Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antivir Fund --> JAVA/C-2009-3867.EH (https://www.trojaner-board.de/91160-antivir-fund-java-c-2009-3867-eh.html)

untermieter 26.09.2010 15:53
Antivir Fund --> JAVA/C-2009-3867.EH
 
Da ich in der Suche nix gefunden habe schildere ich mein Problem mal. Benutze iGoogle als personalisierte Startseite. Wenn ich www.google.de so in der Taskleiste eingebe --> kommt immer eine Seite Gondors Armee der Hoffnung obwohl oben Google drin steht. Habe diese Problem im IE und im Mozilla Browser. Habe Antvir durchlaufen lassen und er fand dieses hier JAVA/C-2009-3867.EH. Was soll ich tun??

cosinus 26.09.2010 18:51
Zitat:
Habe Antvir durchlaufen lassen und er fand dieses hier JAVA/C-2009-3867.EH. Was soll ich tun??
Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.

untermieter 26.09.2010 19:05
Habe nicht gewusst wo es steht. Habe diese beiden Sachen drauf:

Die Datei 'C:\Users\Rene\AppData\Local\Temp\asdf.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d03542b.qua' verschoben!

Die Datei 'C:\Users\Rene\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\78d6980a-5194cd44'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/C-2009-3867.EH' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d0353f0.qua' verschoben!

Wie bekomme ich denn mein Browser wieder hin?? Ist onlinebanking und so weiter jetzt unsicher?

cosinus 26.09.2010 19:28
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

untermieter 27.09.2010 12:01
So Malewarebytes hat dies:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4701

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

27.09.2010 12:06:04
mbam-log-2010-09-27 (12-06-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 368737
Laufzeit: 1 Stunde(n), 28 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 4

Infizierte Speicherprozesse:
C:\Users\Rene\AppData\Roaming\install\server.exe (Backdoor.Bot.M) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5vm4dn43-s76d-7xdo-rl61-cc6pjq8ktbi1} (Generic.Bot.H) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot.M) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot.M) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\directory\CyberGate (Trojan.PWS) -> No action taken.
C:\directory\CyberGate\install (Trojan.PWS) -> No action taken.

Infizierte Dateien:
C:\Users\Rene\AppData\Roaming\install\server.exe (Generic.Bot.H) -> No action taken.
C:\Users\Rene\Desktop\Prototype Trainer.exe (Trojan.Dropper) -> No action taken.
C:\directory\CyberGate\install\server.exe (Trojan.PWS) -> No action taken.
C:\Users\Rene\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken.


Und OTL dies:OTL Logfile:
Code:
OTL logfile created on: 27.09.2010 13:02:34 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\René\Software
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,90 Gb Total Space | 127,44 Gb Free Space | 56,92% Space Free | Partition Type: NTFS
Drive D: | 8,98 Gb Total Space | 1,66 Gb Free Space | 18,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RENE-PC
Current User Name: Rene
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\René\Software\Oldtimer.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\phonostar\ps_timer.exe (phonostar)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CNAB4RPK.EXE (CANON INC.)
PRC - C:\Users\Rene\AppData\Roaming\install\server.exe (Twain Working Group)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\René\Software\Oldtimer.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz132) -- C:\Users\Rene\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (GT680xNT) -- C:\Windows\System32\drivers\Gt680x.sys (  )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig?hl=de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.05.15 17:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.23 09:27:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.23 09:27:57 | 000,000,000 | ---D | M]
 
[2009.12.15 12:44:28 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Extensions
[2010.09.26 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions
[2010.08.11 19:19:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.12 19:50:42 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010.05.13 11:34:23 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\youtube2mp3@mondayx.de
[2010.09.22 11:27:02 | 000,000,961 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin-1.xml
[2010.06.15 14:53:37 | 000,000,961 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin-2.xml
[2010.04.16 19:41:18 | 000,000,955 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin.xml
[2010.08.11 17:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.18 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.10 20:36:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 17:35:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.09.23 09:27:48 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.23 09:27:48 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.23 09:27:48 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.23 09:27:48 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.23 09:27:48 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.12.11 13:50:52 | 000,000,847 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 81.169.180.144 www.google.de
O1 - Hosts: 81.169.180.144 google.de
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (WinAVI FLVSense) - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SendTo [2010.08.04 19:26:29 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Rene\AppData\Roaming\install\server.exe (Twain Working Group)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Rene\AppData\Roaming\install\server.exe (Twain Working Group)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.27 09:57:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.27 09:43:13 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Malwarebytes
[2010.09.27 09:43:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.27 09:43:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.27 09:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.27 09:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.26 17:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.09.26 17:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.09.26 16:13:38 | 012,049,864 | ---- | C] (Microsoft Corporation) -- C:\Users\Rene\Desktop\windows-kb890830-v3.10.exe
[2010.09.22 11:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\LeechGet 2009 Downloadmanager
[2010.09.21 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Software Informer
[2010.09.21 15:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2010.09.19 17:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Plus!
[2010.09.19 17:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Mender
[2010.09.16 09:59:13 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\install
[2010.09.15 15:58:30 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.11 16:19:55 | 000,000,000 | ---D | C] -- C:\directory
[2008.11.15 11:20:03 | 000,017,932 | R--- | C] (  ) -- C:\Windows\System32\drivers\Gt680x.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.27 13:01:40 | 003,932,160 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT
[2010.09.27 12:56:17 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.27 12:53:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 12:53:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 09:43:08 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.26 20:12:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.26 19:00:05 | 000,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010.09.26 18:59:58 | 000,243,628 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.09.26 18:59:52 | 000,243,628 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.09.26 18:53:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.26 18:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.26 18:53:51 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.26 18:52:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.26 18:52:40 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.09.26 18:52:40 | 000,065,536 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.26 18:52:34 | 003,748,373 | -H-- | M] () -- C:\Users\Rene\AppData\Local\IconCache.db
[2010.09.26 17:41:50 | 000,001,015 | ---- | M] () -- C:\Users\Rene\Desktop\Spybot - Search & Destroy.lnk
[2010.09.26 16:18:52 | 012,049,864 | ---- | M] (Microsoft Corporation) -- C:\Users\Rene\Desktop\windows-kb890830-v3.10.exe
[2010.09.26 14:26:18 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{36FF05EA-DA5C-4CA9-B1B8-91A9A37F64D5}.job
[2010.09.17 18:05:24 | 000,118,272 | ---- | M] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.16 14:38:28 | 001,472,816 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.16 14:38:28 | 000,630,116 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.16 14:38:28 | 000,598,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.16 14:38:28 | 000,127,146 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.16 14:38:28 | 000,105,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.16 13:48:54 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.09.16 10:51:57 | 000,019,030 | -H-- | M] () -- C:\Users\Rene\AppData\Roaming\cglogs.dat
[2010.08.31 20:22:59 | 000,000,162 | -H-- | M] () -- C:\Users\Rene\Desktop\~$mplettlösung Prototype.docx
 
========== Files Created - No Company Name ==========
 
[2010.09.27 09:43:08 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.26 17:41:50 | 000,001,015 | ---- | C] () -- C:\Users\Rene\Desktop\Spybot - Search & Destroy.lnk
[2010.09.11 18:09:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.31 20:22:59 | 000,000,162 | -H-- | C] () -- C:\Users\Rene\Desktop\~$mplettlösung Prototype.docx
[2010.05.15 12:13:49 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010.04.10 11:00:26 | 000,000,567 | ---- | C] () -- C:\Windows\wiso.ini
[2009.09.17 15:26:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.22 15:12:58 | 000,000,632 | ---- | C] () -- C:\Windows\Sof2.INI
[2009.02.04 13:41:40 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.02.03 19:13:50 | 000,010,871 | ---- | C] () -- C:\Users\Rene\AppData\Roaming\UserTile.png
[2009.01.23 19:42:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.12.27 16:17:47 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.12.11 15:51:37 | 000,007,592 | ---- | C] () -- C:\Users\Rene\AppData\Local\d3d9caps.dat
[2008.11.20 16:02:49 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.11.19 19:40:46 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.11.15 11:20:03 | 000,000,114 | ---- | C] () -- C:\Windows\SCNDRVU.INI
[2008.11.15 11:20:01 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008.11.15 11:19:54 | 000,000,403 | ---- | C] () -- C:\Windows\umxaddin.ini
[2008.11.02 15:11:34 | 000,118,272 | ---- | C] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.31 22:02:23 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\FnF4.txt
[2008.10.30 18:41:55 | 000,000,274 | ---- | C] () -- C:\Users\Rene\AppData\Roaming\wklnhst.dat
[2008.10.30 18:34:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\QSwitch.txt
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\DSwitch.txt
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\AtStart.txt
[2008.09.16 04:36:34 | 000,243,628 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.09.16 04:36:06 | 000,243,628 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.04.08 04:16:43 | 000,019,030 | -H-- | C] () -- C:\Users\Rene\AppData\Roaming\cglogs.dat
[2002.10.31 20:12:16 | 000,049,152 | R--- | C] () -- C:\Windows\AutoSet.dll
[2002.10.06 20:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002.10.05 01:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002.10.05 01:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002.10.05 01:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
< End of report >
--- --- ---

cosinus 27.09.2010 12:29
Hast Du alle Funde mit malwarebytes auch entfernt?

untermieter 27.09.2010 15:43
Suchlauf nochmals gemacht und jetztschaut es so aus:


27.09.2010 16:42:28
mbam-log-2010-09-27 (16-42-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 368245
Laufzeit: 1 Stunde(n), 27 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5vm4dn43-s76d-7xdo-rl61-cc6pjq8ktbi1} (Generic.Bot.H) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot.M) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot.M) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\directory\CyberGate (Trojan.PWS) -> Quarantined and deleted successfully.
C:\directory\CyberGate\install (Trojan.PWS) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\Rene\AppData\Roaming\install\server.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Users\Rene\Desktop\Prototype Trainer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\directory\CyberGate\install\server.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Users\Rene\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.

cosinus 27.09.2010 15:57
Dann brauch ich auch ein frisches OTL.txt :)

untermieter 27.09.2010 17:49
Hier das neue OTL:OTL Logfile:
Code:
OTL logfile created on: 27.09.2010 18:11:23 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\René\Software
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,90 Gb Total Space | 127,44 Gb Free Space | 56,92% Space Free | Partition Type: NTFS
Drive D: | 8,98 Gb Total Space | 1,66 Gb Free Space | 18,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RENE-PC
Current User Name: Rene
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\René\Software\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\phonostar\ps_timer.exe (phonostar)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CNAB4RPK.EXE (CANON INC.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\René\Software\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz132) -- C:\Users\Rene\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (GT680xNT) -- C:\Windows\System32\drivers\Gt680x.sys (  )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq Notebook | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq Notebook | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq Notebook | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.05.15 17:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.23 09:27:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.23 09:27:57 | 000,000,000 | ---D | M]
 
