000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x92a5c000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x92600000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x92802000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x92a21000 0x0003b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x92a17000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x92a00000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x9273d000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x8c03f000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x8c13d000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x8bde7000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x8bcb4000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x8c1a1000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x92ecb000 0x00039000 "\SystemRoot\system32\DRIVERS\zd1211u.sys"
.\debug.cpp(256) : 0x91994000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x9b400000 0x00200000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x92ec1000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x92e65000 0x00012000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0x92f4d000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x9c91a000 0x002e6000 "\SystemRoot\system32\DRIVERS\spc1030.sys"
.\debug.cpp(256) : 0x927a5000 0x0000d000 "\SystemRoot\system32\DRIVERS\STREAM.SYS"
.\debug.cpp(256) : 0x918a0000 0x00007000 "\SystemRoot\system32\DRIVERS\spc1030c.SYS"
.\debug.cpp(256) : 0x92f37000 0x00016000 "\SystemRoot\system32\DRIVERS\phaudlwr.sys"
.\debug.cpp(256) : 0x92f25000 0x00012000 "\SystemRoot\system32\drivers\usbaudio.sys"
.\debug.cpp(256) : 0x8c115000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x9bb4c000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x9d200000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x9d220000 0x0004c000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x9d210000 0x0000e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x9cee5000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x9ba76000 0x0000b000 "\SystemRoot\System32\Drivers\DRVNDDM.SYS"
.\debug.cpp(256) : 0x9b619000 0x00001000 "\SystemRoot\System32\DLA\DLADResM.SYS"
.\debug.cpp(256) : 0x9cecd000 0x00018000 "\SystemRoot\System32\DLA\DLAIFS_M.SYS"
.\debug.cpp(256) : 0x91b46000 0x00005000 "\SystemRoot\System32\DLA\DLAOPIOM.SYS"
.\debug.cpp(256) : 0x8c1bd000 0x00002000 "\SystemRoot\System32\DLA\DLAPoolM.SYS"
.\debug.cpp(256) : 0x918c3000 0x00007000 "\SystemRoot\System32\DLA\DLABMFSM.SYS"
.\debug.cpp(256) : 0x918ca000 0x00007000 "\SystemRoot\System32\DLA\DLABOIOM.SYS"
.\debug.cpp(256) : 0x9ce77000 0x00016000 "\SystemRoot\System32\DLA\DLAUDFAM.SYS"
.\debug.cpp(256) : 0x9ce60000 0x00017000 "\SystemRoot\System32\DLA\DLAUDF_M.SYS"
.\debug.cpp(256) : 0xa0b72000 0x0008e000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0x8bcf4000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0xa0b47000 0x0002b000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x9b663000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa068a000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0xa1797000 0x00069000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0xa0a45000 0x0001b000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xa177e000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0xa176a000 0x00014000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0xa171b000 0x0001e000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xa16e2000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0xa16d0000 0x00012000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0xa16ac000 0x00024000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xa165b000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x918f4000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
.\debug.cpp(256) : 0xa160a000 0x00011000 "\??\C:\Acer\Empowering Technology\eRecovery\int15.sys"
.\debug.cpp(256) : 0xa3322000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x9baad000 0x0000b000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xa3281000 0x00021000 "\??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl"
.\debug.cpp(256) : 0xa320c000 0x00015000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
.\debug.cpp(256) : 0xa3fee000 0x00012000 "\SystemRoot\system32\DRIVERS\WUDFPf.sys"
.\debug.cpp(256) : 0xa3e48000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0x9bace000 0x0000b000 "\SystemRoot\system32\drivers\tdtcp.sys"
.\debug.cpp(256) : 0x9b6bd000 0x0000c000 "\SystemRoot\System32\DRIVERS\tssecsrv.sys"
.\debug.cpp(256) : 0xa47d2000 0x0002e000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
.\debug.cpp(256) : 0xafb0a000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x9eed0000 0x00002000 "\SystemRoot\system32\drivers\MSPQM.sys"
.\debug.cpp(256) : 0x9beca000 0x0000e000 "\SystemRoot\System32\Drivers\usbaapl.sys"
.\debug.cpp(256) : 0x77040000 0x0011e000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureCFF86ED3Offset7E00Length270987600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col04#6&32c0fdeb&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9c0-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-9118b9c0-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4386&SUBSYS_73261462&REV_00#3&18d45aa6&0&9D#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_SD_Reader&Rev_1.00#2004888&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000006e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9589&SUBSYS_E410174B&REV_00#4&251b81e2&0&0010#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureCFF86ED3Offset1E5D265E00Length1BDB64A400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col03#6&32c0fdeb&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000068"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9}"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{85C69119-7207-4748-A699-0E9CE24E48CE}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9bc-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-9118b9bc-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04D9&PID_1603#6&21f54182&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination "\Device\RaidPort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) : Destination "\Device\Tun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_00#7&9e9fb24&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&12e4806&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4364&SUBSYS_326C1462&REV_12#4&22548594&0&0030#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&30aef2a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_CF_Reader&Rev_1.01#2004888&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice"
.\debug.cpp(400) : Destination "\Device\SpDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05E3&PID_0604#5&31a2d3ea&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4364&SUBSYS_326C1462&REV_12#4&22548594&0&0030#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d453-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C019#6&21f54182&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_02#7&9e9fb24&0&0002#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1dc8c19c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomATAPI_DVD_A__DH16A1P____________________RA11____#5&33acd2ad&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col01#6&32c0fdeb&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000066"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_1299#1b12e90f6c7cbabc40b4712bccbce334d5f7d50f#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomATAPI_DVD_A__DH16A1P____________________RA11____#5&33acd2ad&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_058F&PID_9360#2004888#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_MS_Reader&Rev_1.03#2004888&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9589&SUBSYS_E410174B&REV_00#4&251b81e2&0&0010#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination "\Device\00000082"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{38C40A29-A3EC-4951-93B1-95FA03AA6BE0}"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DR2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000007f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B45C5B79-FD9B-42BA-AD49-AA05C2EBEA71}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B13E7DBC-720A-4675-871F-5184F828F0AA}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7127f36d-652f-11dc-91fa-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DR3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C019#7&4a3376c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col01#6&32c0fdeb&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000066"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_00#7&9e9fb24&0&0000#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_438A&SUBSYS_73261462&REV_00#3&18d45aa6&0&9B#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5C07C928-4C63-4DC2-992D-4C11BE77AABC}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{73BF05A7-BDEA-4E1E-BA2A-6E3488B39C4C}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d341-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DR4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvnddm"
