Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Crypt.XPACK.Gen3 Meldung (https://www.trojaner-board.de/90565-tr-crypt-xpack-gen3-meldung.html)

Mario81 08.09.2010 21:59
TR/Crypt.XPACK.Gen3 Meldung
 
Hallo zusammen. Knapp einen monat bekomme ich wenn ich an meinen rechner nix mache (keine musik hören oder zocken oder arbeiten) immer stündlich diese meldung von antivier "TR/Crypt.XPACK.Gen3".
Habe mir mal combofix runtergeladen in der hoffnung das es was bringt, aber pustekuchen :(

desweiternen ist mir aufgefallen, das ich zu 85% aller meiner programme nicht mehr deinstallieren kann unter "systemsteuerrung - software" da ist kein ändern/entfernen bzw. deinstallations button...
bitte helft mir, ich bin am verzweifeln :(

hier poste ich euch meine "Hijackthis" + "defogger disable" + "mbab" log.

Hijackthis logfile:
PHP-Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:07on 08.09.2010
PlatformWindows XP SP3 (WinNT 5.01.2600)
MSIEInternet Explorer v8.00 (8.00.6001.18702)
Boot modeNormal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Application Updater\ApplicationUpdater.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
F:\teamspeak2\ts3client_win32.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page hxxp://google.de/
R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 HKCU\Software\Microsoft\Internet Explorer\Main,Local Page 
O2 BHOAdobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 BHOAcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 BHOGroove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 BHOWindows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 BHOJava(tmPlug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 BHOFlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O2 BHOJQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 HKLM\..\Run: [SoundMAXPnPC:\Programme\Analog Devices\Core\smax4pnp.exe
O4 HKLM\..\Run: [NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 HKLM\..\Run: [GrooveMonitor"C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 HKLM\..\Run: [NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 HKLM\..\Run: [avgnt"C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 HKLM\..\Run: [Adobe Reader Speed Launcher"C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 HKLM\..\Run: [Adobe ARM"C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 HKLM\..\Run: [SunJavaUpdateSched"C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 HKLM\..\Run: [nwiznwiz.exe /install
O4 HKLM\..\Run: [QuickTime Task"F:\QUICKTIME\qttask.exe" -atboottime
O4 HKCU\..\Run: [ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 HKUS\S-1-5-18\..\Run: [CTFMON.EXEC:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 HKUS\.DEFAULT\..\Run: [CTFMON.EXEC:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 StartupERUNT AutoBackup.lnk C:\Programme\ERUNT\AUTOBACK.EXE
O8 Extra context menu itemFree YouTube Download C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 Extra context menu itemFree YouTube to Mp3 Converter C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 Extra context menu itemNach Microsoft &Excel exportieren res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 Extra context menu itemNach Microsoft E&xel exportieren res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 Extra buttonAn OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 Extra 'Tools' menuitemAn OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 Extra buttonResearch - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 Extra buttonICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 Extra 'Tools' menuitemICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 Extra buttonMessenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 Extra 'Tools' menuitemWindows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208174604234
O16 DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
O16 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208174678421
O16 DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - hxxp://clubgames.pogo.com/online2/pogop/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
O16 DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
O16 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 HKLM\System\CCS\Services\Tcpip\..\{E104CD73-A9C1-4FA1-8972-7B5820CB2F29}: NameServer 195.50.140.246 195.50.140.252
O18 ProtocolgrooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 Protocolskype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 ServiceAvira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 ServiceAvira AntiVir Guard (AntiVirService) - Avira GmbH C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 ServiceApplication Updater SpigotInc. - C:\Programme\Application Updater\ApplicationUpdater.exe
O23 ServiceFLEXnet Licensing Service Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 ServiceForceware Web Interface (ForcewareWebInterface) - Apache Software Foundation C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 ServiceInstallDriver Table Manager (IDriverT) - Macrovision Corporation C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 ServiceJava Quick Starter (JavaQuickStarterService) - Sun MicrosystemsInc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 ServiceNIHardwareService Unknown owner C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (file missing)
O23 ServicenProtect GameGuard Service (npggsvc) - Unknown owner C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 Servicenpkcmsvc INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 ServiceForceWare IP service (nSvcIp) - NVIDIA Corporation C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 ServiceForceWare user log service (nSvcLog) - NVIDIA Corporation C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 ServiceNVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation C:\WINDOWS\system32\nvsvc32.exe
O23 ServicePnkBstrA Unknown owner C:\WINDOWS\system32\PnkBstrA.exe

--
End of file 9817 bytes 
mbam-log file
PHP-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4532

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03.09.2010 00:16:36
mbam-log-2010-09-03 (00-16-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147359
Laufzeit: 4 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 
defogger_disable
HTML-Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:33 on 03/09/2010 (Mario)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

cosinus 09.09.2010 20:16
Zitat:
Habe mir mal combofix runtergeladen in der hoffnung das es was bringt, aber pustekuchen
1. sollte CF nur auf expplizite Anweisung hin ausgeführt werden und 2. postet man auch das Log davon wenn man es denn schon ausführen musste!

Mario81 10.09.2010 11:00
Zitat:
1. sollte CF nur auf expplizite Anweisung hin ausgeführt werden und 2. postet man auch das Log davon wenn man es denn schon ausführen musste!
is ja schon knapp 2 wochen her :(
und was soll ich jetzt machen? mir die programme kaufen oder wie geht der schritt jetzt weiter?

cosinus 10.09.2010 11:37
Liest Du meine Postings nicht?! Du solltest das Log von Combofix posten!

Mario81 10.09.2010 14:35
combofix log
Combofix Logfile:
Code:
ComboFix 10-09-09.04 - Mario 10.09.2010  15:24:44.7.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3071.2609 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Mario\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-08-10 bis 2010-09-10  ))))))))))))))))))))))))))))))
.

2010-09-06 11:06 . 2010-09-06 11:06        --------        d-----w-        c:\dokumente und einstellungen\All Users\Startmen³
2010-09-06 10:13 . 2010-09-10 13:24        --------        d-----w-        c:\programme\Gemeinsame Dateien\Akamai
2010-09-02 22:10 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 22:10 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-02 00:43 . 2010-09-02 00:43        --------        d-----w-        c:\programme\ERUNT
2010-08-23 13:16 . 2010-08-23 13:17        --------        d-----w-        c:\programme\NewBlue
2010-08-23 09:28 . 2010-08-23 09:30        --------        d-----w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\Toolbar4
2010-08-18 20:13 . 2010-08-23 12:58        --------        d-----w-        c:\programme\Gemeinsame Dateien\eSellerate