[2009.12.15 12:44:28 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Extensions
[2010.09.26 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions
[2010.08.11 19:19:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.12 19:50:42 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010.05.13 11:34:23 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\youtube2mp3@mondayx.de
[2010.09.22 11:27:02 | 000,000,961 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin-1.xml
[2010.06.15 14:53:37 | 000,000,961 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin-2.xml
[2010.04.16 19:41:18 | 000,000,955 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin.xml
[2010.08.11 17:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.18 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.10 20:36:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 17:35:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.09.23 09:27:48 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.23 09:27:48 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.23 09:27:48 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.23 09:27:48 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.23 09:27:48 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.12.11 13:50:52 | 000,000,847 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 81.169.180.144 Google
O1 - Hosts: 81.169.180.144 google.de
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (WinAVI FLVSense) - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe File not found
O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SendTo [2010.08.04 19:26:29 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.27 09:57:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.27 09:43:13 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Malwarebytes
[2010.09.27 09:43:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.27 09:43:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.27 09:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.27 09:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.26 17:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.09.26 17:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.09.26 16:13:38 | 012,049,864 | ---- | C] (Microsoft Corporation) -- C:\Users\Rene\Desktop\windows-kb890830-v3.10.exe
[2010.09.22 11:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\LeechGet 2009 Downloadmanager
[2010.09.21 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Software Informer
[2010.09.21 15:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2010.09.19 17:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Plus!
[2010.09.19 17:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Mender
[2010.09.16 09:59:13 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\install
[2010.09.15 15:58:30 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.11 16:19:55 | 000,000,000 | ---D | C] -- C:\directory
[2008.11.15 11:20:03 | 000,017,932 | R--- | C] (  ) -- C:\Windows\System32\drivers\Gt680x.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.27 18:12:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.27 18:11:42 | 003,932,160 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT
[2010.09.27 17:49:27 | 000,243,628 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.09.27 17:49:26 | 000,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010.09.27 17:49:25 | 000,243,628 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.09.27 17:49:18 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.27 17:48:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.27 16:45:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 16:45:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 16:45:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.27 16:45:30 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.27 16:44:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.27 16:44:21 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.09.27 16:44:21 | 000,065,536 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.27 16:44:20 | 006,291,456 | -H-- | M] () -- C:\Users\Rene\AppData\Local\IconCache.db
[2010.09.27 15:07:23 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{36FF05EA-DA5C-4CA9-B1B8-91A9A37F64D5}.job
[2010.09.27 13:20:14 | 000,107,056 | ---- | M] () -- C:\Users\Rene\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.27 13:18:31 | 000,391,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.27 09:43:08 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.26 17:41:50 | 000,001,015 | ---- | M] () -- C:\Users\Rene\Desktop\Spybot - Search & Destroy.lnk
[2010.09.26 16:18:52 | 012,049,864 | ---- | M] (Microsoft Corporation) -- C:\Users\Rene\Desktop\windows-kb890830-v3.10.exe
[2010.09.17 18:05:24 | 000,118,272 | ---- | M] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.16 14:38:28 | 001,472,816 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.16 14:38:28 | 000,630,116 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.16 14:38:28 | 000,598,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.16 14:38:28 | 000,127,146 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.16 14:38:28 | 000,105,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.16 13:48:54 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.08.31 20:22:59 | 000,000,162 | -H-- | M] () -- C:\Users\Rene\Desktop\~$mplettlösung Prototype.docx
 
========== Files Created - No Company Name ==========
 
[2010.09.27 09:43:08 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.26 17:41:50 | 000,001,015 | ---- | C] () -- C:\Users\Rene\Desktop\Spybot - Search & Destroy.lnk
[2010.09.11 18:09:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.31 20:22:59 | 000,000,162 | -H-- | C] () -- C:\Users\Rene\Desktop\~$mplettlösung Prototype.docx
[2010.05.15 12:13:49 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010.04.10 11:00:26 | 000,000,567 | ---- | C] () -- C:\Windows\wiso.ini
[2009.09.17 15:26:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.22 15:12:58 | 000,000,632 | ---- | C] () -- C:\Windows\Sof2.INI
[2009.02.04 13:41:40 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.02.03 19:13:50 | 000,010,871 | ---- | C] () -- C:\Users\Rene\AppData\Roaming\UserTile.png
[2009.01.23 19:42:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.12.27 16:17:47 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.12.11 15:51:37 | 000,007,592 | ---- | C] () -- C:\Users\Rene\AppData\Local\d3d9caps.dat
[2008.11.20 16:02:49 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.11.19 19:40:46 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.11.15 11:20:03 | 000,000,114 | ---- | C] () -- C:\Windows\SCNDRVU.INI
[2008.11.15 11:20:01 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008.11.15 11:19:54 | 000,000,403 | ---- | C] () -- C:\Windows\umxaddin.ini
[2008.11.02 15:11:34 | 000,118,272 | ---- | C] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.31 22:02:23 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\FnF4.txt
[2008.10.30 18:41:55 | 000,000,274 | ---- | C] () -- C:\Users\Rene\AppData\Roaming\wklnhst.dat
[2008.10.30 18:34:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\QSwitch.txt
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\DSwitch.txt
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\AtStart.txt
[2008.09.16 04:36:34 | 000,243,628 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.09.16 04:36:06 | 000,243,628 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002.10.31 20:12:16 | 000,049,152 | R--- | C] () -- C:\Windows\AutoSet.dll
[2002.10.06 20:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002.10.05 01:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002.10.05 01:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002.10.05 01:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
< End of report >
--- --- ---

cosinus 27.09.2010 22:24
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKCU..\Run: [fsm]  File not found
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
[2008.11.15 11:20:01 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

untermieter 28.09.2010 16:41
Also kann google.de wiieder eintippen und es funktioniert. Hier die Logdatei. Wie kann ich mich am besten vor sowas wieder schützen? Habe Antivir immer laufen und den Windowsdefender.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{260268fc-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{260268fc-ff78-11de-b175-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2602694e-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2602694e-ff78-11de-b175-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26026973-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26026973-ff78-11de-b175-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26026975-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26026975-ff78-11de-b175-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640aea0c-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640aea0c-ff8a-11de-865c-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640aea0e-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640aea0e-ff8a-11de-865c-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
C:\Windows\System32\pmsbfn32.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 10892884 bytes
->Temporary Internet Files folder emptied: 13204291 bytes
->Java cache emptied: 43573243 bytes
->FireFox cache emptied: 32632114 bytes
->Flash cache emptied: 5239 bytes

User: Public

User: Rene
->Temp folder emptied: 21805056 bytes
->Temporary Internet Files folder emptied: 690520929 bytes
->Java cache emptied: 67734618 bytes
->FireFox cache emptied: 90232072 bytes
->Opera cache emptied: 5404880 bytes
->Flash cache emptied: 57288 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123103837 bytes
RecycleBin emptied: 5623391535 bytes

Total Files Cleaned = 6.411,00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 09282010_172626

Files\Folders moved on Reboot...
C:\Users\Rene\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XRL9RRAV\ads[1].htm moved successfully.
C:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L8FHLMF3\91160-antivir-fund-java-c-2009-3867-eh[1].html moved successfully.
C:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G0J9D1NV\ads[1].htm moved successfully.
C:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\42AYDT2R\ads[1].htm moved successfully.
C:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

cosinus 28.09.2010 18:07
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

untermieter 29.09.2010 14:41
So OTL Datei is auf dem Server drauf.

cosinus 30.09.2010 11:23
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

untermieter 30.09.2010 17:43
Das kam heraus:

Combofix Logfile:
Code:
ComboFix 10-09-29.04 - Rene 30.09.2010  18:08:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3068.1796 [GMT 2:00]
ausgeführt von:: c:\users\Rene\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Rene\AppData\Roaming\Desktopicon

.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-28 bis 2010-09-30  ))))))))))))))))))))))))))))))
.

2010-09-30 16:15 . 2010-09-30 16:15        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2010-09-30 16:15 . 2010-09-30 16:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-09-29 13:37 . 2010-06-22 13:30        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-09-28 15:26 . 2010-09-28 15:26        --------        d-----w-        C:\_OTL
2010-09-27 07:43 . 2010-09-27 07:43        --------        d-----w-        c:\users\Rene\AppData\Roaming\Malwarebytes
2010-09-27 07:43 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 07:43 . 2010-09-27 07:43        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-09-27 07:43 . 2010-09-27 07:43        --------        d-----w-        c:\programdata\Malwarebytes
2010-09-27 07:43 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-26 15:41 . 2010-09-26 16:48        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2010-09-26 15:41 . 2010-09-26 15:41        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-09-22 09:01 . 2010-09-23 07:22        --------        d-----w-        c:\program files\LeechGet 2009 Downloadmanager
2010-09-21 13:26 . 2010-09-21 13:26        --------        d-----w-        c:\users\Rene\AppData\Roaming\Software Informer
2010-09-21 13:26 . 2010-09-21 13:26        --------        d-----w-        c:\program files\Software Informer
2010-09-19 15:04 . 2010-09-19 15:27        --------        d-----w-        c:\program files\Plus!
2010-09-19 15:00 . 2010-09-19 15:00        --------        d-----w-        c:\programdata\Driver Mender
2010-09-16 07:59 . 2010-09-27 14:42        --------        d-----w-        c:\users\Rene\AppData\Roaming\install
2010-09-15 13:58 . 2010-08-17 14:11        128000        ----a-w-        c:\windows\system32\spoolsv.exe
2010-09-15 13:58 . 2010-04-16 16:46        502272        ----a-w-        c:\windows\system32\usp10.dll
2010-09-15 13:58 . 2010-05-27 20:08        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2010-09-15 13:58 . 2010-04-05 17:02        317952        ----a-w-        c:\windows\system32\MP4SDECD.DLL
2010-09-11 14:19 . 2010-09-27 14:42        --------        d-----w-        C:\directory