.\debug.cpp(400) : Destination "\Device\drvnddm"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ngene#VEN_18C3&DEV_0720&SUBSYS_1167153B&REV_00&Tuner#5&118ec3d9&0&2#{71985f48-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_CF_Reader&Rev_1.01#2004888&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000006f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0DF6&PID_9071#5&1ff220ae&0&10#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&7894f0a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&12645949&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1128df1b&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\int15"
.\debug.cpp(400) : Destination "\Device\int15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ngene#VEN_18C3&DEV_0720&SUBSYS_1167153B&REV_00&Capture#5&118ec3d9&0&4#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_13EC&PID_0006#5&513c5b&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_00#8&995f03&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}Test"
.\debug.cpp(400) : Destination "\Device\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&27748934&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d456-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d454-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d33f-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_SM_Reader&Rev_1.02#2004888&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination "\Device\00000083"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\K:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_01&Col01#8&29040ccc&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036#6&21f54182&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{700fa1b0-a050-11dc-b3a7-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_MS_Reader&Rev_1.03#2004888&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_00#7&9e9fb24&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F}"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureCFF86ED3Offset27098F400Length1BEC8D6A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0471&PID_2036&MI_02#7&9e9fb24&0&0002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col02#6&32c0fdeb&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000067"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9ba-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-9118b9ba-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000007e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2759c99a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&160ddd18&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05AC&PID_1299#1b12e90f6c7cbabc40b4712bccbce334d5f7d50f#{f0b32be3-6678-4879-9230-e43845d805ee}"
.\debug.cpp(400) : Destination "\Device\USBPDO-13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C019#7&4a3376c&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#1#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A9E0DE49-0213-4FF4-8392-54FDA59E5FCE}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination "\Device\00000083"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col05#6&32c0fdeb&0&0004#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : Device "\GLOBAL??\DLAIFS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0DF6&PID_9071#5&1ff220ae&0&10#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_438B&SUBSYS_73261462&REV_00#3&18d45aa6&0&9C#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4387&SUBSYS_73261462&REV_00#3&18d45aa6&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d340-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination "\Device\00000082"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvmcdb"
.\debug.cpp(400) : Destination "\Device\drvmcdb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_USB_SD_Reader&Rev_1.00#2004888&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_01&Col02#8&29040ccc&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#ACR0009#5&13a1b096&0&UID268435460#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#ACR0009#5&13a1b096&0&UID268435460#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8024&SUBSYS_326D1462&REV_00#4&35e69562&0&10A4#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4388&SUBSYS_73261462&REV_00#3&18d45aa6&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1128df1b&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&27748934&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&2033df20&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&1d62032d&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&160ddd18&0&0#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_SM_Reader&Rev_1.02#2004888&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_13EC&PID_0006&Col06#6&32c0fdeb&0&0005#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9c4-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-9118b9c4-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-9118b9c8-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-9118b9c8-cdfc-11df-a58e-000cf61398da"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AudioLowerFilter"
.\debug.cpp(400) : Destination "\Device\AudioLowerFilter"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0DF6&PID_9071#5&1ff220ae&0&10#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4389&SUBSYS_73261462&REV_00#3&18d45aa6&0&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627326&REV_1000#4&2323973&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eaf4d455-652b-11dc-aca5-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3250820AS_____________________________3.AAD___#5&26bb45c4&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_04D9&PID_1603&MI_00#8&995f03&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`7098f400
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 10db723421b4c67663b09f7c08e4d4c6
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 232 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:28:03 on 02.10.2010 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.10 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - ? - C:\Windows\System32\guard32.dll (File not found) [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145340416~30026154.job" - ? - C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Advanced SCSI Programming Interface Driver" (ASPI) - ? - C:\Windows\System32\DRIVERS\ASPI32.sys "catchme" (catchme) - ? - C:\Users\Zandy\AppData\Local\Temp\catchme.sys (File not found) "Cinergy 2400i DT Base Driver" (MicNgBas) - "Micronas GmbH" - C:\Windows\System32\drivers\MicNgBas.sys "Cinergy 2400i DT Capture Driver" (MicNgCap) - "Micronas GmbH" - C:\Windows\System32\drivers\MicNgCap.sys "Cinergy 2400i DT Tuner Driver" (MicNgTun) - "Micronas GmbH" - C:\Windows\System32\drivers\MicNgTun.sys "DLABMFSM" (DLABMFSM) - "Roxio" - C:\Windows\System32\DLA\DLABMFSM.SYS "DLABOIOM" (DLABOIOM) - "Roxio" - C:\Windows\System32\DLA\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Roxio" - C:\Windows\System32\Drivers\DLACDBHM.SYS "DLADResM" (DLADResM) - "Roxio" - C:\Windows\System32\DLA\DLADResM.SYS "DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\Windows\System32\DLA\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\Windows\System32\DLA\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Roxio" - C:\Windows\System32\DLA\DLAPoolM.SYS "DLARTL_M" (DLARTL_M) - "Roxio" - C:\Windows\System32\Drivers\DLARTL_M.SYS "DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\Windows\System32\DLA\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\Windows\System32\DLA\DLAUDF_M.SYS "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\Windows\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Roxio" - C:\Windows\System32\Drivers\DRVNDDM.SYS "EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120" (libusb0) - "hxxp://libusb-win32.sourceforge.net" - C:\Windows\System32\DRIVERS\libusb0.sys "nvlddmkm" (nvlddmkm) - "NVIDIA Corporation" - C:\Windows\System32\DRIVERS\nvlddmkm.