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 11:57 . 2008-04-21 18:31        --------        d-----w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\ICQ
2010-09-07 09:26 . 2010-03-17 18:30        --------        d-----w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\Skype
2010-09-07 09:25 . 2010-03-17 18:32        --------        d-----w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\skypePM
2010-09-02 12:27 . 2010-03-18 18:43        --------        d-----w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\TS3Client
2010-09-02 00:35 . 2004-08-04 12:00        85534        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-02 00:35 . 2004-08-04 12:00        462662        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-31 14:22 . 2010-07-24 10:47        528760        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-08-27 01:04 . 2008-04-13 13:23        127280        ----a-w-        c:\dokumente und einstellungen\Mario\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-08-25 22:25 . 2008-04-22 13:21        --------        d-----w-        c:\programme\FlashFXP
2010-08-25 22:19 . 2010-04-05 17:26        --------        d-----w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\SolidDocuments
2010-08-23 23:15 . 2008-11-17 21:57        --------        d-----w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\Publish Providers
2010-08-23 13:18 . 2010-04-27 19:29        --------        d-----w-        c:\programme\Sony
2010-08-23 10:13 . 2008-09-12 20:53        --------        d---a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-08-19 15:05 . 2008-04-12 12:58        --------        d--h--w-        c:\programme\InstallShield Installation Information
2010-08-11 09:56 . 2008-10-12 00:50        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-08-07 13:03 . 2010-08-07 13:03        --------        d-----w-        c:\programme\Microsoft
2010-08-07 13:03 . 2010-08-07 13:03        --------        d-----w-        c:\programme\Windows Live SkyDrive
2010-08-07 13:03 . 2008-04-21 10:45        --------        d-----w-        c:\programme\Windows Live
2010-08-07 12:59 . 2010-08-07 12:59        --------        d-----w-        c:\programme\Gemeinsame Dateien\Windows Live
2010-08-06 12:19 . 2010-05-01 22:29        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-08-05 08:02 . 2010-08-05 08:02        503808        ----a-w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-72b8f6ce-n\msvcp71.dll
2010-08-05 08:02 . 2010-08-05 08:02        499712        ----a-w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-72b8f6ce-n\jmc.dll
2010-08-05 08:02 . 2010-08-05 08:02        348160        ----a-w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-72b8f6ce-n\msvcr71.dll
2010-08-05 08:02 . 2010-08-05 08:02        61440        ----a-w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33fb4905-n\decora-sse.dll
2010-08-05 08:02 . 2010-08-05 08:02        12800        ----a-w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-33fb4905-n\decora-d3d.dll
2010-07-25 17:59 . 2010-07-25 17:59        --------        d-----w-        c:\programme\Gemeinsame Dateien\Skype
2010-07-25 17:59 . 2010-07-25 17:59        --------        d-----r-        c:\programme\Skype
2010-07-25 17:59 . 2010-03-17 18:29        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2010-07-23 12:09 . 2009-01-03 23:49        --------        d-----w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\gtk-2.0
2010-07-22 12:51 . 2008-04-21 16:06        --------        d-----w-        c:\programme\Teamspeak2_RC2
2010-07-17 19:18 . 2008-05-25 01:39        --------        d-----w-        c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2010-07-17 18:48 . 2010-07-17 18:46        --------        d-----w-        c:\dokumente und einstellungen\Mario\Anwendungsdaten\Ventrilo
2010-06-30 12:28 . 2004-08-04 12:00        149504        ----a-w-        c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-09-29 18:47        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-04 12:00        1852032        ------w-        c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00        354304        ------w-        c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00        80384        ------w-        c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-04-12 12:48        744448        ----a-w-        c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00        1172480        ----a-w-        c:\windows\system32\msxml3.dll
2010-03-29 16:42 . 2010-03-29 16:41        92783        ----a-w-        c:\programme\unins000.dat
2010-03-29 16:41 . 2010-03-29 16:41        1349455        ----a-w-        c:\programme\unins000.exe
2010-03-26 14:53 . 2010-03-29 16:41        3428        ----a-w-        c:\programme\xdata.enc
2010-03-26 14:52 . 2010-03-29 16:41        1860480        ----a-w-        c:\programme\cabalmain.exe
2010-03-05 17:54 . 2010-03-29 16:41        299304        ----a-w-        c:\programme\gameguard.des
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\erdnt\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"QuickTime Task"="f:\quicktime\qttask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Mario\Startmen\Programme\Autostart\
ERUNT AutoBackup.lnk - c:\programme\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Mario^Startmenü^Programme^Autostart^Secunia PSI.lnk]
path=c:\dokumente und einstellungen\Mario\Startmenü\Programme\Autostart\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-22 11:34        2772992        ----a-w-        c:\programme\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36        172792        ----a-w-        c:\programme\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12        3872080        ----a-w-        c:\programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53        421888        ----a-w-        f:\quicktime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12        26192168        ----a-r-        c:\programme\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2006-11-24 00:06        487424        ----a-r-        c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster]
2010-03-16 14:25        60208        ----a-w-        f:\registrybooster\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07        199752        ----a-w-        c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FlashFXP\\FlashFXP.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Hamachi\\hamachi.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonUS\\NGM\\NGM.exe"=
"c:\\Programme\\EA Games\\Command and Conquer Generäle\\game.dat"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.3.game"=
"c:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.4.game"=
"f:\\Programme\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.5.game"=
"c:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.6.game"=
"c:\\Dokumente und Einstellungen\\Mario\\Desktop\\leecher.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonEU\\NGM\\NGM.exe"=
"c:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.7.game"=
"c:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.8.game"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"g:\\Metin2\\metin2.bin"=
"c:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.9.game"=
"c:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.10.game"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.11.game"=
"c:\\Programme\\Electronic Arts\\Alarmstufe Rot 3\\Data\\ra3_1.12.game"=
"g:\\BLACK_SHOOT\\BlackShot\\Blackshot\\system\\BlackShot.exe"=
"c:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=
"g:\\Metin2\\metin2client.bin"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programme\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"=
"f:\\PINNACLE STUDIO 14\\Programs\\RM.exe"=
"f:\\PINNACLE STUDIO 14\\Programs\\Studio.exe"=
"f:\\PINNACLE STUDIO 14\\Programs\\umi.exe"=
"g:\\eFusion\\BlackShot\\system\\BlackShot.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\Alaplaya\\LOCO\\System\\LOCO.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28910:TCP"= 28910:TCP:c&c
"29900:TCP"= 29900:TCP:c&c
"29920:TCP"= 29920:TCP:c&c
"4321:UDP"= 4321:UDP:c&c
"27900:UDP"= 27900:UDP:c&c
"26000:UDP"= 26000:UDP:empire
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"59066:TCP"= 59066:TCP:Pando Media Booster
"59066:UDP"= 59066:UDP:Pando Media Booster
"12000:UDP"= 12000:UDP:Blackshot
"10002:UDP"= 10002:UDP:Blackshot
"10005:UDP"= 10005:UDP:Blackshot
"12000:TCP"= 12000:TCP:Blackshot
"30001:TCP"= 30001:TCP:Blackshot
"23:TCP"= 23:TCP:Blackshot
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04.08.2004 14:00 14336]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.03.2009 23:41 108289]
R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [16.12.2009 18:38 375296]
S2 NIHardwareService;NIHardwareService;c:\programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe --> c:\programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\Mario\LOKALE~1\Temp\VFD12.tmp --> c:\dokume~1\Mario\LOKALE~1\Temp\VFD12.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24.03.2009 13:03 7808]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09.05.2008 00:24 697328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
Akamai        REG_MULTI_SZ          Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
IE: Free YouTube Download - c:\dokumente und einstellungen\Mario\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Mario\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - f:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-10 15:31
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A47E3E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7ecb8
\Driver\atapi -> 0x8a47f410
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9defbb0
 PacketIndicateHandler -> NDIS.sys @ 0xb9dfca21
 SendHandler -> NDIS.sys @ 0xb9dda87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Programme/Gemeinsame Dateien/Akamai/rswin_3746.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Programme/Gemeinsame Dateien/Akamai/rswin_3746.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\dokume~1\Mario\LOKALE~1\Temp\VFD12.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1336601894-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:59,8c,78,d6,6d,f1,f2,0f,ba,56,5c,d8,40,d4,dd,48,06,f9,fa,64,f4,05,c1,
  3f,1b,1a,1e,9a,74,a8,17,08,b4,5c,44,d0,07,78,53,5d,2d,3e,ab,69,9c,dd,45,a6,\
"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba

[HKEY_USERS\S-1-5-21-1844237615-1336601894-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:ee,9e,1b,ca,d4,15,f8,4e,8f,4e,e6,ae,55,3e,3c,dc,5d,03,ce,76,4b,
  0c,6d,8d,09,85,68,b0,5d,63,33,a6,36,86,7c,77,af,94,68,5e,ef,82,72,b1,86,2a,\
"rkeysecu"=hex:7a,50,8c,12,7e,34,57,8f,b2,d7,f1,76,1c,77,b1,93

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Zeit der Fertigstellung: 2010-09-10  15:32:37
ComboFix-quarantined-files.txt  2010-09-10 13:32

Vor Suchlauf: 14 Verzeichnis(se), 11.958.571.008 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.961.247.232 Bytes frei

- - End Of File - - FFDB312D2F1DB5E2D26CA78BECFB60F5
--- --- ---

cosinus 11.09.2010 11:34
Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus. VISTA-User: Rechtsklick => Ausführen als Admin!!
Wähle die Sprache deiner Wahl und anschließend die Option 1.
Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).

Mario81 11.09.2010 20:05
HTML-Code:
  --------------------\\  Lop S&D 4.2.5-0  XP/Vista

  Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
  X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ )
  BIOS : BIOS Date: 05/28/07 10:54:46 Ver: 08.00.12
  USER : Mario ( Administrator )
  BOOT : Normal boot
  Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
  Firewall  : ActiveArmor Firewall 1.0 (Not Activated)
  A:\ (USB)
  C:\ (Local Disk) - NTFS - Total:56 Go (Free:11 Go)
  D:\ (CD or DVD)
  E:\ (CD or DVD)
  F:\ (Local Disk) - NTFS - Total:88 Go (Free:65 Go)
  G:\ (Local Disk) - NTFS - Total:88 Go (Free:53 Go)

  "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
  Option : [1] ( 11.09.2010|21:00 )
 
  --------------------\\  Ordner Verzeichnis unter ANWEND~1

  [28.04.2010|20:23] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
  [28.04.2010|20:22] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}
  [28.04.2010|20:22] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
  [03.04.2010|09:54] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe
  [04.04.2010|21:34] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple
  [04.04.2010|21:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer
  [29.10.2008|19:21] C:\DOKUME~1\ALLUSE~1\ANWEND~1\avg8
  [27.03.2009|23:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Avira
  [24.11.2008|08:13] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AVS4YOU
  [12.02.2009|00:58] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Blizzard
  [07.03.2010|16:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\DAEMON Tools Lite
  [04.05.2010|00:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\DAEMON Tools Pro
  [20.05.2009|23:37] C:\DOKUME~1\ALLUSE~1\ANWEND~1\FLEXnet
  [04.04.2010|17:09] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
  [14.03.2009|17:04] C:\DOKUME~1\ALLUSE~1\ANWEND~1\ICQ
  [10.02.2010|16:28] C:\DOKUME~1\ALLUSE~1\ANWEND~1\id Software
  [30.09.2008|20:32] C:\DOKUME~1\ALLUSE~1\ANWEND~1\MAGIX
  [25.09.2008|10:54] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Malwarebytes
  [30.03.2010|16:29] C:\DOKUME~1\ALLUSE~1\ANWEND~1\McAfee
  [07.08.2010|14:58] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft
  [11.08.2010|11:56] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft Help
  [28.04.2010|19:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Native Instruments
  [27.01.2009|19:08] C:\DOKUME~1\ALLUSE~1\ANWEND~1\NexonEU
  [02.08.2008|01:36] C:\DOKUME~1\ALLUSE~1\ANWEND~1\NexonUS
  [30.03.2010|16:38] C:\DOKUME~1\ALLUSE~1\ANWEND~1\NOS
  [26.04.2008|18:07] C:\DOKUME~1\ALLUSE~1\ANWEND~1\OrbNetworks
  [07.03.2010|17:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle
  [07.03.2010|17:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle Studio Plus
  [07.01.2010|21:27] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle Studio Ultimate Collection
  [30.09.2008|20:55] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Screaming Bee
  [04.04.2010|15:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\SecTaskMan
  [25.07.2010|19:59] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype
  [05.04.2010|19:26] C:\DOKUME~1\ALLUSE~1\ANWEND~1\SolidDocuments
  [27.04.2010|22:07] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Sony
  [14.01.2009|23:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Sony Ericsson
  [04.04.2010|17:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
  [07.03.2010|17:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Studio 14
  [04.04.2010|17:07] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Sun
  [14.01.2009|23:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Teleca
  [23.08.2010|12:13] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP
  [16.05.2008|17:32] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software
  [21.02.2010|16:08] C:\DOKUME~1\ALLUSE~1\ANWEND~1\VideoConverter
  [14.04.2008|14:08] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
  [26.06.2008|00:46] C:\DOKUME~1\ALLUSE~1\ANWEND~1\WLInstaller
  [0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes
  [46|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei

  [12.04.2008|14:50] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft
  [0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes
  [3|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei