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 16:06 . 2008-10-30 13:31        --------        d-----w-        c:\users\Rene\AppData\Roaming\ICQ
2010-09-30 13:40 . 2008-09-16 02:36        243628        ----a-w-        c:\programdata\nvModes.dat
2010-09-29 18:16 . 2010-05-21 22:40        12        ----a-w-        c:\windows\bthservsdp.dat
2010-09-29 15:50 . 2008-12-26 16:21        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-09-29 13:47 . 2009-05-15 16:04        --------        d-----w-        c:\users\Rene\AppData\Roaming\Winamp
2010-09-28 13:22 . 2009-11-02 12:46        --------        d-----w-        c:\program files\Google
2010-09-28 13:21 . 2008-10-30 13:17        107056        ----a-w-        c:\users\Rene\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-27 07:57 . 2010-03-17 19:22        --------        d-----r-        c:\program files\Skype
2010-09-27 07:33 . 2008-07-08 03:42        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-09-21 12:43 . 2009-12-29 13:15        --------        d-----w-        c:\program files\JDownloader
2010-09-18 16:03 . 2009-01-23 17:35        --------        d-----w-        c:\users\Rene\AppData\Roaming\phonostar-Player
2010-09-16 12:38 . 2008-07-08 13:14        630116        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-16 12:38 . 2008-07-08 13:14        127146        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-15 13:59 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-09-06 20:25 . 2010-03-17 19:23        --------        d-----w-        c:\users\Rene\AppData\Roaming\Skype
2010-09-06 20:24 . 2010-03-17 19:25        --------        d-----w-        c:\users\Rene\AppData\Roaming\skypePM
2010-08-24 13:28 . 2010-02-14 11:44        --------        d-----w-        c:\program files\ICQ7.0
2010-08-11 15:40 . 2008-07-08 04:25        --------        d-----w-        c:\program files\Microsoft Works
2010-08-11 15:39 . 2008-07-08 04:37        --------        d-----w-        c:\programdata\Microsoft Help
2010-08-11 15:36 . 2008-07-08 04:59        --------        d-----w-        c:\program files\Common Files\Java
2010-08-11 15:35 . 2008-07-08 04:59        --------        d-----w-        c:\program files\Java
2010-08-08 09:23 . 2010-08-08 09:23        --------        d-----w-        c:\program files\Common Files\Windows Live
2010-08-08 09:17 . 2010-08-08 08:53        --------        d-----w-        c:\program files\Avidemux 2.5
2010-08-06 16:49 . 2006-11-02 10:25        51200        ----a-w-        c:\windows\Inf\infpub.dat
2010-08-06 16:49 . 2006-11-02 10:25        143360        ----a-w-        c:\windows\Inf\infstrng.dat
2010-08-05 14:13 . 2010-08-05 14:02        --------        d-----w-        c:\program files\NCH Software
2010-08-05 14:05 . 2010-08-05 14:02        --------        d-----w-        c:\users\Rene\AppData\Roaming\NCH Software
2010-08-05 13:54 . 2010-08-05 13:54        --------        d-----w-        c:\programdata\VideoConverter
2010-08-04 17:26 . 2009-02-04 12:04        --------        d-----w-        c:\program files\AVS4YOU
2010-08-04 17:26 . 2009-02-04 12:04        --------        d-----w-        c:\program files\Common Files\AVSMedia
2010-08-03 17:08 . 2010-08-03 17:05        --------        d-----w-        c:\users\Rene\AppData\Roaming\avidemux
2010-08-03 16:52 . 2008-10-30 18:47        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2010-07-24 08:44 . 2010-07-24 08:44        257257        ----a-w-        c:\users\Rene\AppData\Roaming\OpenCandy\OpenCandy_9CD2E6BDA6E9487584F3CE67F1A0E577\DLMgr3WrapperUniBlue.exe
2010-07-17 03:00 . 2010-05-10 18:36        423656        ----a-w-        c:\windows\system32\deployJava1.dll
2010-07-11 07:43 . 2009-01-25 11:23        680        ----a-w-        c:\users\Gast\AppData\Local\d3d9caps.dat
2008-07-08 13:17 . 2008-07-08 13:17        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"PhonostarTimer"="c:\program files\phonostar\ps_timer.exe" [2008-09-19 126976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-08-22 133432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Inhaltsverzeichnis.onetoc2 [2010-4-2 3656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Action Manager 32.lnk - c:\program files\ScannerU\AM32.exe [2008-11-15 69632]
Canon LBP2900 Statusfenster.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2008-10-31 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 133104]
R3 GT680xNT;USB Scanner Driver;c:\windows\system32\drivers\gt680x.sys [2002-10-04 17932]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-09 43040]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
bthsvcs        REG_MULTI_SZ          BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 12:45]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 12:45]

2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{36FF05EA-DA5C-4CA9-B1B8-91A9A37F64D5}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig?hl=de
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE: &Download FLV by WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: Mit dem LeechGet Wizard laden - file://c:\program files\LeechGet 2009 Downloadmanager\\Wizard.html
IE: Mit LeechGet herunterladen - file://c:\program files\LeechGet 2009 Downloadmanager\\AddUrl.html
IE: Mit LeechGet parsen - file://c:\program files\LeechGet 2009 Downloadmanager\\Parser.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\6ttrhcwv.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
HKLM-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-30 18:16
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  msnmsgr = "c:\program files\MSN Messenger\msnmsgr.exe" /background???e

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-962925252-1113572991-733572080-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:06,bd,d6,3e,76,54,b6,11,ee,4e,46,ad,c6,3e,f7,04,ad,8e,a1,cc,ad,2b,6f,
  0c,c3,42,31,9e,bc,ad,be,d9,81,8f,32,c5,f2,28,9d,e5,0e,97,2d,31,24,24,cb,5c,\
"??"=hex:77,58,89,ab,98,83,9b,fa,55,92,e3,09,b9,ee,72,ad

[HKEY_USERS\S-1-5-21-962925252-1113572991-733572080-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:5f,91,a6,76,3c,1f,a1,26,3e,36,84,c1,bf,d9,11,7f,3a,dd,f0,36,ab,
  10,b9,7d,6a,ce,01,62,b1,74,0c,33,58,94,c6,78,85,7e,8c,37,24,e7,ba,83,dd,cb,\
"rkeysecu"=hex:c1,7f,04,6a,c6,b8,c2,2f,ba,59,ac,4e,07,b0,24,b1

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-30  18:19:57
ComboFix-quarantined-files.txt  2010-09-30 16:19

Vor Suchlauf: 14 Verzeichnis(se), 144.488.185.856 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 144.423.591.936 Bytes frei

- - End Of File - - 83748C7EA2913CF2A53B87D87C0E2C38
--- --- ---

cosinus 30.09.2010 17:51
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

untermieter 02.10.2010 09:32
Wieviel Programme muss ich denn noch durchlaufen?

MFG

untermieter 02.10.2010 09:57
Hier das von Osam. Das andere habe ich durchlaufen lassen aber nachdem Neustart keine Log Datei gefunden:

eport of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 10:55:45 on 02.10.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Rene\AppData\Local\Temp\catchme.sys (File not found)
"cpuz132" (cpuz132) - ? - C:\Users\Rene\AppData\Local\Temp\cpuz132\cpuz132_x32.sys (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
CLSID\{EBDF1F20-C829-14D1-8234-1420AF3E97A9} "LeechGet "Copy Here" Shell Extension" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{888078C6-70B2-4F88-8EE7-1F50DDEA6120} "CeWe Color AG & Co. OHG Control" - "CeWe Color AG & Co. OHG" - C:\Windows\Downloaded Program Files\ImageUploader6.ocx / https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\Windows\Downloaded Program Files\IPSUploader4.ocx / https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
"ICQ7" - "ICQ, LLC." - C:\Program Files\ICQ7.0\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{EC83A912-7EF4-410D-9CC7-3BDAA709CA71} "WinAVI FLV Manager" - "ZJMedia" - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} "WinAVI FLVSense" - "ZJMedia" - C:\Program Files\WinAVI FLV Converter\FLVTune.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OneNote Inhaltsverzeichnis.onetoc2" - ? - C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Action Manager 32.lnk" - ? - C:\Program Files\ScannerU\AM32.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"PC Suite Tray" - "Nokia" - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"PhonostarTimer" - ? - C:\Program Files\phonostar\ps_timer.exe
"SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"Nokia FastStart" - "Nokia" - "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
"NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
"WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit Online Solutions :: Index