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - D:\Bearbeitungsprogramme\PlayMovie\000.fcl [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {41E300E0-78B6-11ce-849B-444553540000} "Display Effects CPL Extension" - "Microsoft Corporation" - C:\Windows\system32\themeui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - (File not found | COM-object registry key not found) {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll {5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{32099AAC-C132-4136-9E9A-4E364A424E17}" - ? - (File not found | COM-object registry key not found) <binary data> "{472734EA-242A-422B-ADF8-83D1E48CC825}" - ? - (File not found | COM-object registry key not found) <binary data> "{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\Windows\Downloaded Program Files\gp.ocx / hxxp://www.adobe.com/products/acrobat/nos/gp.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236365074789&h=e8a697bd531e33d86563088add75ecf2/&filename=jinstall-6u12-windows-i586-jc.cab {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_12.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\Windows\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199395426399 {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\Director\swdir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Zandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Logitech Touch Mouse Server.lnk" - "Logitech, Inc." - C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Sitecom USB Wireless LAN Utility.lnk" - "Sitecom Europe BV" - C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\shsvcs.dll,-12288" (ShellHWDetection) - "Microsoft Corporation" - C:\Windows\System32\shsvcs.dll "@%SystemRoot%\System32\shsvcs.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\shsvcs.dll "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - ? - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS32.exe "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe "SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe "UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-02 00:35:55
Windows 6.0.6000
Running: 9bt4rf9k.exe; Driver: C:\Users\Zandy\AppData\Local\Temp\kxldypog.sys
---- Kernel code sections - GMER 1.0.15 ----
D:\Bearbeitungsprogramme\PlayMovie\000.fcl entry point in "" section [0xA96CC41C]
.clc D:\Bearbeitungsprogramme\PlayMovie\000.fcl unknown last code section [0xA96CD000, 0x1000, 0xE0000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceExA 774C92DD 7 Bytes JMP 2806CE30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceA 774C93BB 5 Bytes JMP 2806CDA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceW 774D33FE 5 Bytes JMP 2806CCA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!SizeofResource 774D341C 7 Bytes JMP 2806CF70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!CreateEventA 774F7B60 5 Bytes JMP 2806C900 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!LockResource 774FD5DF 5 Bytes JMP 2806CFE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!FindResourceExW 774FD673 7 Bytes JMP 2806CD20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] kernel32.dll!LoadResource 774FD74B 7 Bytes JMP 2806CEC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ADVAPI32.dll!CryptDeriveKey 771ED229 7 Bytes JMP 2806C410 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ADVAPI32.dll!CryptDecrypt 771ED359 7 Bytes JMP 2806C470 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!SetWindowPlacement 776774E1 5 Bytes JMP 28070480 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!TrackPopupMenuEx 7767C76F 5 Bytes JMP 2806F590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!LoadImageW 7767D3D5 5 Bytes JMP 28070C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!SetWindowRgn 7767E016 7 Bytes JMP 28070520 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!CreateWindowExW 776885F8 5 Bytes JMP 2806E4A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!LoadIconW 776886E0 5 Bytes JMP 28070DE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!GetWindowLongW 7769250E 7 Bytes JMP 28070F10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!PeekMessageW 776925BC 5 Bytes JMP 2806EF10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!MessageBoxIndirectW 7769F1B3 5 Bytes JMP 28070800 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] USER32.dll!CreateDialogParamW 776AA500 5 Bytes JMP 280705D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!closesocket 777E3847 5 Bytes JMP 280754A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!send 777E3A8A 5 Bytes JMP 28075160 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!recv 777E4ABD 5 Bytes JMP 28074E80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!WSASend 777E4EE9 5 Bytes JMP 280752D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WS2_32.dll!WSARecv 777E72B5 5 Bytes JMP 28074FB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] SHELL32.dll!Shell_NotifyIconW 76753114 5 Bytes JMP 2806DC10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ole32.dll!CoRegisterClassObject 779139AC 5 Bytes JMP 2806D340 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ole32.dll!CoInitializeEx 7794885D 5 Bytes JMP 2806D240 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] ole32.dll!CoCreateInstance 7794DD8F 5 Bytes JMP 2806D5C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!InternetCloseHandle 77824261 5 Bytes JMP 280741D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!HttpOpenRequestA 7782AA7B 5 Bytes JMP 28073F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!InternetReadFile 778313D4 5 Bytes JMP 28074090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2184] WININET.dll!HttpSendRequestA 77833558 5 Bytes JMP 28074130 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7496FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7493B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7492A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7492CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74928AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7493CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74927D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74927CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74926A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749BC1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74947F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749290CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74932179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749321A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74937F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74937D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749683D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5028b1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5028b1@60d0a94da812 0x4D 0xFD 0x50 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF2 0x70 0x83 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3B 0x7F 0x72 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xCF 0xA6 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x6F 0xC0 0x42 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd5028b1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd5028b1@60d0a94da812 0x4D 0xFD 0x50 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF2 0x70 0x83 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3B 0x7F 0x72 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xCF 0xA6 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x6F 0xC0 0x42 0x77 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x70 0xB1 0xA5 0x07 ...