  [20.07.2008|08:12] C:\DOKUME~1\LOCALS~1\ANWEND~1\Adobe
  [29.10.2008|19:21] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft
  [0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes
  [4|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei

  [23.02.2010|16:41] C:\DOKUME~1\Mario\ANWEND~1\Adobe
  [19.01.2009|18:58] C:\DOKUME~1\Mario\ANWEND~1\Ahead
  [01.03.2010|12:55] C:\DOKUME~1\Mario\ANWEND~1\AnvSoft
  [27.02.2010|15:51] C:\DOKUME~1\Mario\ANWEND~1\Apple Computer
  [24.11.2008|08:13] C:\DOKUME~1\Mario\ANWEND~1\AVS4YOU
  [29.08.2008|21:28] C:\DOKUME~1\Mario\ANWEND~1\Azureus
  [20.05.2009|23:43] C:\DOKUME~1\Mario\ANWEND~1\com.adobe.ExMan
  [18.01.2009|01:28] C:\DOKUME~1\Mario\ANWEND~1\Cool Record Edit Pro
  [18.01.2009|20:59] C:\DOKUME~1\Mario\ANWEND~1\Cuttermaran
  [09.05.2008|00:24] C:\DOKUME~1\Mario\ANWEND~1\DAEMON Tools
  [07.03.2010|16:51] C:\DOKUME~1\Mario\ANWEND~1\DAEMON Tools Lite
  [04.05.2010|00:46] C:\DOKUME~1\Mario\ANWEND~1\DAEMON Tools Pro
  [27.04.2008|13:19] C:\DOKUME~1\Mario\ANWEND~1\DivX
  [21.02.2010|02:44] C:\DOKUME~1\Mario\ANWEND~1\Download Manager
  [17.06.2010|20:18] C:\DOKUME~1\Mario\ANWEND~1\DVDVideoSoftIEHelpers
  [02.01.2010|04:51] C:\DOKUME~1\Mario\ANWEND~1\FileZilla
  [22.04.2008|15:20] C:\DOKUME~1\Mario\ANWEND~1\FlashFXP
  [18.01.2009|01:20] C:\DOKUME~1\Mario\ANWEND~1\Free Sound Recorder
  [19.03.2010|03:01] C:\DOKUME~1\Mario\ANWEND~1\FreeAudioPack
  [02.05.2010|00:40] C:\DOKUME~1\Mario\ANWEND~1\FreeFLVConverter
  [01.03.2010|11:12] C:\DOKUME~1\Mario\ANWEND~1\FreeVideoConverter
  [21.04.2008|18:04] C:\DOKUME~1\Mario\ANWEND~1\Google
  [23.07.2010|14:09] C:\DOKUME~1\Mario\ANWEND~1\gtk-2.0
  [08.03.2009|18:55] C:\DOKUME~1\Mario\ANWEND~1\Hamachi
  [17.02.2010|17:46] C:\DOKUME~1\Mario\ANWEND~1\Haufe
  [08.03.2010|01:43] C:\DOKUME~1\Mario\ANWEND~1\Help
  [08.09.2010|13:57] C:\DOKUME~1\Mario\ANWEND~1\ICQ
  [21.04.2008|20:55] C:\DOKUME~1\Mario\ANWEND~1\ICQ Toolbar
  [10.02.2010|16:29] C:\DOKUME~1\Mario\ANWEND~1\id Software
  [12.04.2008|14:56] C:\DOKUME~1\Mario\ANWEND~1\Identities
  [22.04.2008|15:26] C:\DOKUME~1\Mario\ANWEND~1\Macromedia
  [28.09.2008|04:50] C:\DOKUME~1\Mario\ANWEND~1\MAGIX
  [25.09.2008|10:54] C:\DOKUME~1\Mario\ANWEND~1\Malwarebytes
  [07.03.2010|17:26] C:\DOKUME~1\Mario\ANWEND~1\Microsoft
  [04.04.2010|17:50] C:\DOKUME~1\Mario\ANWEND~1\mIRC
  [14.11.2008|02:35] C:\DOKUME~1\Mario\ANWEND~1\Mozilla
  [26.06.2008|00:40] C:\DOKUME~1\Mario\ANWEND~1\MSNInstaller
  [03.03.2009|05:36] C:\DOKUME~1\Mario\ANWEND~1\ProxyCap
  [24.08.2010|01:15] C:\DOKUME~1\Mario\ANWEND~1\Publish Providers
  [28.06.2008|13:41] C:\DOKUME~1\Mario\ANWEND~1\Real
  [31.05.2009|15:43] C:\DOKUME~1\Mario\ANWEND~1\Red Alert 3
  [30.09.2008|20:55] C:\DOKUME~1\Mario\ANWEND~1\Screaming Bee
  [19.03.2010|03:57] C:\DOKUME~1\Mario\ANWEND~1\Search Settings
  [08.05.2008|23:46] C:\DOKUME~1\Mario\ANWEND~1\SecuROM
  [10.09.2010|21:42] C:\DOKUME~1\Mario\ANWEND~1\Skype
  [10.09.2010|21:41] C:\DOKUME~1\Mario\ANWEND~1\skypePM
  [04.04.2010|18:01] C:\DOKUME~1\Mario\ANWEND~1\Software Informer
  [26.08.2010|00:19] C:\DOKUME~1\Mario\ANWEND~1\SolidDocuments
  [27.04.2010|22:09] C:\DOKUME~1\Mario\ANWEND~1\Sony
  [14.01.2009|23:18] C:\DOKUME~1\Mario\ANWEND~1\Sony Ericsson
  [16.07.2008|14:24] C:\DOKUME~1\Mario\ANWEND~1\Sun
  [09.06.2010|21:06] C:\DOKUME~1\Mario\ANWEND~1\teamspeak2
  [18.01.2010|16:47] C:\DOKUME~1\Mario\ANWEND~1\TeamViewer
  [16.01.2009|04:43] C:\DOKUME~1\Mario\ANWEND~1\Teleca
  [23.08.2010|11:30] C:\DOKUME~1\Mario\ANWEND~1\Toolbar4
  [02.09.2010|14:27] C:\DOKUME~1\Mario\ANWEND~1\TS3Client
  [16.05.2008|17:32] C:\DOKUME~1\Mario\ANWEND~1\TuneUp Software
  [04.04.2010|17:17] C:\DOKUME~1\Mario\ANWEND~1\Uniblue
  [24.03.2009|19:06] C:\DOKUME~1\Mario\ANWEND~1\uTorrent
  [17.07.2010|20:48] C:\DOKUME~1\Mario\ANWEND~1\Ventrilo
  [16.09.2008|15:54] C:\DOKUME~1\Mario\ANWEND~1\vlc
  [01.05.2010|22:03] C:\DOKUME~1\Mario\ANWEND~1\Winamp
  [28.03.2009|14:38] C:\DOKUME~1\Mario\ANWEND~1\WinRAR
  [20.01.2009|17:24] C:\DOKUME~1\Mario\ANWEND~1\WinSplit
  [03.03.2009|06:13] C:\DOKUME~1\Mario\ANWEND~1\WNR
  [0|Datei(en)] C:\DOKUME~1\Mario\ANWEND~1\Bytes
  [67|Verzeichnis(se),] C:\DOKUME~1\Mario\ANWEND~1\Bytes frei

  [29.10.2008|19:21] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft
  [0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes
  [3|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei

  [29.03.2009|14:07] C:\DOKUME~1\Spike\ANWEND~1\Identities
  [29.03.2009|14:07] C:\DOKUME~1\Spike\ANWEND~1\Microsoft
  [0|Datei(en)] C:\DOKUME~1\Spike\ANWEND~1\Bytes
  [4|Verzeichnis(se),] C:\DOKUME~1\Spike\ANWEND~1\Bytes frei
 
  --------------------\\  Geplante Aufgaben unter C:\WINDOWS\Tasks

  [11.09.2010 20:57][--ah-----] C:\WINDOWS\tasks\SA.DAT
  [04.08.2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