untermieter 02.10.2010 10:01
Hier das von Bootkit:
.\debug.cpp(238) : Debug log started at 02.10.2010 - 08:58:44
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : esage lab - main
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82451000 0x003b9000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x8241e000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x80408000 0x00007000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8040f000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8047f000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x80490000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x80498000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x804d9000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x80600000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x80671000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8067f000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x806c5000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x806ce000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x806d6000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x806fd000 0x0000f000 "\SystemRoot\system32\drivers\isapnp.sys"
.\debug.cpp(256) : 0x8070c000 0x0001c000 "\SystemRoot\system32\drivers\mpio.sys"
.\debug.cpp(256) : 0x80728000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x80737000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x8073a000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x80744000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x80753000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8079d000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys"
.\debug.cpp(256) : 0x807a4000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x807b2000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0x807b9000 0x00007000 "\SystemRoot\system32\drivers\aliide.sys"
.\debug.cpp(256) : 0x807c0000 0x00007000 "\SystemRoot\system32\drivers\amdide.sys"
.\debug.cpp(256) : 0x807c7000 0x00008000 "\SystemRoot\system32\drivers\cmdide.sys"
.\debug.cpp(256) : 0x807cf000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x807df000 0x0001a000 "\SystemRoot\system32\drivers\msdsm.sys"
.\debug.cpp(256) : 0x805b9000 0x0001b000 "\SystemRoot\system32\drivers\nvraid.sys"
.\debug.cpp(256) : 0x805d4000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x805f5000 0x00008000 "\SystemRoot\system32\drivers\viaide.sys"
.\debug.cpp(256) : 0x82a0a000 0x000a1000 "\SystemRoot\system32\drivers\iastorv.sys"
.\debug.cpp(256) : 0x82aab000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x82ab3000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x82ad1000 0x0001a000 "\SystemRoot\system32\drivers\lsi_scsi.sys"
.\debug.cpp(256) : 0x82aeb000 0x00041000 "\SystemRoot\system32\drivers\storport.sys"
.\debug.cpp(256) : 0x82b2c000 0x0000d000 "\SystemRoot\system32\drivers\nvstor.sys"
.\debug.cpp(256) : 0x82b39000 0x0000a000 "\SystemRoot\system32\drivers\msahci.sys"
.\debug.cpp(256) : 0x82b43000 0x0000b000 "\SystemRoot\system32\drivers\hpcisss.sys"
.\debug.cpp(256) : 0x82b4e000 0x0006a000 "\SystemRoot\system32\drivers\adp94xx.sys"
.\debug.cpp(256) : 0x8ac0f000 0x0004c000 "\SystemRoot\system32\drivers\adpahci.sys"
.\debug.cpp(256) : 0x8ac5b000 0x0001b000 "\SystemRoot\system32\drivers\adpu160m.sys"
.\debug.cpp(256) : 0x8ac76000 0x00026000 "\SystemRoot\system32\drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0x8ac9c000 0x00026000 "\SystemRoot\system32\drivers\adpu320.sys"
.\debug.cpp(256) : 0x8acc2000 0x00014000 "\SystemRoot\system32\drivers\djsvs.sys"
.\debug.cpp(256) : 0x8acd6000 0x00016000 "\SystemRoot\system32\drivers\arc.sys"
.\debug.cpp(256) : 0x8acec000 0x00016000 "\SystemRoot\system32\drivers\arcsas.sys"
.\debug.cpp(256) : 0x8ad02000 0x00094000 "\SystemRoot\system32\drivers\elxstor.sys"
.\debug.cpp(256) : 0x8ad96000 0x0000a000 "\SystemRoot\system32\drivers\i2omp.sys"
.\debug.cpp(256) : 0x8ada0000 0x00010000 "\SystemRoot\system32\drivers\iirsp.sys"
.\debug.cpp(256) : 0x8adb0000 0x0000c000 "\SystemRoot\system32\drivers\iteatapi.sys"
.\debug.cpp(256) : 0x8adbc000 0x0000c000 "\SystemRoot\system32\drivers\iteraid.sys"
.\debug.cpp(256) : 0x8adc8000 0x0001a000 "\SystemRoot\system32\drivers\lsi_fc.sys"
.\debug.cpp(256) : 0x8ade2000 0x00018000 "\SystemRoot\system32\drivers\lsi_sas.sys"
.\debug.cpp(256) : 0x8ac00000 0x0000a000 "\SystemRoot\system32\drivers\megasas.sys"
.\debug.cpp(256) : 0x8ae07000 0x000b7000 "\SystemRoot\system32\drivers\megasr.sys"
.\debug.cpp(256) : 0x8aebe000 0x0000b000 "\SystemRoot\system32\drivers\mraid35x.sys"
.\debug.cpp(256) : 0x8aec9000 0x0000e000 "\SystemRoot\system32\drivers\nfrd960.sys"
.\debug.cpp(256) : 0x8b008000 0x00138000 "\SystemRoot\system32\drivers\ql2300.sys"
.\debug.cpp(256) : 0x8b140000 0x00055000 "\SystemRoot\system32\drivers\ql40xx.sys"
.\debug.cpp(256) : 0x8b195000 0x0000d000 "\SystemRoot\system32\drivers\sisraid2.sys"
.\debug.cpp(256) : 0x8b1a2000 0x00015000 "\SystemRoot\system32\drivers\sisraid4.sys"
.\debug.cpp(256) : 0x8b1b7000 0x0000c000 "\SystemRoot\system32\drivers\symc8xx.sys"
.\debug.cpp(256) : 0x8b1c3000 0x0000b000 "\SystemRoot\system32\drivers\sym_hi.sys"
.\debug.cpp(256) : 0x8b1ce000 0x0000b000 "\SystemRoot\system32\drivers\sym_u3.sys"
.\debug.cpp(256) : 0x8aed7000 0x0003c000 "\SystemRoot\system32\drivers\uliahci.sys"
.\debug.cpp(256) : 0x8b1d9000 0x00021000 "\SystemRoot\system32\drivers\ulsata.sys"
.\debug.cpp(256) : 0x8af13000 0x0002c000 "\SystemRoot\system32\drivers\ulsata2.sys"
.\debug.cpp(256) : 0x8af3f000 0x00021000 "\SystemRoot\system32\drivers\vsmraid.sys"
.\debug.cpp(256) : 0x8af60000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8af92000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8b208000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8b279000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8b384000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x8b3af000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8b402000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8b4ec000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8b601000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8b711000 0x00008000 "\SystemRoot\system32\drivers\wd.sys"
.\debug.cpp(256) : 0x8b719000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8b752000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8b75a000 0x00015000 "\SystemRoot\system32\drivers\sbp2port.sys"
.\debug.cpp(256) : 0x8b76f000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8b77e000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x8b7a5000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x8b7b6000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x8b7e1000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x8b7ec000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x8b507000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x8b7f5000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0x8fe0a000 0x00971000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
.\debug.cpp(256) : 0x9077b000 0x00002000 "\SystemRoot\system32\DRIVERS\nvBridge.kmd"
.\debug.cpp(256) : 0x8b516000 0x000a1000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x9077d000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x90789000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x90794000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x907d2000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x90807000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x90894000 0x00022000 "\SystemRoot\system32\DRIVERS\Rtlh86.sys"
.\debug.cpp(256) : 0x908b6000 0x00125000 "\SystemRoot\system32\DRIVERS\athr.sys"
.\debug.cpp(256) : 0x909db000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x909ee000 0x00005000 "\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys"
.\debug.cpp(256) : 0x909f3000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8b5b7000 0x00030000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0x909fe000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x907e1000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x90800000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x8b5e7000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8afa2000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x907ec000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8afd1000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x8b3ea000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x82bb8000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8afe8000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x82bdb000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x90c0d000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x90c22000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x90c32000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x90c34000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x90c5e000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x90c68000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x90c75000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x90caa000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x90cbb000 0x0003b000 "\SystemRoot\system32\drivers\CHDRT32.sys"
.\debug.cpp(256) : 0x90cf6000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x90d23000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x90d48000 0x0003e000 "\SystemRoot\system32\DRIVERS\HSXHWAZL.sys"
.\debug.cpp(256) : 0x90e0e000 0x00103000 "\SystemRoot\system32\DRIVERS\HSX_DPV.sys"
.\debug.cpp(256) : 0x90f11000 0x000b5000 "\SystemRoot\system32\DRIVERS\HSX_CNXT.sys"
.\debug.cpp(256) : 0x90fc6000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
.\debug.cpp(256) : 0x90fd3000 0x0000e000 "\SystemRoot\system32\drivers\nvhda32v.sys"
.\debug.cpp(256) : 0x90fe1000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x90fea000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x90ff1000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x90ff8000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x90e00000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x90d86000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x90da7000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x90daf000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x90db7000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x90dc2000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x90dd0000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x90dd9000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x9100f000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x91023000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x9106b000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x9109d000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x910b3000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x910c1000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x910d4000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x910da000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x91116000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x91120000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x91137000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0x91153000 0x00013000 "\SystemRoot\system32\drivers\RTSTOR.SYS"
.\debug.cpp(256) : 0x91166000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0x91192000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x911a9000 0x00021000 "\SystemRoot\System32\Drivers\usbvideo.sys"
.\debug.cpp(256) : 0x911ca000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x911d7000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x911e2000 0x0000a000 "\SystemRoot\System32\Drivers\dump_msahci.sys"
.\debug.cpp(256) : 0x9d0e0000 0x00203000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x911ec000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x91000000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x9d300000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x9d320000 0x0000e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x8b7bf000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0xa080d000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xa0821000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0xa08d1000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0xa08e1000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0xa090b000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa0915000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0xa0928000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0xa0995000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xa09b2000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0xa09cb000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0xa260b000 0x00021000 "\SystemRoot\system32\drivers\mrxdav.sys"
.\debug.cpp(256) : 0xa262c000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xa264b000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0xa2684000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0xa269c000 0x00027000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xa26c3000 0x0004e000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa2729000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xa2c09000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0xa2ce7000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0xa2cf1000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xa2cfd000 0x00008000 "\SystemRoot\system32\DRIVERS\xaudio.sys"
.\debug.cpp(256) : 0xa2d05000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x77d20000 0x00127000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_360B103C&REV_03#3&e89b380&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{9c12192f-815f-4229-9fdf-87019132fc38}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A87C2E0F-9A46-46b8-8EC4-E33355FBE1F7}#KeyboardFilter#5&290a846d&0&01#{3569dbe5-fa4f-4e7e-96ec-540202073739}"
.\debug.cpp(400) : Destination "\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{87337d6d-a672-11dd-8a6e-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000063"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9}"
.\debug.cpp(400) : Destination "\Device\NDMP14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination "\Device\avgio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62}"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&e953107&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination "\Device\RaidPort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) : Destination "\Device\Tun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{91E57E06-6BA6-4576-A178-4FC06E9D1A38}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{8b648350-27dd-47af-82da-203c6a3e6f8c}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_06E8&SUBSYS_360B103C&REV_A1#4&1c665b04&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{427F3A3F-A0CE-4CF3-BE9B-709095B2C003}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\00000083"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-L633L________________0400____#5&122910e0&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{d038b01c-a9a3-49cb-9ec6-e35f47536a63}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_0158#20071114173400000#{53440e77-835c-4768-bd70-e6e87ac8ae69}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice"
.\debug.cpp(400) : Destination "\Device\SpDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature1163E3ADOffset7E00Length37F98F8200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&ed35501&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CB39E4D7-3A0E-4919-B1D2-35BA3C534189}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_360B103C&REV_03#3&e89b380&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\XAudio"
.\debug.cpp(400) : Destination "\Device\XAudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&ActiveSyncWPDEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000009c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000006f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&30c04b84&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0158#4&3533a443&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&ed35501&0&5#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&72a0e1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0003&SUBSYS_10DE0101&REV_1000#4&21b0e903&0&0101#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) : Destination "\Device\00000092"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature1163E3ADOffset37F9900000Length23EF00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3b7694a4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_B091#SN0001#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_137B103C&REV_01#4&16e150ca&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\0000009a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NvAdminDevice"
.\debug.cpp(400) : Destination "\Device\NvAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0003&SUBSYS_10DE0101&REV_1000#4&21b0e903&0&0101#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000092"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000006c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{87337d68-a672-11dd-8a6e-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{44865dfa-774d-4b2d-a8e4-43c6765a9bdb}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000066"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&32663458&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskSAMSUNG_HM250JI_________________________HS100-10#5&3b0a2a42&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{87337d67-a672-11dd-8a6e-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS1#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000000a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_360B103C&REV_03#3&e89b380&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71D7C445-F328-4585-A4E7-BD5B4DDAB5E4}"
.\debug.cpp(400) : Destination "\Device\NDMP16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000067"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-L633L________________0400____#5&122910e0&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS0#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_360B103C&REV_03#3&e89b380&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination "\Device\USBFDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_0158#20071114173400000#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{39F0982A-9654-4DE1-AAE5-A3D1926C53FF}"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&dfe5ac3&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{425E4433-203B-4BB6-B7E3-E26D64BBFC77}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_360B103C&REV_02#FFFF000000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AUO6287#5&20751a86&0&UID16777488#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\0000009a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B70ECF81-582F-4FF5-B463-078E993B3CF2}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&3533a443&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination "\Device\nativewifip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_360B103C&REV_03#3&e89b380&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_360B103C&REV_03#3&e89b380&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000067"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AUO6287#5&20751a86&0&UID16777488#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\0000009a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&3533a443&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000080"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000063"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination "\Device\ssmctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&ed35501&0&4#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MPIOControl"
.\debug.cpp(400) : Destination "\Device\MPIOControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{ACEA6A4B-1CBF-4FEC-ACFC-EFD3B99A0FA7}"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_137B103C&REV_01#4&16e150ca&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F}"
.\debug.cpp(400) : Destination "\Device\NDMP15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_360B103C&REV_03#3&e89b380&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_360B103C&REV_03#3&e89b380&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_360B103C&REV_02#FFFF000000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_B091&MI_00#6&3addb5c5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000099"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0002#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\00000091"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_06E8&SUBSYS_360B103C&REV_A1#4&1c665b04&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000009b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0005#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000066"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination "\Device\MICH_AZ0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&ed35501&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&8962ed2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_B091&MI_00#6&3addb5c5&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000099"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0003&SUBSYS_10DE0101&REV_1000#4&21b0e903&0&0101#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000092"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360B&REV_1000#4&21b0e903&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0006#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1a4457c2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C3E110AA-329C-4CE8-8221-7B988FD83030}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000068"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{70AA49D1-E861-412E-AF47-A4DD47EDC7E4}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination "\Device\avipbb"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 2404788b716b45266811c1294c3c975c
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 232 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;