---- EOF - GMER 1.0.15 ----
|
|
03.10.2010, 12:51
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2010, 13:35
| #27 |
| | PC fährt nicht herunter,Programme hängen sich auf etc.Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire M3610
Logical Drives Mask: 0x0001079d
Kernel Drivers (total 171):
0x83000000 \SystemRoot\system32\ntkrnlpa.exe
0x833A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
0x80425000 \SystemRoot\system32\drivers\pci.sys
0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
0x8040E000 \SystemRoot\system32\drivers\pciide.sys
0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
0x807AE000 \SystemRoot\system32\drivers\atapi.sys
0x80790000 \SystemRoot\system32\drivers\ataport.SYS
0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8062B000 \SystemRoot\system32\drivers\ndis.sys
0x80600000 \SystemRoot\system32\drivers\msrpc.sys
0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C034000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91970000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8C026000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91EFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x91803000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C019000 \SystemRoot\System32\drivers\watchdog.sys
0x8C007000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C0DF000 \SystemRoot\system32\drivers\MicNgBas.sys
0x91BCC000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8C0FB000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x91B8F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91B81000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C1BB000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x91B69000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91910000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8BD24000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x91B0B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x91B00000 \SystemRoot\system32\DRIVERS\fdc.sys
0x91AE6000 \SystemRoot\system32\DRIVERS\serial.sys
0x91ADC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91AC4000 \SystemRoot\system32\DRIVERS\parport.sys
0x91A99000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x91A59000 \SystemRoot\system32\DRIVERS\storport.sys
0x91A4E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91A37000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91A2C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91A09000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BDD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91EEC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91ED0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91EC5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91EBA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C1AD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91E90000 \SystemRoot\system32\DRIVERS\ks.sys
0x91E86000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91EDF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92730000 \SystemRoot\system32\drivers\MicNgCap.sys
0x91E68000 \SystemRoot\system32\drivers\MicNgTun.sys
0x8C07E000 \SystemRoot\system32\drivers\BdaSup.SYS
0x91E34000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91E2A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x8BCD4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x926B1000 \SystemRoot\system32\drivers\HdAudio.sys
0x92684000 \SystemRoot\system32\drivers\portcls.sys
0x91E05000 \SystemRoot\system32\drivers\drmk.sys
0x92857000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9198B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91902000 \SystemRoot\System32\Drivers\Null.SYS
0x8C04A000 \SystemRoot\System32\Drivers\Beep.SYS
0x91934000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x918A7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92668000 \SystemRoot\System32\drivers\vga.sys
0x92647000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C16D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C175000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9261C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9260E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x919A6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x92B2B000 \SystemRoot\System32\drivers\tcpip.sys
0x9283E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x92829000 \SystemRoot\system32\DRIVERS\tdx.sys
0x92815000 \SystemRoot\system32\DRIVERS\smb.sys
0x92AA4000 \SystemRoot\system32\drivers\afd.sys
0x92A72000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92A5C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92600000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92802000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92A21000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92A17000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92A00000 \SystemRoot\System32\Drivers\dfsc.sys
0x9273D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C03F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C13D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8BDE7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8BCB4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8C1A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92ECB000 \SystemRoot\system32\DRIVERS\zd1211u.sys
0x91994000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9B400000 \SystemRoot\System32\win32k.sys
0x92EC1000 \SystemRoot\System32\drivers\Dxapi.sys
0x92E65000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x92F4D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9C91A000 \SystemRoot\system32\DRIVERS\spc1030.sys
0x927A5000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x918A0000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
0x92F37000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
0x92F25000 \SystemRoot\system32\drivers\usbaudio.sys
0x8C115000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9BB4C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9D200000 \SystemRoot\System32\TSDDD.dll
0x9D220000 \SystemRoot\System32\ATMFD.DLL
0x9D210000 \SystemRoot\System32\cdd.dll
0x9CEE5000 \SystemRoot\system32\drivers\luafv.sys
0x9BA76000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x9B619000 \SystemRoot\System32\DLA\DLADResM.SYS
0x9CECD000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x91B46000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x8C1BD000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x918C3000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x918CA000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x9CE77000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x9CE60000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA0B72000 \SystemRoot\system32\drivers\spsys.sys
0x8BCF4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA0B47000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9B663000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA068A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA1797000 \SystemRoot\system32\drivers\HTTP.sys
0xA0A45000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA177E000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA176A000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA171B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA16E2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA16D0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA16AC000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA165B000 \SystemRoot\System32\DRIVERS\srv.sys