  --------------------\\  Ordner Verzeichnis unter C:\Programme

  [30.03.2010|16:35] C:\Programme\Adobe
  [20.05.2009|21:08] C:\Programme\Adobe Media Player
  [29.05.2009|12:00] C:\Programme\AGEIA Technologies
  [01.03.2010|11:57] C:\Programme\AliveMedia
  [27.10.2008|22:24] C:\Programme\Alwil Software
  [12.04.2008|15:06] C:\Programme\Analog Devices
  [01.03.2010|12:55] C:\Programme\AnvSoft
  [04.04.2010|21:34] C:\Programme\Apple Software Update
  [19.03.2010|03:01] C:\Programme\Application Updater
  [27.03.2009|23:41] C:\Programme\Avira
  [02.01.2010|05:08] C:\Programme\AVS4YOU
  [04.02.2010|11:41] C:\Programme\CD to MP3 Freeware
  [12.04.2008|14:47] C:\Programme\ComPlus Applications
  [29.03.2010|18:42] C:\Programme\data
  [12.04.2008|15:02] C:\Programme\DIFX
  [27.02.2010|17:27] C:\Programme\DivX
  [16.12.2009|22:54] C:\Programme\DivX Pro VFW
  [17.06.2010|20:20] C:\Programme\DVDVideoSoft
  [29.10.2008|19:14] C:\Programme\EA Games
  [07.11.2008|16:04] C:\Programme\Electronic Arts
  [02.09.2010|02:43] C:\Programme\ERUNT
  [26.08.2010|00:25] C:\Programme\FlashFXP
  [10.05.2008|21:10] C:\Programme\GameShadow
  [10.09.2010|15:28] C:\Programme\Gemeinsame Dateien
  [04.01.2009|01:58] C:\Programme\GIMP-2.0
  [04.04.2010|17:28] C:\Programme\Google
  [28.05.2008|23:43] C:\Programme\Hamachi
  [16.06.2010|16:12] C:\Programme\ICQ6.5
  [14.03.2009|17:04] C:\Programme\ICQ6Toolbar
  [19.08.2010|17:05] C:\Programme\InstallShield Installation Information
  [11.08.2010|11:53] C:\Programme\Internet Explorer
  [11.07.2008|00:41] C:\Programme\Invasion Interactive Ltd
  [03.05.2010|19:04] C:\Programme\Java
  [29.03.2010|18:42] C:\Programme\launcher
  [02.05.2010|20:56] C:\Programme\Leap Free Download YouTube Video Converter
  [22.04.2008|15:24] C:\Programme\Macromedia
  [25.09.2008|01:34] C:\Programme\Made on a PC
  [07.01.2010|18:40] C:\Programme\MagicDisc
  [28.03.2009|15:14] C:\Programme\Messenger
  [01.11.2009|16:17] C:\Programme\mfk
  [07.08.2010|15:03] C:\Programme\Microsoft
  [12.04.2008|14:53] C:\Programme\microsoft frontpage
  [12.10.2008|02:52] C:\Programme\Microsoft Office
  [13.04.2008|07:10] C:\Programme\Microsoft Visual Studio
  [12.10.2008|02:50] C:\Programme\Microsoft Visual Studio 8
  [01.11.2009|04:53] C:\Programme\Microsoft Works
  [12.10.2008|02:52] C:\Programme\Microsoft.NET
  [11.08.2010|11:51] C:\Programme\Movie Maker
  [01.09.2010|14:47] C:\Programme\Mozilla Firefox
  [28.03.2009|15:53] C:\Programme\MSBuild
  [12.04.2008|14:47] C:\Programme\MSN Gaming Zone
  [29.09.2008|04:17] C:\Programme\MSXML 4.0
  [28.04.2010|20:22] C:\Programme\Native Instruments
  [28.03.2009|15:09] C:\Programme\NetMeeting
  [23.08.2010|15:17] C:\Programme\NewBlue
  [14.10.2008|06:13] C:\Programme\NOS
  [12.04.2008|14:58] C:\Programme\NVIDIA Corporation
  [12.04.2008|14:47] C:\Programme\Online Services
  [12.04.2008|14:49] C:\Programme\Online-Dienste
  [12.05.2010|07:40] C:\Programme\Outlook Express
  [17.08.2008|17:41] C:\Programme\Outsim
  [04.03.2010|22:38] C:\Programme\Pinnacle
  [28.03.2009|15:53] C:\Programme\Reference Assemblies
  [31.05.2008|01:01] C:\Programme\RegCleaner
  [22.04.2008|15:56] C:\Programme\SHOUTcast
  [25.07.2010|19:59] C:\Programme\Skype
  [05.04.2010|19:26] C:\Programme\SolidDocuments
  [23.08.2010|15:18] C:\Programme\Sony
  [14.01.2009|23:17] C:\Programme\Sony Ericsson
  [04.04.2010|17:10] C:\Programme\Spybot - Search & Destroy
  [31.12.2009|01:53] C:\Programme\SystemRequirementsLab
  [14.04.2010|13:20] C:\Programme\TeamSpeak 3 Client
  [22.07.2010|14:51] C:\Programme\Teamspeak2_RC2
  [04.04.2010|15:03] C:\Programme\TeamViewer
  [25.09.2008|01:41] C:\Programme\Trend Micro
  [30.01.2010|06:19] C:\Programme\TuneUp Utilities 2007
  [16.09.2008|15:53] C:\Programme\VideoLAN
  [23.02.2010|19:20] C:\Programme\Winamp
  [23.02.2010|19:20] C:\Programme\Winamp Detect
  [07.08.2010|15:03] C:\Programme\Windows Live
  [07.08.2010|15:03] C:\Programme\Windows Live SkyDrive
  [20.07.2008|19:54] C:\Programme\Windows Media Connect 2
  [28.03.2009|15:09] C:\Programme\Windows Media Player
  [28.03.2009|15:09] C:\Programme\Windows NT
  [12.04.2008|14:49] C:\Programme\WindowsUpdate
  [05.04.2010|11:50] C:\Programme\WinRAR
  [12.04.2008|14:53] C:\Programme\xerox
  [0|Datei(en)] C:\Programme\Bytes
  [89|Verzeichnis(se),] C:\Programme\Bytes frei

  --------------------\\  Ordner Verzeichnis unter C:\Programme\Gemeinsame Dateien

  [30.03.2010|16:35] C:\Programme\Gemeinsame Dateien\Adobe
  [20.05.2009|21:06] C:\Programme\Gemeinsame Dateien\Adobe AIR
  [13.04.2008|08:17] C:\Programme\Gemeinsame Dateien\Ahead
  [11.09.2010|20:58] C:\Programme\Gemeinsame Dateien\Akamai
  [04.04.2010|21:34] C:\Programme\Gemeinsame Dateien\Apple
  [07.07.2009|10:52] C:\Programme\Gemeinsame Dateien\AVSMedia
  [12.10.2008|02:52] C:\Programme\Gemeinsame Dateien\DESIGNER
  [12.04.2008|14:48] C:\Programme\Gemeinsame Dateien\Dienste
  [15.11.2009|17:26] C:\Programme\Gemeinsame Dateien\DirectX
  [27.02.2010|17:27] C:\Programme\Gemeinsame Dateien\DivX Shared
  [06.08.2010|14:19] C:\Programme\Gemeinsame Dateien\DVDVideoSoft
  [23.08.2010|14:58] C:\Programme\Gemeinsame Dateien\eSellerate
  [22.04.2008|15:23] C:\Programme\Gemeinsame Dateien\InstallShield
  [04.04.2010|17:07] C:\Programme\Gemeinsame Dateien\Java
  [22.04.2008|15:24] C:\Programme\Gemeinsame Dateien\Macromedia
  [20.05.2009|21:03] C:\Programme\Gemeinsame Dateien\Macrovision Shared
  [01.11.2009|04:53] C:\Programme\Gemeinsame Dateien\Microsoft Shared
  [12.04.2008|14:48] C:\Programme\Gemeinsame Dateien\MSSoap
  [28.04.2010|19:58] C:\Programme\Gemeinsame Dateien\Native Instruments
  [12.04.2008|15:43] C:\Programme\Gemeinsame Dateien\ODBC
  [07.03.2010|17:20] C:\Programme\Gemeinsame Dateien\Pegasus Imaging
  [04.03.2010|22:43] C:\Programme\Gemeinsame Dateien\Pinnacle
  [28.06.2008|13:41] C:\Programme\Gemeinsame Dateien\Real
  [25.07.2010|19:59] C:\Programme\Gemeinsame Dateien\Skype
  [14.01.2009|23:17] C:\Programme\Gemeinsame Dateien\Sony Ericsson Shared
  [12.04.2008|15:43] C:\Programme\Gemeinsame Dateien\SpeechEngines
  [01.11.2009|04:52] C:\Programme\Gemeinsame Dateien\System
  [14.01.2009|23:17] C:\Programme\Gemeinsame Dateien\Teleca Shared
  [07.08.2010|14:59] C:\Programme\Gemeinsame Dateien\Windows Live
  [21.04.2008|12:48] C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller
  [17.07.2010|21:18] C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
  [07.03.2010|17:20] C:\Programme\Gemeinsame Dateien\Yahoo!
  [0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes
  [34|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei

  --------------------\\  Process

  ( 45 Processes )

  iexplore.exe ~ [PID:2456]
  iexplore.exe ~ [PID:2988]
  iexplore.exe ~ [PID:2780]

  --------------------\\  Ueberpruefung mit S_Lop

  Kein Lop Ordner gefunden !
 
  --------------------\\  Suche nach Lop Dateien - Ordnern

  C:\DOKUME~1\Mario\Cookies\mario@ero-advertising[1].txt
  C:\DOKUME~1\Mario\Cookies\mario@game-advertising-online[1].txt
  C:\DOKUME~1\Mario\Cookies\mario@partypoker[1].txt
 
  --------------------\\  Suche innerhalb der Registry
 
  ..... OK !

  --------------------\\  Ueberpruefung der Hosts Datei

  Hosts Datei SAUBER


  --------------------\\  Suche nach verborgenen Dateien mit Catchme
 
  catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
  Rootkit scan 2010-09-11 21:01:07
  Windows 5.1.2600 Service Pack 3 NTFS
  scanning hidden processes ...
  scanning hidden files ...
  scan completed successfully
  hidden processes: 0
  hidden files: 0
 
  --------------------\\  Suche nach anderen Infektionen

  --------------------\\  Cracks & Keygens ..

  [F:23][D:5]-> C:\DOKUME~1\Mario\LOKALE~1\Temp
  [F:381][D:0]-> C:\DOKUME~1\Mario\Cookies
  [F:4344][D:8]-> C:\DOKUME~1\Mario\LOKALE~1\TEMPOR~1\content.IE5

  1 - "C:\Lop SD\LopR_1.txt" - 11.09.2010|21:02 - Option : [1]

  --------------------\\  Scan beendet um 21:02:14

cosinus 12.09.2010 20:43
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Mario81 12.09.2010 21:36
OTL Logfile:
Code:
OTL logfile created on: 12.09.2010 22:29:31 - Run 1
OTL by OldTimer - Version 3.2.12.0    Folder = C:\Dokumente und Einstellungen\Mario\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 56,64 Gb Total Space | 11,66 Gb Free Space | 20,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 88,09 Gb Total Space | 65,99 Gb Free Space | 74,92% Space Free | Partition Type: NTFS
Drive G: | 88,16 Gb Total Space | 53,19 Gb Free Space | 60,34% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AMD6000
Current User Name: Mario
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Mario\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\teamspeak2\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Mario\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NIHardwareService) -- C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Akamai) -- C:/Programme/Gemeinsame Dateien/Akamai/rswin_3746.dll ()
SRV - (npkcmsvc) -- C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
SRV - (ForcewareWebInterface) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found
DRV - (XDva349) -- C:\WINDOWS\System32\XDva349.sys File not found
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys File not found
DRV - (GarenaPEngine) -- C:\DOKUME~1\Mario\LOKALE~1\Temp\VFD12.tmp File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\DOKUME~1\Mario\LOKALE~1\Temp\catchme.sys File not found
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (npkcrypt) -- C:\WINDOWS\system32\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\WINDOWS\system32\drivers\se44unic.sys (MCCI)
DRV - (se44obex) -- C:\WINDOWS\system32\drivers\se44obex.sys (MCCI)
DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\WINDOWS\system32\drivers\se44nd5.sys (MCCI)
DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se44mgmt.sys (MCCI)
DRV - (se44mdm) -- C:\WINDOWS\system32\drivers\se44mdm.sys (MCCI)
DRV - (se44mdfl) -- C:\WINDOWS\system32\drivers\se44mdfl.sys (MCCI)
DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\WINDOWS\system32\drivers\se44bus.sys (MCCI)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.11 01:47:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.25 13:30:27 | 000,000,000 | ---D | M]
 