cosinus 03.10.2010 12:55
Zitat:
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 2404788b716b45266811c1294c3c975c
Ein Programm braucht es noch auf jeden Fall. Ich muss den MBR genauer prüfen.
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

untermieter 04.10.2010 15:54
Hier das Letze, so warte auf das Ergebnis ob es alles weg ist....

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ70 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 195):
0x8240E000 \SystemRoot\system32\ntkrnlpa.exe
0x827C7000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80688000 \SystemRoot\system32\drivers\acpi.sys
0x806CE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DF000 \SystemRoot\system32\drivers\pci.sys
0x80706000 \SystemRoot\system32\drivers\isapnp.sys
0x80715000 \SystemRoot\system32\drivers\mpio.sys
0x80731000 \SystemRoot\System32\drivers\partmgr.sys
0x80740000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80743000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8074D000 \SystemRoot\system32\drivers\volmgr.sys
0x8075C000 \SystemRoot\System32\drivers\volmgrx.sys
0x807A6000 \SystemRoot\system32\drivers\intelide.sys
0x807AD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807BB000 \SystemRoot\system32\drivers\pciide.sys
0x807C2000 \SystemRoot\system32\drivers\aliide.sys
0x807C9000 \SystemRoot\system32\drivers\amdide.sys
0x807D0000 \SystemRoot\system32\drivers\cmdide.sys
0x807D8000 \SystemRoot\System32\drivers\mountmgr.sys
0x805B2000 \SystemRoot\system32\drivers\msdsm.sys
0x805CC000 \SystemRoot\system32\drivers\nvraid.sys
0x82A09000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82A2A000 \SystemRoot\system32\drivers\viaide.sys
0x82A32000 \SystemRoot\system32\drivers\iastorv.sys
0x82AD3000 \SystemRoot\system32\drivers\atapi.sys
0x82ADB000 \SystemRoot\system32\drivers\ataport.SYS
0x82AF9000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x82B13000 \SystemRoot\system32\drivers\storport.sys
0x82B54000 \SystemRoot\system32\drivers\nvstor.sys
0x82B61000 \SystemRoot\system32\drivers\msahci.sys
0x82B6B000 \SystemRoot\system32\drivers\hpcisss.sys
0x82B76000 \SystemRoot\system32\drivers\adp94xx.sys
0x8AC0A000 \SystemRoot\system32\drivers\adpahci.sys
0x8AC56000 \SystemRoot\system32\drivers\adpu160m.sys
0x8AC71000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8AC97000 \SystemRoot\system32\drivers\adpu320.sys
0x8ACBD000 \SystemRoot\system32\drivers\djsvs.sys
0x8ACD1000 \SystemRoot\system32\drivers\arc.sys
0x8ACE7000 \SystemRoot\system32\drivers\arcsas.sys
0x8ACFD000 \SystemRoot\system32\drivers\elxstor.sys
0x8AD91000 \SystemRoot\system32\drivers\i2omp.sys
0x8AD9B000 \SystemRoot\system32\drivers\iirsp.sys
0x8ADAB000 \SystemRoot\system32\drivers\iteatapi.sys
0x8ADB7000 \SystemRoot\system32\drivers\iteraid.sys
0x8ADC3000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8ADDD000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8ADF5000 \SystemRoot\system32\drivers\megasas.sys
0x8AE04000 \SystemRoot\system32\drivers\megasr.sys
0x8AEBB000 \SystemRoot\system32\drivers\mraid35x.sys
0x8AEC6000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B00C000 \SystemRoot\system32\drivers\ql2300.sys
0x8B144000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B199000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B1A6000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B1BB000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B1C7000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B1D2000 \SystemRoot\system32\drivers\sym_u3.sys
0x8AED4000 \SystemRoot\system32\drivers\uliahci.sys
0x8B1DD000 \SystemRoot\system32\drivers\ulsata.sys
0x8AF10000 \SystemRoot\system32\drivers\ulsata2.sys
0x8AF3C000 \SystemRoot\system32\drivers\vsmraid.sys
0x8AF5D000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AF8F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B20E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B27F000 \SystemRoot\system32\drivers\ndis.sys
0x8B38A000 \SystemRoot\system32\drivers\msrpc.sys
0x8B3B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B40B000 \SystemRoot\System32\drivers\tcpip.sys
0x8B4F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B60E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B71E000 \SystemRoot\system32\drivers\wd.sys
0x8B726000 \SystemRoot\system32\drivers\volsnap.sys
0x8B75F000 \SystemRoot\System32\Drivers\spldr.sys
0x8B767000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B77C000 \SystemRoot\System32\Drivers\mup.sys
0x8B78B000 \SystemRoot\System32\drivers\ecache.sys
0x8B7B2000 \SystemRoot\system32\drivers\disk.sys
0x8B7C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B7EE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B600000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B510000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B51F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F40A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FD7B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8B528000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FD7D000 \SystemRoot\System32\drivers\watchdog.sys
0x8FD89000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FD94000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FDD2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90007000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90094000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x900B6000 \SystemRoot\system32\DRIVERS\athr.sys
0x901DB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x901EE000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x901F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B5C9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x901FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FDE1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90000000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8AF9F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AFB7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FDEC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AFE6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9040A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9042D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9043C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90450000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90465000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90475000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90477000 \SystemRoot\system32\DRIVERS\ks.sys
0x904A1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x904AB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x904B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x904ED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x904FE000 \SystemRoot\system32\drivers\CHDRT32.sys
0x90539000 \SystemRoot\system32\drivers\portcls.sys
0x90566000 \SystemRoot\system32\drivers\drmk.sys
0x9058B000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90602000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90705000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x907BA000 \SystemRoot\system32\drivers\modem.sys
0x907C7000 \SystemRoot\system32\drivers\nvhda32v.sys
0x907D5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x907DE000 \SystemRoot\System32\Drivers\Null.SYS
0x907E5000 \SystemRoot\System32\Drivers\Beep.SYS
0x907F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x905C9000 \SystemRoot\System32\drivers\vga.sys
0x905D5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x907EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x905F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B3F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90400000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x82BE0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x807E8000 \SystemRoot\system32\DRIVERS\smb.sys
0x90803000 \SystemRoot\system32\drivers\afd.sys
0x9084B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9087D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90893000 \SystemRoot\system32\DRIVERS\netbios.sys
0x908A1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x908B4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x908BA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x908F6000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x90909000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90913000 \SystemRoot\System32\Drivers\dfsc.sys
0x9092A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90946000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x9094F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90958000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90968000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x9096A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90972000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90989000 \SystemRoot\System32\Drivers\usbvideo.sys
0x909AA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x909B7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x909C2000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x99250000 \SystemRoot\System32\win32k.sys
0x909CC000 \SystemRoot\System32\drivers\Dxapi.sys
0x909D6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99470000 \SystemRoot\System32\TSDDD.dll
0x99490000 \SystemRoot\System32\cdd.dll
0x909E5000 \SystemRoot\system32\drivers\luafv.sys
0x8B7CC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x805E7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81203000 \SystemRoot\system32\drivers\spsys.sys
0x812B3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x812DD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x812E7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x812FA000 \SystemRoot\system32\drivers\HTTP.sys
0x81367000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81384000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8139D000 \SystemRoot\System32\drivers\mpsdrv.sys
0x813B2000 \SystemRoot\system32\drivers\mrxdav.sys
0x813D3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F605000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F63E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F656000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F67D000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F6E3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9F6E7000 \SystemRoot\system32\drivers\peauth.sys
0x9F7C5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F7CF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F7DB000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F7E3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77080000 \Windows\System32\ntdll.dll