0x918F4000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA160A000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA3322000 \SystemRoot\system32\drivers\peauth.sys
0x9BAAD000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3281000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
0xA320C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA3FEE000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA3E48000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9BACE000 \SystemRoot\system32\drivers\tdtcp.sys
0x9B6BD000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA47D2000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xAFB0A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9EED0000 \SystemRoot\system32\drivers\MSPQM.sys
0xC9640000 \SystemRoot\System32\Drivers\usbaapl.sys
0x77040000 \Windows\System32\ntdll.dll
Processes (total 69):
0 System Idle Process
4 System
420 C:\Windows\System32\smss.exe
528 csrss.exe
592 C:\Windows\System32\wininit.exe
604 csrss.exe
636 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\winlogon.exe
920 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\Ati2evxx.exe
1024 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\audiodg.exe
1296 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\SLsvc.exe
1356 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\Ati2evxx.exe
1576 C:\Windows\System32\svchost.exe
1788 C:\Windows\System32\spoolsv.exe
1816 C:\Windows\System32\svchost.exe
608 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1252 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1340 C:\Program Files\Bonjour\mDNSResponder.exe
1544 C:\Windows\System32\svchost.exe
1584 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
1060 C:\Windows\System32\PnkBstrA.exe
2020 C:\Windows\System32\svchost.exe
500 C:\Program Files\Google\Update\GoogleUpdate.exe
412 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2236 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2268 C:\Windows\System32\svchost.exe
2316 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
2340 C:\Windows\System32\svchost.exe
2368 C:\Windows\System32\SearchIndexer.exe
2464 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2736 WUDFHost.exe
2928 C:\Windows\System32\taskeng.exe
2948 C:\Windows\System32\alg.exe
4072 C:\Windows\System32\taskeng.exe
2356 C:\Windows\System32\dwm.exe
860 C:\Windows\explorer.exe
3284 C:\Windows\RtHDVCpl.exe
3292 C:\Windows\vspc1030.exe
3344 C:\Program Files\iTunes\iTunesHelper.exe
3368 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3376 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
3556 C:\Program Files\iPod\bin\iPodService.exe
1944 C:\Windows\ehome\ehsched.exe
2136 C:\Windows\ehome\ehrecvr.exe
2292 C:\Windows\System32\wuauclt.exe
5484 C:\Windows\System32\conime.exe
6032 C:\Program Files\QuickTime\QuickTimePlayer.exe
1416 C:\Windows\System32\taskeng.exe
5420 C:\Program Files\iTunes\iTunes.exe
5148 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
4220 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
4824 C:\Windows\System32\mobsync.exe
4336 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3540 C:\Program Files\Windows Live\Contacts\wlcomm.exe
3132 C:\Program Files\DVDVideoSoft\Free Studio\Free YouTube to Mp3 Converter\FreeYouTubeToMP3Converter.exe
4004 C:\Program Files\Java\jre6\bin\javaw.exe
3408 C:\Windows\System32\SearchProtocolHost.exe
5952 C:\Windows\System32\SearchFilterHost.exe
3876 C:\Users\Zandy\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00 (NTFS)
\\.\Q: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD
PhysicalDrive5 Model Number: SeagateFreeAgent, Rev: 0138
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
931 GB \\.\PhysicalDrive5 MBR Code Faked!
SHA1: 31ABC6F76EA6A7FD5B12BF4901243A3546141C86
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
ich bin erstmal ne Woche im Urlaub aber wir schreiben in ner Woche |
|
03.10.2010, 13:39
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. Starte bitte MBRCheck.exe erneut. Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter bei
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop. Poste mir den Inhalt von beiden .txt Dokumenten Das gleiche machst Du für die andere Platte in Deinem Rechner also:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2010, 11:19
| #29 |
| | PC fährt nicht herunter,Programme hängen sich auf etc. Okey ales gemacht Beim Zweiten gabs Probleme ... naja siehs dir an : Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire M3610
Logical Drives Mask: 0x0000e7dd
Kernel Drivers (total 172):
0x83000000 \SystemRoot\system32\ntkrnlpa.exe
0x833A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
0x80425000 \SystemRoot\system32\drivers\pci.sys
0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
0x8040E000 \SystemRoot\system32\drivers\pciide.sys
0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
0x807AE000 \SystemRoot\system32\drivers\atapi.sys
0x80790000 \SystemRoot\system32\drivers\ataport.SYS
0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8062B000 \SystemRoot\system32\drivers\ndis.sys
0x80600000 \SystemRoot\system32\drivers\msrpc.sys
0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
0x91620000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91740000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x91612000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91AFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x91A62000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91605000 \SystemRoot\System32\drivers\watchdog.sys
0x91689000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9167D000 \SystemRoot\system32\drivers\MicNgBas.sys
0x91A2E000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x91673000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x925C3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91A20000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C0C9000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x91A08000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x916EB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8BDC0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x92505000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x924FA000 \SystemRoot\system32\DRIVERS\fdc.sys
0x924E0000 \SystemRoot\system32\DRIVERS\serial.sys
0x924D6000 \SystemRoot\system32\DRIVERS\serenum.sys
0x924BE000 \SystemRoot\system32\DRIVERS\parport.sys
0x92493000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x92453000 \SystemRoot\system32\DRIVERS\storport.sys
0x92448000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x92431000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92426000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92403000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C10A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x927ED000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C119000 \SystemRoot\system32\DRIVERS\termdd.sys
0x927E2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x927CA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C0C3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x927A0000 \SystemRoot\system32\DRIVERS\ks.sys
0x92796000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x927D5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x926C6000 \SystemRoot\system32\drivers\MicNgCap.sys
0x926A8000 \SystemRoot\system32\drivers\MicNgTun.sys
0x91727000 \SystemRoot\system32\drivers\BdaSup.SYS
0x92674000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9266A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x8BD64000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9262B000 \SystemRoot\system32\drivers\HdAudio.sys