[2008.11.14 02:35:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Extensions
[2010.08.28 17:05:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\extensions
[2009.09.26 09:51:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.17 20:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.01 20:10:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.28 17:05:39 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\searchplugins\icqplugin-1.xml
[2009.04.07 00:44:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\searchplugins\icqplugin-2.xml
[2009.04.26 16:22:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\searchplugins\icqplugin-3.xml
[2009.04.29 19:30:31 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\searchplugins\icqplugin-4.xml
[2009.06.12 13:38:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\searchplugins\icqplugin-5.xml
[2009.07.25 18:23:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\searchplugins\icqplugin-6.xml
[2009.08.13 14:31:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\searchplugins\icqplugin-7.xml
[2009.10.17 23:04:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\searchplugins\icqplugin-8.xml
[2009.03.01 14:02:44 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Mozilla\Firefox\Profiles\7l95x0th.default\searchplugins\icqplugin.xml
[2010.08.28 17:05:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.03.14 17:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.03 19:04:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.03.15 19:18:25 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.15 19:18:25 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.15 19:18:25 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.15 19:18:25 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.15 19:18:25 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.28 22:17:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Mario\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208174604234 (WUWebControl Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} hxxp://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208174678421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} hxxp://clubgames.pogo.com/online2/pogop/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab (NPKCX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mario\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mario\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.12 14:50:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.12 22:28:26 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mario\Desktop\OTL.exe
[2010.09.11 20:59:55 | 000,000,000 | ---D | C] -- C:\Lop SD
[2010.09.10 15:38:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.09.10 15:19:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.09.10 15:19:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.09.10 15:19:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.09.10 15:19:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.09.06 13:06:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen³
[2010.09.06 12:13:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Akamai
[2010.09.03 00:10:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.03 00:10:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.02 02:43:27 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.08.23 15:16:13 | 000,000,000 | ---D | C] -- C:\Programme\NewBlue
[2010.08.23 11:28:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\Toolbar4
[2010.08.18 22:13:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\eSellerate
[2010.03.29 18:41:35 | 000,299,304 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Programme\gameguard.des
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.12 22:28:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mario\Desktop\OTL.exe
[2010.09.12 22:01:09 | 000,127,919 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\noShow.JPG
[2010.09.12 20:54:27 | 000,084,080 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\321impact.zip
[2010.09.12 19:01:25 | 009,961,472 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\ntuser.dat
[2010.09.12 10:25:52 | 000,204,928 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.09.12 10:25:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.12 10:22:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.12 10:22:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.11 20:26:50 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Mario\ntuser.ini
[2010.09.11 14:06:37 | 001,078,680 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.11 14:06:37 | 000,462,662 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.09.11 14:06:37 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.11 14:06:37 | 000,085,534 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.09.11 14:06:37 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.10 17:10:26 | 000,049,682 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\page_05_03.jpg
[2010.09.10 15:31:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.09.09 15:32:50 | 000,054,197 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\your_cats_dance_better_than_you.jpg
[2010.09.08 23:22:05 | 000,189,733 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Shot00057.PNG
[2010.09.07 12:10:20 | 000,054,896 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\ScreenShot0907120930.PNG
[2010.09.06 16:31:01 | 000,609,429 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Super Secret.rar
[2010.09.06 16:18:04 | 000,000,569 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\BlackShot.lnk
[2010.09.06 13:06:49 | 000,000,550 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\LOCO.lnk
[2010.09.05 01:48:22 | 001,502,970 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\DogLegHumpPedoBear.gif
[2010.09.05 01:42:56 | 000,027,270 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\katze.jpg
[2010.09.05 01:42:22 | 000,011,080 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\hässlich.jpg
[2010.09.04 13:08:17 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.09.04 12:32:21 | 000,209,920 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.04 12:18:06 | 004,077,696 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Snow white Sky (After Effects Text Animation).mp3
[2010.09.04 11:42:55 | 006,152,320 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Frozen Plasma - Forgotten Earth [S.E.].mp3
[2010.09.03 00:18:55 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\defogger_reenable
[2010.09.02 02:43:35 | 000,000,749 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2010.09.02 00:11:56 | 009,855,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\TS3 Soundpack.rar
[2010.08.31 16:13:39 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI
[2010.08.31 16:00:54 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.30 10:44:40 | 000,199,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Eigene Dateien\ts3_clientui-win32-12040-2010-08-30 10_44_39.875000.dmp
[2010.08.28 22:17:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.27 03:04:26 | 000,127,280 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.08.26 10:00:23 | 002,261,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.26 00:24:59 | 000,002,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Eigene Dateien\news.htm
[2010.08.25 14:01:11 | 000,000,359 | ---- | M] () -- C:\WINDOWS\CleaningLab.INI
[2010.08.23 12:30:04 | 000,000,437 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Fraps.lnk
[2010.08.17 14:05:12 | 000,012,433 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Eigene Dateien\member.htm
[2010.08.17 13:44:16 | 000,001,145 | ---- | M] () -- C:\Dokumente und Einstellungen\Mario\Eigene Dateien\conatct.htm
 