Processes (total 90):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
544 csrss.exe
596 C:\Windows\System32\wininit.exe
608 csrss.exe
640 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
816 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\nvvsvc.exe
908 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\winlogon.exe
1244 C:\Windows\System32\audiodg.exe
1264 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\SLsvc.exe
1328 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\nvvsvc.exe
1484 C:\Windows\System32\svchost.exe
1664 C:\Windows\System32\wlanext.exe
1672 C:\Windows\System32\spoolsv.exe
1732 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1780 C:\Windows\System32\svchost.exe
212 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
216 C:\Windows\System32\svchost.exe
824 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1812 C:\Windows\System32\svchost.exe
2068 C:\Windows\SMINST\BLService.exe
2104 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2140 C:\Windows\System32\svchost.exe
2196 C:\Windows\System32\svchost.exe
2256 C:\Windows\System32\SearchIndexer.exe
2280 C:\Windows\System32\drivers\XAudio.exe
2360 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2752 C:\Windows\System32\taskeng.exe
3000 C:\Windows\System32\taskeng.exe
3044 C:\Windows\System32\dwm.exe
3136 C:\Windows\explorer.exe
3232 CNAB4RPK.EXE
3688 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3736 C:\Program Files\HP\QuickPlay\QPService.exe
3760 C:\Program Files\Windows Defender\MSASCui.exe
3768 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3788 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3796 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3840 C:\Windows\WindowsMobile\wmdSync.exe
3912 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3952 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
4008 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4024 C:\Program Files\Winamp\winampa.exe
4032 WmiPrvSE.exe
4064 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
2628 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2692 C:\Windows\System32\wbem\unsecapp.exe
1744 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3012 C:\Program Files\Windows Sidebar\sidebar.exe
2996 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3064 C:\Program Files\phonostar\ps_timer.exe
3052 C:\Windows\ehome\ehtray.exe
3104 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
3108 C:\Program Files\ICQ7.0\ICQ.exe
3080 C:\Program Files\Windows Media Player\wmpnscfg.exe
3180 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3184 C:\Windows\System32\svchost.exe
2904

cosinus 04.10.2010 18:07
Das Log ist unvollständig

untermieter 05.10.2010 14:29
Ja jetzt aber....:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ70 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 195):
0x8244C000 \SystemRoot\system32\ntkrnlpa.exe
0x82419000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80675000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80683000 \SystemRoot\system32\drivers\acpi.sys
0x806C9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DA000 \SystemRoot\system32\drivers\pci.sys
0x80701000 \SystemRoot\system32\drivers\isapnp.sys
0x80710000 \SystemRoot\system32\drivers\mpio.sys
0x8072C000 \SystemRoot\System32\drivers\partmgr.sys
0x8073B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8073E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80748000 \SystemRoot\system32\drivers\volmgr.sys
0x80757000 \SystemRoot\System32\drivers\volmgrx.sys
0x807A1000 \SystemRoot\system32\drivers\intelide.sys
0x807A8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807B6000 \SystemRoot\system32\drivers\pciide.sys
0x807BD000 \SystemRoot\system32\drivers\aliide.sys
0x807C4000 \SystemRoot\system32\drivers\amdide.sys
0x807CB000 \SystemRoot\system32\drivers\cmdide.sys
0x807D3000 \SystemRoot\System32\drivers\mountmgr.sys
0x807E3000 \SystemRoot\system32\drivers\msdsm.sys
0x805BA000 \SystemRoot\system32\drivers\nvraid.sys
0x805D5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x805F6000 \SystemRoot\system32\drivers\viaide.sys
0x82A07000 \SystemRoot\system32\drivers\iastorv.sys
0x82AA8000 \SystemRoot\system32\drivers\atapi.sys
0x82AB0000 \SystemRoot\system32\drivers\ataport.SYS
0x82ACE000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x82AE8000 \SystemRoot\system32\drivers\storport.sys
0x82B29000 \SystemRoot\system32\drivers\nvstor.sys
0x82B36000 \SystemRoot\system32\drivers\msahci.sys
0x82B40000 \SystemRoot\system32\drivers\hpcisss.sys
0x82B4B000 \SystemRoot\system32\drivers\adp94xx.sys
0x8AC00000 \SystemRoot\system32\drivers\adpahci.sys
0x8AC4C000 \SystemRoot\system32\drivers\adpu160m.sys
0x8AC67000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8AC8D000 \SystemRoot\system32\drivers\adpu320.sys
0x8ACB3000 \SystemRoot\system32\drivers\djsvs.sys
0x8ACC7000 \SystemRoot\system32\drivers\arc.sys
0x8ACDD000 \SystemRoot\system32\drivers\arcsas.sys
0x8ACF3000 \SystemRoot\system32\drivers\elxstor.sys
0x8AD87000 \SystemRoot\system32\drivers\i2omp.sys
0x8AD91000 \SystemRoot\system32\drivers\iirsp.sys
0x8ADA1000 \SystemRoot\system32\drivers\iteatapi.sys
0x8ADAD000 \SystemRoot\system32\drivers\iteraid.sys
0x8ADB9000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8ADD3000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8ADEB000 \SystemRoot\system32\drivers\megasas.sys
0x8AE03000 \SystemRoot\system32\drivers\megasr.sys
0x8AEBA000 \SystemRoot\system32\drivers\mraid35x.sys
0x8AEC5000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B002000 \SystemRoot\system32\drivers\ql2300.sys
0x8B13A000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B18F000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B19C000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B1B1000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B1BD000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B1C8000 \SystemRoot\system32\drivers\sym_u3.sys
0x8AED3000 \SystemRoot\system32\drivers\uliahci.sys
0x8B1D3000 \SystemRoot\system32\drivers\ulsata.sys
0x8AF0F000 \SystemRoot\system32\drivers\ulsata2.sys
0x8AF3B000 \SystemRoot\system32\drivers\vsmraid.sys
0x8AF5C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AF8E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B206000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B277000 \SystemRoot\system32\drivers\ndis.sys
0x8B382000 \SystemRoot\system32\drivers\msrpc.sys
0x8B3AD000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B40F000 \SystemRoot\System32\drivers\tcpip.sys
0x8B4F9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B60B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B71B000 \SystemRoot\system32\drivers\wd.sys
0x8B723000 \SystemRoot\system32\drivers\volsnap.sys
0x8B75C000 \SystemRoot\System32\Drivers\spldr.sys
0x8B764000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B779000 \SystemRoot\System32\Drivers\mup.sys
0x8B788000 \SystemRoot\System32\drivers\ecache.sys
0x8B7AF000 \SystemRoot\system32\drivers\disk.sys
0x8B7C0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B7EB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B7F6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B514000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B600000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F200000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FB71000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8B523000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FB73000 \SystemRoot\System32\drivers\watchdog.sys
0x8FB7F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FB8A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FBC8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FC09000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC96000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FCB8000 \SystemRoot\system32\DRIVERS\athr.sys
0x8FDDD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FDF0000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8FDF5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B5C4000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FBD7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FC02000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FBE2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AF9E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B5F4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B3E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AFCD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AFF0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82BB5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82BC9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x82BDE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FC06000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90004000 \SystemRoot\system32\DRIVERS\ks.sys
0x9002E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90038000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90045000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9007A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9008B000 \SystemRoot\system32\drivers\CHDRT32.sys
0x900C6000 \SystemRoot\system32\drivers\portcls.sys
0x900F3000 \SystemRoot\system32\drivers\drmk.sys
0x90118000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x9020B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x9030E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x903C3000 \SystemRoot\system32\drivers\modem.sys
0x903D0000 \SystemRoot\system32\drivers\nvhda32v.sys
0x903DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x903E7000 \SystemRoot\System32\Drivers\Null.SYS
0x903EE000 \SystemRoot\System32\Drivers\Beep.SYS
0x90200000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90156000 \SystemRoot\System32\drivers\vga.sys
0x90162000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x903F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90183000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9018B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90196000 \SystemRoot\System32\Drivers\Npfs.SYS
0x901A4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x901AD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x901C3000 \SystemRoot\system32\DRIVERS\smb.sys
0x90409000 \SystemRoot\system32\drivers\afd.sys
0x90451000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90483000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90499000 \SystemRoot\system32\DRIVERS\netbios.sys
0x904A7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x904BA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x904C0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x904FC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90506000 \SystemRoot\System32\Drivers\dfsc.sys
0x9051D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90539000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x9054C000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x9054E000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x90557000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90560000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90570000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90578000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9058F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x905B0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x905BD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x905C8000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x98E60000 \SystemRoot\System32\win32k.sys
0x905D2000 \SystemRoot\System32\drivers\Dxapi.sys
0x905DC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99080000 \SystemRoot\System32\TSDDD.dll
0x990A0000 \SystemRoot\System32\cdd.dll
0x901D7000 \SystemRoot\system32\drivers\luafv.sys
0x905EB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x81809000 \SystemRoot\system32\drivers\spsys.sys
0x818B9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x818C9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x818F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x818FD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81910000 \SystemRoot\system32\drivers\HTTP.sys
0x8197D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8199A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x819B3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x819C8000 \SystemRoot\system32\drivers\mrxdav.sys
0x8B7C9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F239000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F251000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F278000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F2DE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9F2E2000 \SystemRoot\system32\drivers\peauth.sys
0x9F3C0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F3CA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F3D6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F3DE000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779A0000 \Windows\System32\ntdll.dll

Processes (total 95):
0 System Idle Process
4 System
460 C:\Windows\System32\smss.exe
544 csrss.exe
596 C:\Windows\System32\wininit.exe
608 csrss.exe
640 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
812 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\nvvsvc.exe
904 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\winlogon.exe
1204 C:\Windows\System32\audiodg.exe
1272 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\SLsvc.exe
1324 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\nvvsvc.exe
1484 C:\Windows\System32\svchost.exe
1628 C:\Windows\System32\wlanext.exe
1708 C:\Windows\System32\spoolsv.exe
1768 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1784 C:\Windows\System32\svchost.exe
1992 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2024 C:\Windows\System32\svchost.exe
524 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1988 C:\Windows\System32\svchost.exe
2092 C:\Windows\SMINST\BLService.exe
2112 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2140 C:\Windows\System32\svchost.exe
2196 C:\Windows\System32\svchost.exe
2236 C:\Windows\System32\SearchIndexer.exe
2348 C:\Windows\System32\drivers\XAudio.exe
2396 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2788 C:\Windows\System32\taskeng.exe
3812 CNAB4RPK.EXE
4004 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4064 C:\Windows\System32\svchost.exe
632 C:\Program Files\Windows Media Player\wmpnetwk.exe
2652 C:\Windows\servicing\TrustedInstaller.exe
712 C:\Windows\System32\dwm.exe
3552 C:\Windows\System32\taskeng.exe
3368 C:\Windows\explorer.exe
3020 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1588 C:\Program Files\HP\QuickPlay\QPService.exe
340 C:\Program Files\Windows Defender\MSASCui.exe
2224 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2016 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
4080 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3404 C:\Windows\WindowsMobile\wmdSync.exe
2960 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
1332 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3280 C:\Program Files\Winamp\winampa.exe
2912 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
532 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3036 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
1416 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3176 C:\Program Files\Windows Sidebar\sidebar.exe
2460 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3528 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
788 C:\Program Files\phonostar\ps_timer.exe
772 C:\Windows\ehome\ehtray.exe
1176 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
3276 C:\Program Files\ICQ7.0\ICQ.exe
3212 C:\Program Files\Windows Media Player\wmpnscfg.exe
2456 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3236 WmiPrvSE.exe
4104 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4116 C:\Windows\ehome\ehmsas.exe
4184 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4248 C:\Windows\System32\wbem\unsecapp.exe
4304 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4348 C:\Windows\System32\wuauclt.exe
4416 C:\Program Files\Windows Sidebar\sidebar.exe
5300 C:\Windows\System32\VSSVC.exe
5420 C:\Windows\System32\SearchProtocolHost.exe
5700 C:\Windows\System32\svchost.exe
5932 C:\Program Files\Internet Explorer\iexplore.exe
5992 C:\Program Files\Internet Explorer\iexplore.exe
6132 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1180 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
4220 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
4344 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
4272 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
5012 C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
3260 C:\Windows\System32\SearchFilterHost.exe
6064 C:\Program Files\Internet Explorer\iexplore.exe
3136 C:\Windows\System32\SearchProtocolHost.exe
5780 C:\Users\Rene\Desktop\MBRCheck.exe
5100 C:\Windows\System32\conime.exe
4920 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`f9900000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250JI, Rev: HS100-10