0x929D3000 \SystemRoot\system32\drivers\portcls.sys
0x92606000 \SystemRoot\system32\drivers\drmk.sys
0x9282A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91764000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9166A000 \SystemRoot\System32\Drivers\Null.SYS
0x916FC000 \SystemRoot\System32\Drivers\Beep.SYS
0x925B7000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x91632000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9281E000 \SystemRoot\System32\drivers\vga.sys
0x92B9F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C037000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C047000 \SystemRoot\system32\drivers\rdpencdd.sys
0x92813000 \SystemRoot\System32\Drivers\Msfs.SYS
0x92805000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91776000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x92AAA000 \SystemRoot\System32\drivers\tcpip.sys
0x92A91000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x92A7C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x92A68000 \SystemRoot\system32\DRIVERS\smb.sys
0x92A21000 \SystemRoot\system32\drivers\afd.sys
0x92DCE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92A0B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92DC0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92DAD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92D72000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92A01000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92D5B000 \SystemRoot\System32\Drivers\dfsc.sys
0x926D3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x916F1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C09F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x917C7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8BCC4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8C0C7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BDE7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9AFEE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9AFB5000 \SystemRoot\system32\DRIVERS\zd1211u.sys
0x9B800000 \SystemRoot\System32\win32k.sys
0x92C01000 \SystemRoot\System32\drivers\Dxapi.sys
0x9AF4D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9C91A000 \SystemRoot\system32\DRIVERS\spc1030.sys
0x926E0000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x91655000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
0x9AF37000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
0x9AF25000 \SystemRoot\system32\drivers\usbaudio.sys
0x8C02F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8C173000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9D800000 \SystemRoot\System32\TSDDD.dll
0x9D820000 \SystemRoot\System32\ATMFD.DLL
0x9D810000 \SystemRoot\System32\cdd.dll
0x9C82F000 \SystemRoot\system32\drivers\luafv.sys
0x92C56000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x9C854000 \SystemRoot\System32\DLA\DLADResM.SYS
0x9C817000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x92545000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x8C0D1000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x9165C000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x91663000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x9F4BE000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x9F4A7000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA0AF2000 \SystemRoot\system32\drivers\spsys.sys
0x8BD44000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA1379000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9F2D7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA1366000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA1233000 \SystemRoot\system32\drivers\HTTP.sys
0xA1218000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA15A7000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA1204000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1589000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA1550000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA153E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA151A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1489000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F355000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA8F56000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA9522000 \SystemRoot\system32\drivers\peauth.sys
0x92CB9000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA9003000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
0xA9121000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA8EA2000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA9240000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x92C61000 \SystemRoot\system32\drivers\tdtcp.sys
0x9AE65000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA928D000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA913C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA8E4F000 \SystemRoot\system32\drivers\MSPQM.sys
0x9BAE6000 \SystemRoot\System32\Drivers\usbaapl.sys
0xA90F9000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77A40000 \Windows\System32\ntdll.dll
Processes (total 66):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
528 csrss.exe
592 C:\Windows\System32\wininit.exe
600 csrss.exe
636 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\winlogon.exe
916 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\Ati2evxx.exe
1036 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\SLsvc.exe
1384 C:\Windows\System32\Ati2evxx.exe
1404 C:\Windows\System32\svchost.exe
1564 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\spoolsv.exe
1764 C:\Windows\System32\svchost.exe
584 C:\Windows\System32\dwm.exe
1256 C:\Windows\explorer.exe
1860 C:\Windows\RtHDVCpl.exe
1984 C:\Windows\vspc1030.exe
2040 C:\Program Files\iTunes\iTunesHelper.exe
2036 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
788 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
1576 C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
2824 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
2844 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2872 C:\Program Files\Bonjour\mDNSResponder.exe
2892 C:\Windows\System32\svchost.exe
3072 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
3168 C:\Windows\System32\PnkBstrA.exe
3192 C:\Windows\System32\svchost.exe
3208 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
3272 C:\Program Files\Google\Update\GoogleUpdate.exe
3408 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3440 C:\Windows\System32\svchost.exe
3508 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
3536 C:\Windows\System32\svchost.exe
3680 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
4084 WUDFHost.exe
2624 C:\Program Files\iPod\bin\iPodService.exe
1820 C:\Windows\System32\taskeng.exe
1328 C:\Windows\System32\alg.exe
2172 C:\Windows\System32\taskeng.exe
5780 C:\Windows\ehome\ehsched.exe
5832 C:\Windows\ehome\ehrecvr.exe
4596 C:\Windows\System32\wuauclt.exe
4120 C:\Program Files\iTunes\iTunes.exe
6056 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
6140 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
6068 C:\Windows\System32\SearchIndexer.exe
2732 C:\Windows\System32\taskeng.exe
2424 C:\Windows\System32\SearchProtocolHost.exe
5940 C:\Windows\System32\SearchFilterHost.exe
2464 C:\Users\Zandy\Desktop\MBRCheck.exe
2468 C:\Windows\System32\conime.exe
2700 C:\Program Files\Mozilla Firefox\firefox.exe
5528 C:\Program Files\Mozilla Firefox\plugin-container.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00 (NTFS)
PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done!