========== Files Created - No Company Name ==========
 
[2010.09.12 22:01:09 | 000,127,919 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\noShow.JPG
[2010.09.12 20:54:26 | 000,084,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\321impact.zip
[2010.09.12 16:26:58 | 000,049,682 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\page_05_03.jpg
[2010.09.10 15:19:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.09.10 15:19:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.09.10 15:19:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.09.09 15:33:10 | 000,054,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\your_cats_dance_better_than_you.jpg
[2010.09.08 23:19:07 | 000,189,733 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Shot00057.PNG
[2010.09.07 12:10:20 | 000,054,896 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\ScreenShot0907120930.PNG
[2010.09.06 16:30:58 | 000,609,429 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Super Secret.rar
[2010.09.06 16:18:04 | 000,000,569 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\BlackShot.lnk
[2010.09.06 13:06:48 | 000,000,550 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\LOCO.lnk
[2010.09.05 01:48:47 | 001,502,970 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\DogLegHumpPedoBear.gif
[2010.09.05 01:44:34 | 000,011,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\hässlich.jpg
[2010.09.05 01:43:59 | 000,027,270 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\katze.jpg
[2010.09.04 12:17:46 | 004,077,696 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Snow white Sky (After Effects Text Animation).mp3
[2010.09.04 11:42:32 | 006,152,320 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Frozen Plasma - Forgotten Earth [S.E.].mp3
[2010.09.03 00:18:55 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\defogger_reenable
[2010.09.02 02:43:35 | 000,000,749 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2010.09.02 00:11:42 | 009,855,333 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\TS3 Soundpack.rar
[2010.08.31 16:00:50 | 000,001,917 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.08.30 10:44:39 | 000,199,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Eigene Dateien\ts3_clientui-win32-12040-2010-08-30 10_44_39.875000.dmp
[2010.08.23 12:30:04 | 000,000,437 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Desktop\Fraps.lnk
[2010.07.24 12:47:35 | 000,528,760 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.05.04 01:09:02 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.05.04 01:09:02 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.05.04 01:09:02 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010.03.29 18:41:35 | 001,860,480 | ---- | C] () -- C:\Programme\cabalmain.exe
[2010.03.29 18:41:35 | 001,349,455 | ---- | C] () -- C:\Programme\unins000.exe
[2010.03.29 18:41:35 | 000,092,783 | ---- | C] () -- C:\Programme\unins000.dat
[2010.03.29 18:41:35 | 000,003,428 | ---- | C] () -- C:\Programme\xdata.enc
[2010.02.17 17:52:30 | 000,000,153 | ---- | C] () -- C:\WINDOWS\abfindungsrechner.INI
[2010.02.02 19:10:40 | 000,000,126 | ---- | C] () -- C:\WINDOWS\magix.ini
[2010.01.17 10:02:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VIDEOD~1.INI
[2009.12.16 22:54:52 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.10.23 22:13:00 | 000,000,492 | ---- | C] () -- C:\WINDOWS\PT2Key-eng.ini
[2009.06.10 04:46:41 | 000,000,075 | ---- | C] () -- C:\WINDOWS\PT2Key-ger.ini
[2009.03.28 01:59:21 | 000,000,040 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ra3.ini
[2009.01.18 21:11:40 | 000,001,091 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2009.01.18 20:59:52 | 000,001,250 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini
[2009.01.16 15:56:46 | 001,015,808 | ---- | C] () -- C:\WINDOWS\System32\MPEG4Evfw.dll
[2008.12.21 02:53:40 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2008.12.17 17:43:46 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.09.28 04:50:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2008.09.28 04:49:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2008.09.28 04:48:55 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008.09.28 04:47:53 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.08.16 05:51:28 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2008.06.12 15:33:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2008.05.17 20:51:58 | 000,000,359 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2008.05.13 21:24:01 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.05.12 20:55:12 | 000,000,316 | ---- | C] () -- C:\WINDOWS\game.ini
[2008.04.27 11:47:27 | 000,209,920 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.27 04:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CLEANI~1.INI
[2008.04.22 17:30:43 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Anwendungsdaten\PnkBstrK.sys
[2008.04.21 15:15:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.04.14 14:54:08 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Mario\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.04.13 08:06:16 | 000,000,508 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2008.04.13 07:13:41 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2008.04.13 07:11:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.04.12 14:57:42 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008.04.12 14:57:42 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008.04.12 14:57:28 | 000,014,129 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008.04.12 14:57:20 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.04.12 14:57:19 | 000,013,881 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.04.12 14:57:11 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.04.12 14:52:47 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.02.08 18:20:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\winOGL.dll
[2007.09.17 01:07:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.09.17 01:07:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.09.17 01:07:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.09.17 01:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.09.17 01:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.06.27 17:13:51 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 498 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 152 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 12.09.2010 22:29:31 - Run 1
OTL by OldTimer - Version 3.2.12.0    Folder = C:\Dokumente und Einstellungen\Mario\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 56,64 Gb Total Space | 11,66 Gb Free Space | 20,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 88,09 Gb Total Space | 65,99 Gb Free Space | 74,92% Space Free | Partition Type: NTFS
Drive G: | 88,16 Gb Total Space | 53,19 Gb Free Space | 60,34% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AMD6000
Current User Name: Mario
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"28910:TCP" = 28910:TCP:*:Enabled:c&c
"29900:TCP" = 29900:TCP:*:Enabled:c&c
"29920:TCP" = 29920:TCP:*:Enabled:c&c
"4321:UDP" = 4321:UDP:*:Enabled:c&c
"27900:UDP" = 27900:UDP:*:Enabled:c&c
"26000:UDP" = 26000:UDP:*:Enabled:empire
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"59066:TCP" = 59066:TCP:*:Enabled:Pando Media Booster
"59066:UDP" = 59066:UDP:*:Enabled:Pando Media Booster
"12000:UDP" = 12000:UDP:*:Enabled:Blackshot
"10002:UDP" = 10002:UDP:*:Enabled:Blackshot
"10005:UDP" = 10005:UDP:*:Enabled:Blackshot
"12000:TCP" = 12000:TCP:*:Enabled:Blackshot
"30001:TCP" = 30001:TCP:*:Enabled:Blackshot
"23:TCP" = 23:TCP:*:Enabled:Blackshot
"1033:TCP" = 1033:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\FlashFXP\FlashFXP.exe" = C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"G:\Programme\combatarms\Combat Arms\CombatArms.exe" = G:\Programme\combatarms\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"G:\Programme\combatarms\Combat Arms\Engine.exe" = G:\Programme\combatarms\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"G:\combatARMS\Combat Arms EU\CombatArms.exe" = G:\combatARMS\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"G:\combatARMS\Combat Arms EU\Engine.exe" = G:\combatARMS\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\FlashFXP\FlashFXP.exe" = C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Hamachi\hamachi.exe" = C:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Programme\EA Games\Command and Conquer Generäle\game.dat" = C:\Programme\EA Games\Command and Conquer Generäle\game.dat:*:Enabled:game -- ()
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.3.game" = C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.3.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.4.game" = C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.4.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"F:\Programme\Nero 7\Nero Home\NeroHome.exe" = F:\Programme\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.5.game" = C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.5.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.6.game" = C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.6.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"C:\Dokumente und Einstellungen\Mario\Desktop\leecher.exe" = C:\Dokumente und Einstellungen\Mario\Desktop\leecher.exe:*:Enabled:SBF Loader -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.7.game" = C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.7.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.8.game" = C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.8.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"G:\Metin2\metin2.bin" = G:\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.9.game" = C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.9.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.10.game" = C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.10.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.11.game" = C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.11.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.12.game" = C:\Programme\Electronic Arts\Alarmstufe Rot 3\Data\ra3_1.12.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"G:\BLACK_SHOOT\BlackShot\Blackshot\system\BlackShot.exe" = G:\BLACK_SHOOT\BlackShot\Blackshot\system\BlackShot.exe:*:Enabled:BlackShot -- (Vertigo Games)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"G:\Metin2\metin2client.bin" = G:\Metin2\metin2client.bin:*:Enabled:metin2client -- ()
"C:\Programme\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe" = C:\Programme\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS4 -- (Adobe Systems Incorporated)
"F:\PINNACLE STUDIO 14\Programs\RM.exe" = F:\PINNACLE STUDIO 14\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"F:\PINNACLE STUDIO 14\Programs\Studio.exe" = F:\PINNACLE STUDIO 14\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"F:\PINNACLE STUDIO 14\Programs\umi.exe" = F:\PINNACLE STUDIO 14\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"G:\eFusion\BlackShot\system\BlackShot.exe" = G:\eFusion\BlackShot\system\BlackShot.exe:*:Enabled:BlackShot -- (Vertigo Games)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"G:\Alaplaya\LOCO\System\LOCO.exe" = G:\Alaplaya\LOCO\System\LOCO.exe:*:Enabled:LOCO -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"Akamai" = Akamai NetSession Interface
"BlackShot" = BlackShot Á¦°Å
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"LOCO" = LOCO EU
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NewBlue Art Blends 2.0 for Vegas" = NewBlue Art Blends 2.0 for Vegas
"NewBlue Art Effects 2.0 for Vegas" = NewBlue Art Effects 2.0 for Vegas
"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas
"NewBlue Motion Blends 2.0 for Vegas" = NewBlue Motion Blends 2.0 for Vegas
"NewBlue Motion Effects 2.0 for Vegas" = NewBlue Motion Effects 2.0 for Vegas
"NewBlue Video Essentials 1.0 for Windows" = NewBlue Video Essentials 1.0 for Windows
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.09.2010 18:30:00 | Computer Name = AMD6000 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.11.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.09.2010 18:54:46 | Computer Name = AMD6000 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes
 Modul fmodex.dll, Version 0.4.31.2, Fehleradresse 0x0007fb8c.
 
Error - 04.09.2010 05:52:16 | Computer Name = AMD6000 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung moviemk.exe, Version 2.1.4028.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 04.09.2010 15:17:41 | Computer Name = AMD6000 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.09.2010 09:55:21 | Computer Name = AMD6000 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Patcher.exe, Version 1.1.2.33, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 08.09.2010 10:22:24 | Computer Name = AMD6000 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Patcher.exe, Version 1.1.2.33, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 09.09.2010 03:28:32 | Computer Name = AMD6000 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung javaw.exe, Version 6.0.200.2, fehlgeschlagenes
 Modul java.dll, Version 6.0.200.2, Fehleradresse 0x00005875.
 
Error - 09.09.2010 17:22:53 | Computer Name = AMD6000 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 10.09.2010 11:23:16 | Computer Name = AMD6000 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung gimp-2.6.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 10.09.2010 15:20:02 | Computer Name = AMD6000 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung blackshot.exe, Version 0.0.3.113, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
[ OSession Events ]
Error - 28.06.2009 05:30:50 | Computer Name = AMD6000 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.06.2009 05:31:02 | Computer Name = AMD6000 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.06.2009 05:31:11 | Computer Name = AMD6000 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.06.2009 05:31:23 | Computer Name = AMD6000 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.06.2009 05:31:38 | Computer Name = AMD6000 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.09.2010 12:44:19 | Computer Name = AMD6000 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 08.09.2010 02:02:41 | Computer Name = AMD6000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NIHardwareService" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 08.09.2010 07:53:00 | Computer Name = AMD6000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NIHardwareService" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 08.09.2010 13:03:22 | Computer Name = AMD6000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NIHardwareService" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 10.09.2010 05:10:44 | Computer Name = AMD6000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NIHardwareService" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 10.09.2010 09:24:10 | Computer Name = AMD6000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NIHardwareService" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 10.09.2010 09:38:42 | Computer Name = AMD6000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NIHardwareService" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 11.09.2010 08:02:35 | Computer Name = AMD6000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NIHardwareService" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 11.09.2010 14:58:28 | Computer Name = AMD6000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NIHardwareService" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 12.09.2010 04:23:56 | Computer Name = AMD6000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NIHardwareService" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
 
< End of report >
--- --- ---

cosinus 13.09.2010 09:48
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found
DRV - (XDva349) -- C:\WINDOWS\System32\XDva349.sys File not found
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys File not found
DRV - (GarenaPEngine) -- C:\DOKUME~1\Mario\LOKALE~1\Temp\VFD12.tmp File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
@Alternate Data Stream - 498 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 152 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Mario81 13.09.2010 12:12
Hallo.
Danke für die schnelle Antwort. Hier der log:
HTML-Code:
All processes killed
========== OTL ==========
Service XDva359 stopped successfully!
Service XDva359 deleted successfully!
File  C:\WINDOWS\System32\XDva359.sys File not found not found.
Service XDva349 stopped successfully!
Service XDva349 deleted successfully!
File  C:\WINDOWS\System32\XDva349.sys File not found not found.
Service SCREAMINGBDRIVER stopped successfully!
Service SCREAMINGBDRIVER deleted successfully!
File  C:\WINDOWS\System32\drivers\ScreamingBAudio.sys File not found not found.
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
File  C:\DOKUME~1\Mario\LOKALE~1\Temp\VFD12.tmp File not found not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File  C:\WINDOWS\System32\drivers\EagleNT.sys File not found not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=867034" removed from browser.search.param.yahoo-fr
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Mario
->Temp folder emptied: 8820789 bytes
->Temporary Internet Files folder emptied: 377680905 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 7188 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Spike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
RecycleBin emptied: 1532751 bytes
 
Total Files Cleaned = 370,00 mb
 
 
OTL by OldTimer - Version 3.2.12.0 log created on 09132010_130826

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_84.dat not found!