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 05.10.2010 18:38
Wir sind noch nicht durch, denn der MBR (Master Boot Record) muss neu geschrieben werden. Also wieder was neues :zunge: :D

Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).
Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

untermieter 06.10.2010 15:52
ich habe doch nen recovery auf der fesplatte d: würde das nicht auch gehen?? hab das aber noch nicht so gemacht....

cosinus 06.10.2010 19:47
Nein mach das bitte mit der ISO-Datei. Es sei denn Du hast über die Recover-Partition genau die gleichen Möglichkeiten, glaub ich aber nicht.

untermieter 07.10.2010 15:14
Das war richtig das ich bei Coputerreparation dann auf die eingabeaufforderung gehe oder??
So habe ich das gemach beides eingeben, dann stand dort Vorgang wurde beendet oder so ähnlich und bin mit exit raus und habe ohne CD neugestartet

cosinus 07.10.2010 18:43
Ja, in der Eingabeaufforderung richtig. Mach bitte ein neues Log mit MBRCheck.

untermieter 08.10.2010 17:39
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ70 Notebook PC
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 197):
0x82401000 \SystemRoot\system32\ntkrnlpa.exe
0x827BA000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80675000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80683000 \SystemRoot\system32\drivers\acpi.sys
0x806C9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DA000 \SystemRoot\system32\drivers\pci.sys
0x80701000 \SystemRoot\system32\drivers\isapnp.sys
0x80710000 \SystemRoot\system32\drivers\mpio.sys
0x8072C000 \SystemRoot\System32\drivers\partmgr.sys
0x8073B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8073E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80748000 \SystemRoot\system32\drivers\volmgr.sys
0x80757000 \SystemRoot\System32\drivers\volmgrx.sys
0x807A1000 \SystemRoot\system32\drivers\intelide.sys
0x807A8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807B6000 \SystemRoot\system32\drivers\pciide.sys
0x807BD000 \SystemRoot\system32\drivers\aliide.sys
0x807C4000 \SystemRoot\system32\drivers\amdide.sys
0x807CB000 \SystemRoot\system32\drivers\cmdide.sys
0x807D3000 \SystemRoot\System32\drivers\mountmgr.sys
0x807E3000 \SystemRoot\system32\drivers\msdsm.sys
0x805B4000 \SystemRoot\system32\drivers\nvraid.sys
0x805CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x805F0000 \SystemRoot\system32\drivers\viaide.sys
0x82A05000 \SystemRoot\system32\drivers\iastorv.sys
0x82AA6000 \SystemRoot\system32\drivers\atapi.sys
0x82AAE000 \SystemRoot\system32\drivers\ataport.SYS
0x82ACC000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x82AE6000 \SystemRoot\system32\drivers\storport.sys
0x82B27000 \SystemRoot\system32\drivers\nvstor.sys
0x82B34000 \SystemRoot\system32\drivers\msahci.sys
0x82B3E000 \SystemRoot\system32\drivers\hpcisss.sys
0x82B49000 \SystemRoot\system32\drivers\adp94xx.sys
0x82BB3000 \SystemRoot\system32\drivers\adpahci.sys
0x8AC08000 \SystemRoot\system32\drivers\adpu160m.sys
0x8AC23000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8AC49000 \SystemRoot\system32\drivers\adpu320.sys
0x8AC6F000 \SystemRoot\system32\drivers\djsvs.sys
0x8AC83000 \SystemRoot\system32\drivers\arc.sys
0x8AC99000 \SystemRoot\system32\drivers\arcsas.sys
0x8ACAF000 \SystemRoot\system32\drivers\elxstor.sys
0x8AD43000 \SystemRoot\system32\drivers\i2omp.sys
0x8AD4D000 \SystemRoot\system32\drivers\iirsp.sys
0x8AD5D000 \SystemRoot\system32\drivers\iteatapi.sys
0x8AD69000 \SystemRoot\system32\drivers\iteraid.sys
0x8AD75000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8AD8F000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8ADA7000 \SystemRoot\system32\drivers\megasas.sys
0x8AE03000 \SystemRoot\system32\drivers\megasr.sys
0x8AEBA000 \SystemRoot\system32\drivers\mraid35x.sys
0x8AEC5000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B001000 \SystemRoot\system32\drivers\ql2300.sys
0x8B139000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B18E000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B19B000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B1B0000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B1BC000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B1C7000 \SystemRoot\system32\drivers\sym_u3.sys
0x8AED3000 \SystemRoot\system32\drivers\uliahci.sys
0x8B1D2000 \SystemRoot\system32\drivers\ulsata.sys
0x8AF0F000 \SystemRoot\system32\drivers\ulsata2.sys
0x8AF3B000 \SystemRoot\system32\drivers\vsmraid.sys
0x8AF5C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AF8E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B20E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B27F000 \SystemRoot\system32\drivers\ndis.sys
0x8B38A000 \SystemRoot\system32\drivers\msrpc.sys
0x8B3B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B404000 \SystemRoot\System32\drivers\tcpip.sys
0x8B4EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B60E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B71E000 \SystemRoot\system32\drivers\wd.sys
0x8B726000 \SystemRoot\system32\drivers\volsnap.sys
0x8B75F000 \SystemRoot\System32\Drivers\spldr.sys
0x8B767000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B77C000 \SystemRoot\System32\Drivers\mup.sys
0x8B78B000 \SystemRoot\System32\drivers\ecache.sys
0x8B7B2000 \SystemRoot\system32\drivers\disk.sys
0x8B7C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B7EE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B600000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B509000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B518000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F000000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F971000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8B521000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F973000 \SystemRoot\System32\drivers\watchdog.sys
0x8F97F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F98A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F9C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FC04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC91000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FCB3000 \SystemRoot\system32\DRIVERS\athr.sys
0x8FDD8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FDEB000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8FDF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B5C2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FDFB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F9D7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F9E2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AF9E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B5F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AFCD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B3F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ADB1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AFE4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ADD4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ADE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90009000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90019000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9001B000 \SystemRoot\system32\DRIVERS\ks.sys
0x90045000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9004F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9005C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90091000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x900A2000 \SystemRoot\system32\drivers\CHDRT32.sys
0x900DD000 \SystemRoot\system32\drivers\portcls.sys
0x9010A000 \SystemRoot\system32\drivers\drmk.sys
0x9012F000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FE0C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FF0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FFC4000 \SystemRoot\system32\drivers\modem.sys
0x8FFD1000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8FFDF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FFE8000 \SystemRoot\System32\Drivers\Null.SYS
0x8FFEF000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FE00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9016D000 \SystemRoot\System32\drivers\vga.sys
0x90179000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FFF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9019A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x901A2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x901AD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x901BB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x901C4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x901DA000 \SystemRoot\system32\DRIVERS\smb.sys
0x90400000 \SystemRoot\system32\drivers\afd.sys
0x90448000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9047A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90490000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9049E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x904B1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x904B7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x904F3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x904FD000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x90510000 \SystemRoot\System32\Drivers\dfsc.sys
0x90527000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90565000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x9056F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90586000 \SystemRoot\System32\Drivers\usbvideo.sys
0x905A7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x905B4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x905BF000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x990C0000 \SystemRoot\System32\win32k.sys
0x905C9000 \SystemRoot\System32\drivers\Dxapi.sys
0x905D3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x992E0000 \SystemRoot\System32\TSDDD.dll
0x99300000 \SystemRoot\System32\cdd.dll
0x905E2000 \SystemRoot\system32\drivers\luafv.sys
0x8B7CC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x80E0C000 \SystemRoot\system32\drivers\spsys.sys
0x80EBC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x80ECC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x80EF6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x80F00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80F13000 \SystemRoot\system32\drivers\HTTP.sys
0x80F80000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x80F9D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x80FB6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x80FCB000 \SystemRoot\system32\drivers\mrxdav.sys
0x9F001000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F020000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F059000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F071000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F098000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F0FE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9F102000 \SystemRoot\system32\drivers\peauth.sys
0x9F1E0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F1EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F1F6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F0E6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAD407000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xAD41C000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0xAD425000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAD42E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAD43E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD446000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77BE0000 \Windows\System32\ntdll.dll

Processes (total 93):
0 System Idle Process
4 System
416 C:\Windows\System32\smss.exe

cosinus 08.10.2010 18:56
Log ist unvollständig.