Code:
ATTFilter 1ÀŽÐ¼ |ûPPü¾|¿PW¹åó¤Ë¿ 1À²€ÍsOtëóëþ½ˆ€~ ZtTø¸–³Írù t+ø¸–³Írù tø¸–³Írù u$ø¸ÊÍ€út¾¾±8,|uÆ âô‰õéo éi ½¾f‹^`h h fSh h |h h ´B²€‰æÍaasOt0ä²€ÍëÍè{ ½¾ÆF €ÆF ÆF ÆF*‰¨t€N$*‰¨t€N4èr h h |˽Îf‹^`h h fSh h |h h ´B²€‰æÍaasOt0ä²€ÍëÍè ½¾€~'tºÆF'è% 뱿 1ÀŽÀ» ~¸µ ±¶ ²€Ís Ot0äÍ
ëÞÿ 1ÀŽÀ» ~¸µ ±¶ ²€Ís Ot0äÍ
ëÞÃ Acer.3 system ÓnøÏ 'þÿÿ? ;L8€þÿÿþÿÿzL8µFö
þÿÿþÿÿ/“.R²í
Uª
ehm ja ^^ komische Zeichen aber : Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire M3610
Logical Drives Mask: 0x0000e7dd
Kernel Drivers (total 172):
0x83000000 \SystemRoot\system32\ntkrnlpa.exe
0x833A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
0x80425000 \SystemRoot\system32\drivers\pci.sys
0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
0x8040E000 \SystemRoot\system32\drivers\pciide.sys
0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
0x807AE000 \SystemRoot\system32\drivers\atapi.sys
0x80790000 \SystemRoot\system32\drivers\ataport.SYS
0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
0x80738000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x8072F000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8062B000 \SystemRoot\system32\drivers\ndis.sys
0x80600000 \SystemRoot\system32\drivers\msrpc.sys
0x8B1C7000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B0BF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B055000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B04D000 \SystemRoot\system32\DRIVERS\wd.sys
0x8B017000 \SystemRoot\system32\drivers\volsnap.sys
0x8B00F000 \SystemRoot\System32\Drivers\spldr.sys
0x8B000000 \SystemRoot\System32\drivers\partmgr.sys
0x8B3F1000 \SystemRoot\System32\Drivers\mup.sys
0x8B3CC000 \SystemRoot\System32\drivers\ecache.sys
0x8B3BB000 \SystemRoot\system32\drivers\disk.sys
0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B392000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8B389000 \SystemRoot\system32\drivers\crcdisk.sys
0x91905000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8C028000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x918F7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91CFF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9185A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9184D000 \SystemRoot\System32\drivers\watchdog.sys
0x91836000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9182A000 \SystemRoot\system32\drivers\MicNgBas.sys
0x91CCB000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8C188000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x91C8E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9181C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C1A0000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x91804000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8BD54000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x91C30000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x91C25000 \SystemRoot\system32\DRIVERS\fdc.sys
0x91C0B000 \SystemRoot\system32\DRIVERS\serial.sys
0x91C01000 \SystemRoot\system32\DRIVERS\serenum.sys
0x92588000 \SystemRoot\system32\DRIVERS\parport.sys
0x9255D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9251D000 \SystemRoot\system32\DRIVERS\storport.sys
0x91C83000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x92506000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x924FB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x924D8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BDD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x924C5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x924A9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9249E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x92493000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C19E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92469000 \SystemRoot\system32\DRIVERS\ks.sys
0x9245F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x924B8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92452000 \SystemRoot\system32\drivers\MicNgCap.sys
0x92434000 \SystemRoot\system32\drivers\MicNgTun.sys
0x919E4000 \SystemRoot\system32\drivers\BdaSup.SYS
0x92400000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x927F6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x8BC74000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x927B7000 \SystemRoot\system32\drivers\HdAudio.sys
0x9278A000 \SystemRoot\system32\drivers\portcls.sys
0x92765000 \SystemRoot\system32\drivers\drmk.sys
0x92857000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C04C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9194F000 \SystemRoot\System32\Drivers\Null.SYS
0x91956000 \SystemRoot\System32\Drivers\Beep.SYS
0x925EE000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x91964000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92709000 \SystemRoot\System32\drivers\vga.sys
0x926E8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C140000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C148000 \SystemRoot\system32\drivers\rdpencdd.sys
0x926BD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x926AF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C067000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x92B2B000 \SystemRoot\System32\drivers\tcpip.sys
0x92696000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x92681000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9266D000 \SystemRoot\system32\DRIVERS\smb.sys
0x92626000 \SystemRoot\system32\drivers\afd.sys
0x92825000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92610000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92602000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92812000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92AF0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92808000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92AD9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C01B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C006000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C110000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9B600000 \SystemRoot\System32\win32k.sys
0x92E9A000 \SystemRoot\System32\drivers\Dxapi.sys
0x9CBE4000 \SystemRoot\System32\Drivers\usbaapl.sys
0x8C1AE000 \SystemRoot\System32\Drivers\USBD.SYS
0x9C2F6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8C082000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8BCD4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9E9EE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9E9B5000 \SystemRoot\system32\DRIVERS\zd1211u.sys