Registry entries deleted on Reboot...

cosinus 13.09.2010 13:37
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Mario81 13.09.2010 17:22
Hallo.
der GMER hat sich 2x aufgehangen und musste den computer neu starten.
hier die anderen 2 logs:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:17:51 on 13.09.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal – Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - F:\Programme\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - F:\QUICKTIME\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Mario\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Driver for MagicISO SCSI Host Controller" (mcdbus) - "MagicISO, Inc." - C:\WINDOWS\System32\DRIVERS\mcdbus.sys
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"npkcrypt" (npkcrypt) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npkcrypt.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys
"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x.a)" (sfdrv01a) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01a.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys
"TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - F:\PINNACLE STUDIO 14\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} "CPlayFirstddfotgControl Object" - "PlayFirst, Inc." - C:\WINDOWS\Downloaded Program Files\ddfotg.1.0.0.33.dll / hxxp://clubgames.pogo.com/online2/pogop/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} "GameLauncher Control" - "Acclaim Game Launcher" - C:\WINDOWS\DOWNLO~1\GAMELA~1.OCX / hxxp://www.acclaim.com/cabs/acclaim_v5.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} "NPKCX Control" - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npkcx.ocx / hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
{1E54D648-B804-468d-BC78-4AFFED8E262E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_srl.dll / hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
{33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? -  (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{40F576AD-8680-4F9E-9490-99D069CD665F} "{40F576AD-8680-4F9E-9490-99D069CD665F}" - ? -  (File not found | COM-object registry key not found) / hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} "{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}" - ? -  (File not found | COM-object registry key not found) / hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{E5A1691B-D188-4419-AD02-90002030B8EE} "FlashFXP Helper for Internet Explorer" - "IniCom Networks, Inc." - C:\Programme\FlashFXP\IEFlash.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"ERUNT AutoBackup.lnk" - ? - C:\Programme\ERUNT\AUTOBACK.EXE  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Akamai NetSession Interface" (Akamai) - ? - C:\Programme\Gemeinsame Dateien\Akamai\rswin_3746.dll  (File found, but it contains no detailed information)
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Programme\Application Updater\ApplicationUpdater.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"ForceWare IP service" (nSvcIp) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
"ForceWare user log service" (nSvcLog) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
"Forceware Web Interface" (ForcewareWebInterface) - "Apache Software Foundation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"NIHardwareService" (NIHardwareService) - ? - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe  (File not found)
"npkcmsvc" (npkcmsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npkcmsvc.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/HTML]

HTML-Code:
.\debug.cpp(238) : Debug log started at 13.09.2010 - 16:19:44
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f78000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f67000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xb9f54000 0x00013000 "sfsync04.sys"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0b8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f35000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba5ac000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb9f0f000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9ef7000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xb9edd000 0x0001a000 "nvata.sys"
.\debug.cpp(256) : 0xba0d8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9ebd000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9eab000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba0f8000 0x0000a000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb9e94000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9e07000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9dda000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba338000 0x00008000 "sfhlp02.sys"
.\debug.cpp(256) : 0xb9dc6000 0x00014000 "sfdrv01a.sys"
.\debug.cpp(256) : 0xb9dac000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba288000 0x00010000 "\SystemRoot\system32\DRIVERS\AmdK8.sys"
.\debug.cpp(256) : 0xba3a0000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0xb9717000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xba5e6000 0x00002000 "\SystemRoot\system32\DRIVERS\ASACPI.sys"
.\debug.cpp(256) : 0xba2c8000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xba3a8000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba3b0000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba2d8000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xb9d74000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xba3b8000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xb96f3000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba3c0000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb96cb000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xba2e8000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba2f8000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba308000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb96a8000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba318000 0x0000a000 "\SystemRoot\system32\DRIVERS\nvnetbus.sys"
.\debug.cpp(256) : 0xb958c000 0x0011c000 "\SystemRoot\system32\DRIVERS\NVNRM.SYS"
.\debug.cpp(256) : 0xb8f87000 0x00605000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xb8f73000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xba6a0000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba138000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb9d68000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb8f5c000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba148000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba158000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba3c8000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb8f4b000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba168000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba3d0000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba3d8000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xba3e0000 0x00005000 "\SystemRoot\system32\DRIVERS\hamachi.sys"
.\debug.cpp(256) : 0xb8f1b000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xba178000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5e8000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb8e1d000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xb973b000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xb8def000 0x0002e000 "\SystemRoot\system32\DRIVERS\MarvinBus.sys"
.\debug.cpp(256) : 0xba1a8000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xba1b8000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xba5f0000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba1c8000 0x0000f000 "\SystemRoot\system32\DRIVERS\NVENETFD.sys"
.\debug.cpp(256) : 0xb5626000 0x0004c000 "\SystemRoot\system32\drivers\ADIHdAud.sys"
.\debug.cpp(256) : 0xb5602000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba1e8000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb55eb000 0x00017000 "\SystemRoot\system32\drivers\AEAudio.sys"
.\debug.cpp(256) : 0xb558b000 0x00060000 "\SystemRoot\system32\drivers\Senfilt.sys"
.\debug.cpp(256) : 0xba3e8000 0x00005000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0xba61c000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba7bc000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba61e000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba438000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba620000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba622000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba440000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba448000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xb63ff000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xb5558000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xb54ff000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xb54d7000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xb54b1000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb548f000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xba238000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xba248000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xba450000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xb543c000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xba7d1000 0x00001000 "\SystemRoot\System32\Drivers\PQNTDrv.SYS"
.\debug.cpp(256) : 0xb53cc000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xba268000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xb5310000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xba626000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xba2a8000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xb52f6000 0x0001a000 "\SystemRoot\System32\Drivers\dump_nvata.sys"
.\debug.cpp(256) : 0xba636000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xba57c000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba468000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba6a4000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x005e7000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xb4fa2000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xb4fca000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xb4d1d000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xb4ce0000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xb4db2000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xba62e000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xb4891000 0x00011000 "\SystemRoot\System32\Drivers\adfs.SYS"
.\debug.cpp(256) : 0xb47ea000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb3492000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0xb3377000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :  Destination "\Device\Ndis"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03EF&SUBSYS_82341043&REV_A2#3&267a616a&0&38#{c4f6eed3-1c5e-4f43-a768-83ecba42fcc1}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) :  Destination "\Device\NvAta1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :  Destination "\Device\Video0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S202J________________SB00____#5&468f06&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP0T0L0-4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :  Destination "\Device\Video1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000032"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) :  Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{54c6ca10-089b-11dd-924d-806d6172696f}"
.\debug.cpp(400) :  Destination "\Device\Floppy0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0a016fd3-0894-11dd-a492-001d608d0c1d}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) :  Destination "\Device\Ip"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :  Destination "\Device\Video2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :  Destination "\Device\CdRom1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) :  Destination "\Device\IPSEC"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) :  Destination "\Device\avgio"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :  Destination "\Device\Video3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000031"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) :  Destination "\Device\ATKACPI"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) :  Destination "\Device\NDProxy"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) :  Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) :  Destination "\Device\ParallelVdm0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) :  Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03F2&SUBSYS_82341043&REV_A2#3&267a616a&0&11#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :  Destination "\Device\WMIDataDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTOSHIBA_DVD-ROM_SD-M1402________________1008____#3032303030303930333220202020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP0T1L0-c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1988&SUBSYS_10438241&REV_1004#4&3b7a57e1&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :  Destination "\Device\00000071"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HDP725025GLA380_________________GM2OA52A#2020202020204547324B3133425233314B524154#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\0000006c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) :  Destination "\Device\Serial0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&6dab40&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HamachiTap.0001"
.\debug.cpp(400) :  Destination "\Device\HamachiTap.0001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureC8D9C8D9Offset7E00LengthE29044600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1988&SUBSYS_10438241&REV_1004#4&3b7a57e1&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000071"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#4&38d79619&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) :  Destination "\Device\0000005e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :  Destination "\Device\NamedPipe"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureC8D9C8D9OffsetE2904C400Length16058E5600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :  Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&38d79619&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000063"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfhlp02i"
.\debug.cpp(400) :  Destination "\Device\sfhlp02i"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) :  Destination "\Device\PSched"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :  Destination "\Device\Mup"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) :  Destination "\Device\IPNAT"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{34391ADD-EC00-4316-AAA6-D4A7AA7C9902}"
.\debug.cpp(400) :  Destination "\Device\{34391ADD-EC00-4316-AAA6-D4A7AA7C9902}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :  Destination "\Device\USBFDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F03#4&38d79619&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :  Destination "\Device\Tcp"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1988&SUBSYS_10438241&REV_1004#4&3b7a57e1&0&0001#{56907941-3afe-11d4-ae2c-00a0cc242d2c}"
.\debug.cpp(400) :  Destination "\Device\00000071"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{54c6ca12-089b-11dd-924d-806d6172696f}"
.\debug.cpp(400) :  Destination "\Device\CdRom1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :  Destination "\Device\VideoPdo0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :  Destination "\Device\USBFDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfsync04i"
.\debug.cpp(400) :  Destination "\Device\sfsync04i"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{54c6ca14-089b-11dd-924d-806d6172696f}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :  Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S202J________________SB00____#5&468f06&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP0T0L0-4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :  Destination "\DosDevices\LPT1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000035"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) :  Destination "\Device\sysaudio"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :  Destination "\Device\FsWrap"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000034"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfdrv01a"
.\debug.cpp(400) :  Destination "\Device\sfdrv01a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) :  Destination "\Device\CdRom1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_SH-S202J________________SB00____#5&468f06&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP0T0L0-4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D99FC392-217E-4F49-9B20-2805E7F04D7C}"
.\debug.cpp(400) :  Destination "\Device\{D99FC392-217E-4F49-9B20-2805E7F04D7C}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000047"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000046"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :  Destination "\GLOBAL??"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTOSHIBA_DVD-ROM_SD-M1402________________1008____#3032303030303930333220202020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP0T1L0-c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\00000066"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) :  Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :  Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9C12768A-AEDF-4DB6-AE92-63F8C3A48CEE}"
.\debug.cpp(400) :  Destination "\Device\{9C12768A-AEDF-4DB6-AE92-63F8C3A48CEE}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_67#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000042"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000038"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0a016fd2-0894-11dd-a492-001d608d0c1d}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :  Destination "\Device\00000066"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DsdaFilter"
.\debug.cpp(400) :  Destination "\Device\DsdaFilter"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F658BA8A-302B-44FD-9941-3CEE37EE9D16}"
.\debug.cpp(400) :  Destination "\Device\{F658BA8A-302B-44FD-9941-3CEE37EE9D16}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :  Destination "\Device\MountPointManager"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&36946ff3&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\FloppyPDO0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1988&SUBSYS_10438241&REV_1004#4&3b7a57e1&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000071"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :  Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) :  Destination "\Device\ssmctl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000030"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_67#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000043"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) :  Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) :  Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :  Destination "\Device\WANARP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfhlp02"
.\debug.cpp(400) :  Destination "\Device\sfhlp02"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000003"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) :  Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfsync04"
.\debug.cpp(400) :  Destination "\Device\sfsync04"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) :  Destination "\Device\Floppy0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3752ae38&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03F1&SUBSYS_82341043&REV_A2#3&267a616a&0&10#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :  Destination "\Device\NdisWanIp"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{54c6ca11-089b-11dd-924d-806d6172696f}"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) :  Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ADVirtualDiskDevice"
.\debug.cpp(400) :  Destination "\Device\ADVirtualDisk\Control"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1988&SUBSYS_10438241&REV_1004#4&3b7a57e1&0&0001#{a8bdfc47-9b46-4bc3-97ea-7d092a5c1b72}"
.\debug.cpp(400) :  Destination "\Device\00000071"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1988&SUBSYS_10438241&REV_1004#4&3b7a57e1&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000071"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&38d79619&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000063"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1a3e09be-1e45-494b-9174-d7385b45bbf5}#NVNET_DEV03ef#4&4641892&0&00#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000006f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0402&SUBSYS_00000000&REV_A1#4&52edc45&0&0048#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1988&SUBSYS_10438241&REV_1004#4&3b7a57e1&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :  Destination "\Device\00000071"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000033"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2B53F76C-0FF0-482B-B179-E99FEF1BE576}"
.\debug.cpp(400) :  Destination "\Device\{2B53F76C-0FF0-482B-B179-E99FEF1BE576}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) :  Destination "\Device\ParTechInc0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfdrv01ai"
.\debug.cpp(400) :  Destination "\Device\sfdrv01ai"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) :  Destination "\Device\NdisTapi"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :  Destination "\Device\NdisWan"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) :  Destination "\Device\IPMULTICAST"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) :  Destination "\Device\Parallel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8339F690-7F66-443E-B492-B4F9B4CD1CA1}"
.\debug.cpp(400) :  Destination "\Device\{8339F690-7F66-443E-B492-B4F9B4CD1CA1}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) :  Destination "\Device\ParTechInc1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) :  Destination "\Device\DmLoader"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) :  Destination "\Device\LanmanRedirector"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0003#{7856f5dd-4d85-43c7-a365-669a03011f40}"
.\debug.cpp(400) :  Destination "\Device\0000003f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) :  Destination "\Device\ParTechInc2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :  Destination "\Device\FtControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureC8D9C8D9Offset242E931A00Length1609F7E800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :  Destination "\Device\MailSlot"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :  Destination "\DosDevices\COM1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PQNTDRV"
.\debug.cpp(400) :  Destination "\Device\PQNTDRV"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&25fc56af&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) :  Destination "\Device\Parallel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :  Destination "\Device\Null"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :  Destination ""
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :  Destination "\Device\Ndisuio"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000003b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) :  Destination "\Device\NvAta0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{32D0FBAF-0837-4598-9C76-D93158E65FBE}"
.\debug.cpp(400) :  Destination "\Device\{32D0FBAF-0837-4598-9C76-D93158E65FBE}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000003a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F88698C5-C0FE-4573-B27E-784F6AF0EEB5}"
.\debug.cpp(400) :  Destination "\Device\{F88698C5-C0FE-4573-B27E-784F6AF0EEB5}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) :  Destination "\Device\avipbb"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) :  Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) :  --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1062) :  --------------------------------------------
.\boot_cleaner.cpp(1106) :    232 GB  \\.\PhysicalDrive0  Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;