untermieter 09.10.2010 09:10
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ70 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 197):
0x82401000 \SystemRoot\system32\ntkrnlpa.exe
0x827BA000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80675000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80683000 \SystemRoot\system32\drivers\acpi.sys
0x806C9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DA000 \SystemRoot\system32\drivers\pci.sys
0x80701000 \SystemRoot\system32\drivers\isapnp.sys
0x80710000 \SystemRoot\system32\drivers\mpio.sys
0x8072C000 \SystemRoot\System32\drivers\partmgr.sys
0x8073B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8073E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80748000 \SystemRoot\system32\drivers\volmgr.sys
0x80757000 \SystemRoot\System32\drivers\volmgrx.sys
0x807A1000 \SystemRoot\system32\drivers\intelide.sys
0x807A8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807B6000 \SystemRoot\system32\drivers\pciide.sys
0x807BD000 \SystemRoot\system32\drivers\aliide.sys
0x807C4000 \SystemRoot\system32\drivers\amdide.sys
0x807CB000 \SystemRoot\system32\drivers\cmdide.sys
0x807D3000 \SystemRoot\System32\drivers\mountmgr.sys
0x807E3000 \SystemRoot\system32\drivers\msdsm.sys
0x805B4000 \SystemRoot\system32\drivers\nvraid.sys
0x805CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x805F0000 \SystemRoot\system32\drivers\viaide.sys
0x82A05000 \SystemRoot\system32\drivers\iastorv.sys
0x82AA6000 \SystemRoot\system32\drivers\atapi.sys
0x82AAE000 \SystemRoot\system32\drivers\ataport.SYS
0x82ACC000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x82AE6000 \SystemRoot\system32\drivers\storport.sys
0x82B27000 \SystemRoot\system32\drivers\nvstor.sys
0x82B34000 \SystemRoot\system32\drivers\msahci.sys
0x82B3E000 \SystemRoot\system32\drivers\hpcisss.sys
0x82B49000 \SystemRoot\system32\drivers\adp94xx.sys
0x82BB3000 \SystemRoot\system32\drivers\adpahci.sys
0x8AC08000 \SystemRoot\system32\drivers\adpu160m.sys
0x8AC23000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8AC49000 \SystemRoot\system32\drivers\adpu320.sys
0x8AC6F000 \SystemRoot\system32\drivers\djsvs.sys
0x8AC83000 \SystemRoot\system32\drivers\arc.sys
0x8AC99000 \SystemRoot\system32\drivers\arcsas.sys
0x8ACAF000 \SystemRoot\system32\drivers\elxstor.sys
0x8AD43000 \SystemRoot\system32\drivers\i2omp.sys
0x8AD4D000 \SystemRoot\system32\drivers\iirsp.sys
0x8AD5D000 \SystemRoot\system32\drivers\iteatapi.sys
0x8AD69000 \SystemRoot\system32\drivers\iteraid.sys
0x8AD75000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8AD8F000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8ADA7000 \SystemRoot\system32\drivers\megasas.sys
0x8AE03000 \SystemRoot\system32\drivers\megasr.sys
0x8AEBA000 \SystemRoot\system32\drivers\mraid35x.sys
0x8AEC5000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B001000 \SystemRoot\system32\drivers\ql2300.sys
0x8B139000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B18E000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B19B000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B1B0000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B1BC000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B1C7000 \SystemRoot\system32\drivers\sym_u3.sys
0x8AED3000 \SystemRoot\system32\drivers\uliahci.sys
0x8B1D2000 \SystemRoot\system32\drivers\ulsata.sys
0x8AF0F000 \SystemRoot\system32\drivers\ulsata2.sys
0x8AF3B000 \SystemRoot\system32\drivers\vsmraid.sys
0x8AF5C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AF8E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B20E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B27F000 \SystemRoot\system32\drivers\ndis.sys
0x8B38A000 \SystemRoot\system32\drivers\msrpc.sys
0x8B3B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B404000 \SystemRoot\System32\drivers\tcpip.sys
0x8B4EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B60E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B71E000 \SystemRoot\system32\drivers\wd.sys
0x8B726000 \SystemRoot\system32\drivers\volsnap.sys
0x8B75F000 \SystemRoot\System32\Drivers\spldr.sys
0x8B767000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B77C000 \SystemRoot\System32\Drivers\mup.sys
0x8B78B000 \SystemRoot\System32\drivers\ecache.sys
0x8B7B2000 \SystemRoot\system32\drivers\disk.sys
0x8B7C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B7EE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B600000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B509000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B518000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F000000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F971000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8B521000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F973000 \SystemRoot\System32\drivers\watchdog.sys
0x8F97F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F98A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F9C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FC04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC91000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FCB3000 \SystemRoot\system32\DRIVERS\athr.sys
0x8FDD8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FDEB000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8FDF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B5C2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FDFB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F9D7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F9E2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AF9E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B5F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AFCD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B3F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ADB1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AFE4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ADD4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ADE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90009000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90019000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9001B000 \SystemRoot\system32\DRIVERS\ks.sys
0x90045000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9004F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9005C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90091000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x900A2000 \SystemRoot\system32\drivers\CHDRT32.sys
0x900DD000 \SystemRoot\system32\drivers\portcls.sys
0x9010A000 \SystemRoot\system32\drivers\drmk.sys
0x9012F000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FE0C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FF0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FFC4000 \SystemRoot\system32\drivers\modem.sys
0x8FFD1000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8FFDF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FFE8000 \SystemRoot\System32\Drivers\Null.SYS
0x8FFEF000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FE00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9016D000 \SystemRoot\System32\drivers\vga.sys
0x90179000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FFF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9019A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x901A2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x901AD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x901BB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x901C4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x901DA000 \SystemRoot\system32\DRIVERS\smb.sys
0x90400000 \SystemRoot\system32\drivers\afd.sys
0x90448000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9047A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90490000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9049E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x904B1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x904B7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x904F3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x904FD000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x90510000 \SystemRoot\System32\Drivers\dfsc.sys
0x90527000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90565000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x9056F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90586000 \SystemRoot\System32\Drivers\usbvideo.sys
0x905A7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x905B4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x905BF000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x990C0000 \SystemRoot\System32\win32k.sys
0x905C9000 \SystemRoot\System32\drivers\Dxapi.sys
0x905D3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x992E0000 \SystemRoot\System32\TSDDD.dll
0x99300000 \SystemRoot\System32\cdd.dll
0x905E2000 \SystemRoot\system32\drivers\luafv.sys
0x8B7CC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x80E0C000 \SystemRoot\system32\drivers\spsys.sys
0x80EBC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x80ECC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x80EF6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x80F00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80F13000 \SystemRoot\system32\drivers\HTTP.sys
0x80F80000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x80F9D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x80FB6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x80FCB000 \SystemRoot\system32\drivers\mrxdav.sys
0x9F001000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F020000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F059000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F071000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F098000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F0FE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9F102000 \SystemRoot\system32\drivers\peauth.sys
0x9F1E0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F1EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F1F6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F0E6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAD407000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xAD41C000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0xAD425000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAD42E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAD43E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD446000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77BE0000 \Windows\System32\ntdll.dll

Processes (total 90):
0 System Idle Process
4 System
416 C:\Windows\System32\smss.exe
508 csrss.exe
560 C:\Windows\System32\wininit.exe
572 csrss.exe
604 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\nvvsvc.exe
892 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\audiodg.exe
1136 C:\Windows\System32\winlogon.exe
1176 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\SLsvc.exe
1272 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\nvvsvc.exe
1476 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\wlanext.exe
1732 C:\Windows\System32\spoolsv.exe
1756 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1800 C:\Windows\System32\svchost.exe
2004 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2044 C:\Windows\System32\svchost.exe
456 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1376 C:\Windows\System32\svchost.exe
1496 C:\Windows\SMINST\BLService.exe
1880 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1860 C:\Windows\System32\svchost.exe
2184 C:\Windows\System32\svchost.exe
2280 C:\Windows\System32\drivers\XAudio.exe
2368 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2748 C:\Windows\System32\taskeng.exe
3660 C:\Windows\System32\taskeng.exe
3744 C:\Windows\System32\dwm.exe
3780 C:\Windows\explorer.exe
3924 CNAB4RPK.EXE
2204 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2680 C:\Program Files\HP\QuickPlay\QPService.exe
2700 C:\Program Files\Windows Defender\MSASCui.exe
2724 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1764 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2152 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2956 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
1400 WmiPrvSE.exe
2072 C:\Windows\WindowsMobile\wmdSync.exe
1664 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3000 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3052 C:\Program Files\Winamp\winampa.exe
1728 C:\Windows\System32\svchost.exe
512 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
288 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3192 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3040 C:\Program Files\Windows Sidebar\sidebar.exe
3320 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3352 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3368 C:\Program Files\phonostar\ps_timer.exe
1184 C:\Windows\ehome\ehtray.exe
3420 C:\Windows\System32\wbem\unsecapp.exe
1208 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
3168 C:\Program Files\Windows Media Player\wmpnscfg.exe
3600 C:\Program Files\Windows Media Player\wmpnetwk.exe
2596 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3820 C:\Windows\ehome\ehmsas.exe
3524 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
1356 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
408 C:\Program Files\Windows Sidebar\sidebar.exe
2104 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4600 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
5388 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
5416 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
5440 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
5596 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5952 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
2384 C:\Windows\System32\conime.exe
4632 C:\Program Files\Internet Explorer\iexplore.exe
4948 C:\Program Files\Internet Explorer\iexplore.exe
712 C:\Windows\System32\SearchIndexer.exe
5852 C:\Users\Rene\AppData\Local\Temp\Temp1_Radiotracker_6_Special_TrekStor_Edition.zip\Radiotracker_6_Special_TrekStor_Edition.exe
4932 C:\Users\Rene\AppData\Local\Temp\RarSFX0\ice.exe
5864 C:\Users\Rene\AppData\Local\Temp\RarSFX0\ice.exe
1452 C:\Users\Rene\AppData\Local\Temp\RarSFX0\RadiotrackerSetup_web.exe
4888 C:\Windows\System32\msiexec.exe
4464 C:\Program Files\Internet Explorer\iexplore.exe
4860 C:\Users\Rene\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`f9900000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250JI, Rev: HS100-10
PhysicalDrive1 Model Number: TrekStorDS maxi g.u, Rev:

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

cosinus 09.10.2010 17:24
Zitat:
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

untermieter 10.10.2010 11:31
Hier das erste Programmlog:
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4787

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

10.10.2010 12:30:54
mbam-log-2010-10-10 (12-30-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 346327
Laufzeit: 1 Stunde(n), 32 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 10.10.2010 19:43
Und das von SASW?

untermieter 11.10.2010 15:36
Hier das letzte:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 10/11/2010 at 04:24 PM

Application Version : 4.44.1000

Core Rules Database Version : 5663
Trace Rules Database Version: 3475

Scan type : Quick Scan
Total Scan Time : 00:17:38

Memory items scanned : 792
Memory threats detected : 0
Registry items scanned : 2595
Registry threats detected : 0
File items scanned : 12173
File threats detected : 1

Adware.Tracking Cookie
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ar.atwola[2].txt

cosinus 11.10.2010 19:29
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

untermieter 12.10.2010 14:34
Ne nur das was ich kopiert habe.

cosinus 13.10.2010 08:02
Wir sind dann durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:47 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131