0x8C08B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9E99E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9ED1A000 \SystemRoot\system32\DRIVERS\spc1030.sys
0x92F64000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x91910000 \SystemRoot\system32\DRIVERS\spc1030c.SYS
0x9E988000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
0x9E976000 \SystemRoot\system32\drivers\usbaudio.sys
0x9CAB0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9F800000 \SystemRoot\System32\TSDDD.dll
0x9F820000 \SystemRoot\System32\ATMFD.DLL
0x9F810000 \SystemRoot\System32\cdd.dll
0x9ECBF000 \SystemRoot\system32\drivers\luafv.sys
0x92E0C000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x9B86F000 \SystemRoot\System32\DLA\DLADResM.SYS
0xA0DE8000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x91C5C000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x9CA82000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x9196B000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x91972000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x9E860000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA0DD1000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA2572000 \SystemRoot\system32\drivers\spsys.sys
0x9E810000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA2488000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x92EEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA2475000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA2931000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA28C8000 \SystemRoot\system32\drivers\HTTP.sys
0xA286D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA2823000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA2421000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA2805000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA31C7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA31B5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA3191000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3140000 \SystemRoot\System32\DRIVERS\srv.sys
0x91948000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA33AF000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA32D1000 \SystemRoot\system32\drivers\peauth.sys
0x9EC93000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA46BF000 \??\D:\Bearbeitungsprogramme\PlayMovie\000.fcl
0xA46AA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA4698000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA50DA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9EC0F000 \SystemRoot\system32\drivers\tdtcp.sys
0x9B892000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA506C000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x9CA80000 \SystemRoot\system32\drivers\MSPQM.sys
0xA4602000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77EE0000 \Windows\System32\ntdll.dll
Processes (total 71):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
536 csrss.exe
600 C:\Windows\System32\wininit.exe
612 csrss.exe
644 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\winlogon.exe
920 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\Ati2evxx.exe
1024 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\SLsvc.exe
1352 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\Ati2evxx.exe
1552 C:\Windows\System32\svchost.exe
1776 C:\Windows\System32\spoolsv.exe
1800 C:\Windows\System32\svchost.exe
636 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
592 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1072 C:\Program Files\Bonjour\mDNSResponder.exe
1252 C:\Windows\System32\svchost.exe
124 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
756 C:\Windows\System32\PnkBstrA.exe
2004 C:\Windows\System32\svchost.exe
328 C:\Program Files\Google\Update\GoogleUpdate.exe
2052 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2260 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2292 C:\Windows\System32\svchost.exe
2340 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
2380 C:\Windows\System32\svchost.exe
2416 C:\Windows\System32\SearchIndexer.exe
2532 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2700 WmiPrvSE.exe
2780 WUDFHost.exe
3012 C:\Windows\System32\taskeng.exe
3024 C:\Windows\System32\alg.exe
3960 C:\Windows\ehome\ehsched.exe
4028 C:\Windows\ehome\ehrecvr.exe
3460 WmiPrvSE.exe
3224 C:\Windows\System32\dwm.exe
3444 C:\Windows\System32\taskeng.exe
2172 C:\Windows\System32\taskeng.exe
2112 C:\Windows\explorer.exe
3876 C:\Windows\RtHDVCpl.exe
3360 C:\Windows\vspc1030.exe
3760 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3344 C:\Program Files\iTunes\iTunesHelper.exe
3908 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3940 C:\Program Files\Skype\Phone\Skype.exe
2992 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3504 C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
3512 C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
1216 C:\Program Files\iPod\bin\iPodService.exe
2212 C:\Windows\System32\wuauclt.exe
4304 C:\Program Files\Skype\Plugin Manager\skypePM.exe
4996 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
5020 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
5072 C:\Windows\System32\SearchProtocolHost.exe
5084 C:\Windows\System32\SearchFilterHost.exe
5300 C:\Program Files\Mozilla Firefox\firefox.exe
5416 C:\Program Files\Mozilla Firefox\plugin-container.exe
5848 C:\Users\Zandy\Desktop\MBRCheck.exe
5864 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5d265e00 (NTFS)
PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAD
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 5Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Out of memory!Could not read disk!
Done!
|
|
09.10.2010, 18:17
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC fährt nicht herunter,Programme hängen sich auf etc. Das zweite mal ist für Deine ext. Platte! Die muss angeschlossen sein beim MBRfix! Bitte wiederholen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu PC fährt nicht herunter,Programme hängen sich auf etc. |
| (keine rückmeldung), adobe, antivirus, ask toolbar, ask.com, bho, bonjour, converter, defender, downloader, explorer, firefox, hacked, hijack, hijackthis, hängen, internet, internet explorer, keine rückmeldung, logfile, löschen?, mozilla, mp3, neu aufsetzen, neustart, plug-in, pop-up-blocker, security, software, system, system neu, system neu aufsetzen, vista, windows, wireless lan |
Linear-Darstellung