cosinus 13.09.2010 20:00
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Mario81 13.09.2010 21:13
PHP-Code:
MBRCheckversion 1.2.3
(c2010AD

Command-line:            
Windows Version:        Windows XP Professional
Windows Information:        Service Pack 3 (build 2600)
Logical Drives Mask:        0x0000007d

Kernel Drivers (total 124):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
  0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
  0xB9F78000 ACPI.sys
  0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB9F67000 pci.sys
  0xBA0A8000 isapnp.sys
  0xB9F54000 sfsync04.sys
  0xBA670000 pciide.sys
  0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xBA0B8000 MountMgr.sys
  0xB9F35000 ftdisk.sys
  0xBA5AC000 dmload.sys
  0xB9F0F000 dmio.sys
  0xBA330000 PartMgr.sys
  0xBA0C8000 VolSnap.sys
  0xB9EF7000 atapi.sys
  0xB9EDD000 nvata.sys
  0xBA0D8000 disk.sys
  0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB9EBD000 fltmgr.sys
  0xB9EAB000 sr.sys
  0xBA0F8000 PxHelp20.sys
  0xB9E94000 KSecDD.sys
  0xB9E07000 Ntfs.sys
  0xB9DDA000 NDIS.sys
  0xBA338000 sfhlp02.sys
  0xB9DC6000 sfdrv01a.sys
  0xB9DAC000 Mup.sys
  0xBA288000 \SystemRoot\system32\DRIVERS\AmdK8.sys
  0xBA3A0000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xB9717000 \SystemRoot\system32\DRIVERS\parport.sys
  0xBA5E6000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0xBA2C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xBA3A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xBA3B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xBA2D8000 \SystemRoot\system32\DRIVERS\serial.sys
  0xB9D74000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xBA3B8000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xB96F3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xBA3C0000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB96CB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xBA2E8000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xBA2F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xBA308000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB96A8000 \SystemRoot\system32\DRIVERS\ks.sys
  0xBA318000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
  0xB958C000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
  0xB8F87000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB8F73000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xBA6A0000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xBA138000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB9D68000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB8F5C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xBA148000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xBA158000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xBA3C8000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB8F4B000 \SystemRoot\system32\DRIVERS\psched.sys
  0xBA168000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xBA3D0000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xBA3D8000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xBA3E0000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0xB8F1B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xBA5E8000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB8E1D000 \SystemRoot\system32\DRIVERS\update.sys
  0xB973B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB8DEF000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
  0xBA1A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xBA1B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xBA5F0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xBA1C8000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
  0xB5626000 \SystemRoot\system32\drivers\ADIHdAud.sys
  0xB5602000 \SystemRoot\system32\drivers\portcls.sys
  0xBA1E8000 \SystemRoot\system32\drivers\drmk.sys
  0xB55EB000 \SystemRoot\system32\drivers\AEAudio.sys
  0xB558B000 \SystemRoot\system32\drivers\Senfilt.sys
  0xBA3E8000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xBA61C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xBA7BC000 \SystemRoot\System32\Drivers\Null.SYS
  0xBA61E000 \SystemRoot\System32\Drivers\Beep.SYS
  0xBA438000 \SystemRoot\System32\drivers\vga.sys
  0xBA620000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xBA622000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xBA448000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB63FF000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xB5558000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xB54FF000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xB54D7000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB54B1000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xB548F000 \SystemRoot\System32\drivers\afd.sys
  0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xBA248000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xBA450000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xB543C000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xBA7D1000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
  0xB53CC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xBA268000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB5310000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xBA626000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xBA2A8000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB52F6000 \SystemRoot\System32\Drivers\dump_nvata.sys
  0xBA636000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xBA57C000 \SystemRoot\System32\drivers\Dxapi.sys
  0xBA468000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xBA6A4000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xB4FA2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xB4FCA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB4D1D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB4CE0000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB4DB2000 \SystemRoot\system32\drivers\sysaudio.sys
  0xBA62E000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xB4891000 \SystemRoot\System32\Drivers\adfs.SYS
  0xB47EA000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB3492000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xB3377000 \SystemRoot\system32\drivers\kmixer.sys
  0xBA5DA000 \SystemRoot\system32\drivers\splitter.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
       0 System Idle Process
       4 System
     664 C:\WINDOWS\system32\smss.exe
     716 csrss.exe
     740 C:\WINDOWS\system32\winlogon.exe
     784 C:\WINDOWS\system32\services.exe
     796 C:\WINDOWS\system32\lsass.exe
     996 C:\WINDOWS\system32\svchost.exe
    1044 svchost.exe
    1396 C:\WINDOWS\system32\svchost.exe
    1512 svchost.exe
    1628 svchost.exe
    1796 C:\WINDOWS\system32\spoolsv.exe
    1852 C:\Programme\Avira\AntiVir Desktop\sched.exe
    1928 svchost.exe
     420 C:\WINDOWS\explorer.exe
     512 C:\Programme\Analog Devices\Core\smax4pnp.exe
     544 C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
     556 C:\WINDOWS\system32\rundll32.exe
     568 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
     604 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
     644 C:\WINDOWS\system32\ctfmon.exe
    1224 C:\WINDOWS\system32\svchost.exe
    1236 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1264 C:\Programme\Application Updater\ApplicationUpdater.exe
    2032 C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
     192 C:\Programme\Java\jre6\bin\jqs.exe
     340 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
     700 C:\WINDOWS\system32\npkcmsvc.exe
     800 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
     508 C:\WINDOWS\system32\nvsvc32.exe
    1156 C:\WINDOWS\system32\PnkBstrA.exe
     684 C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    1740 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    3592 alg.exe
    3632 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    4060 C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
     256 C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    2516 C:\WINDOWS\system32\svchost.exe
    3992 C:\Programme\Internet Explorer\iexplore.exe
    3676 C:\Programme\Internet Explorer\iexplore.exe
    3428 C:\Programme\Internet Explorer\iexplore.exe
    2308 C:\Dokumente und Einstellungen\Mario\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000000e`2904c400  (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000024`2e931a00  (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725025GLA380, Rev: GM2OA52A

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0 


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:27 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19