| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.08.2010, 16:28
| #1 |
 |  Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Hallo Leute Ich bekomme seit heute Vormittag alle 2-3 Minuten von Avast die Meldung: BÖSARTIGE WEBSEITE BLOCKIERT Objekt: newporto.cn/cgi-bin/options.cgi? Infektion: URL:Mal Aktion: Blockiert Prozess: C:\Program Files\Mozilla Firefox\ firefox.exe Eine Bedrohung wurde gefunden und noch vor der Verbindung zur URL blockiert. Nach ein paar Stunden änderte sich der Objektname in: newporto.cn/cgi-bin/forms.cgi Und jetzt wechseln sich die Objeknamen bei der Meldung immer ab.  Ich habe Avast und Malwarebyte durchlaufen lassen, aber nichts gefunden. Ich bin außerdem auf diesen Thread hier gestoßen : http://www.trojaner-board.de/87486-b...papras-he.html der mir bis zu einem gewissen Punkt weitergeholfen hat. Ich habe OTL durchlaufen lassen, aber mit Combofix arbeiten habe ich mich ohne eine gewisse Sicherheit, dass ich nichts beschädige nicht getraut.  Hier die Daten: Malwarebyte Report : Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4422
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12.08.2010 16:55:09
mbam-log-2010-08-12 (16-55-09).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144149
Laufzeit: 4 Minute(n), 28 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 12.08.2010 17:15:14 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Checker\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 387,65 Gb Free Space | 83,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHECKER
Current User Name: Checker
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Checker\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\Checker\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\System32\lpreepad.dll ()
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (PnkBstrB) -- C:\Windows\System32\PnkBstrB.exe File not found
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe File not found
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
========== Driver Services (SafeList) ==========
DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (VWiFiFlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation)
DRV - (s616bus) Sony Ericsson Device 616 driver (WDM) -- C:\Windows\System32\drivers\s616bus.sys (MCCI Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED B8 00 67 81 3F CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.05 22:26:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 18:19:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.05 22:26:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 18:19:54 | 000,000,000 | ---D | M]
[2010.08.01 18:10:17 | 000,000,000 | ---D | M] -- C:\Users\Checker\AppData\Roaming\mozilla\Extensions
[2010.08.01 18:10:17 | 000,000,000 | ---D | M] -- C:\Users\Checker\AppData\Roaming\mozilla\Firefox\Profiles\kcf98jt2.Checker\extensions
[2010.08.01 18:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.08.12 16:09:32 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Checker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ie4uched - (C:\Windows\system32\lpreepad.dll) - C:\Windows\System32\lpreepad.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.08.12 16:45:44 | 000,000,000 | ---D | C] -- C:\Users\Checker\AppData\Roaming\Malwarebytes
[2010.08.12 16:43:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.12 16:43:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.12 16:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.12 16:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.12 16:09:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.11 18:34:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.11 17:52:33 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.11 17:52:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 17:52:31 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 17:52:29 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 17:52:29 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.11 17:52:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 17:52:27 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 17:52:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 17:52:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 17:52:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 17:52:27 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 17:52:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 17:52:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 17:52:21 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.05 23:19:29 | 000,000,000 | ---D | C] -- C:\Users\Checker\AppData\Roaming\vlc
[2010.08.05 23:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.08.05 22:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\ClipGrab
[2010.08.01 18:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.08.01 18:09:54 | 000,000,000 | ---D | C] -- C:\Users\Checker\AppData\Roaming\Mozilla
[2010.07.15 12:19:05 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.07.15 12:19:04 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.07.15 12:19:04 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.07.15 12:19:02 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.07.15 12:18:58 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.07.15 12:18:48 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.07.15 12:18:48 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
========== Files - Modified Within 30 Days ==========
[2010.08.12 17:15:48 | 003,670,016 | -HS- | M] () -- C:\Users\Checker\ntuser.dat
[2010.08.12 16:43:30 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.12 16:37:26 | 000,005,174 | ---- | M] () -- C:\Users\Checker\Documents\cc_20100812_163721.reg
[2010.08.12 16:37:03 | 000,052,210 | ---- | M] () -- C:\Users\Checker\Documents\cc_20100812_163647.reg
[2010.08.12 16:23:42 | 001,531,754 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.12 16:23:42 | 000,663,720 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.12 16:23:42 | 000,633,674 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.12 16:23:42 | 000,135,384 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.12 16:23:42 | 000,111,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.12 16:16:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.12 16:16:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.12 16:16:33 | 2415,259,648 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.12 16:15:36 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 16:15:36 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 16:09:32 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.08.12 13:04:28 | 000,114,104 | ---- | M] () -- C:\Users\Checker\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.12 13:03:50 | 000,430,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.11 20:24:03 | 020,879,597 | -H-- | M] () -- C:\Users\Checker\AppData\Local\IconCache.db
[2010.08.05 22:42:10 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2010.08.05 22:40:14 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010.08.01 18:19:56 | 000,001,909 | ---- | M] () -- C:\Users\Checker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.08.01 18:19:56 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.29 08:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.07.18 20:59:13 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.07.15 12:19:06 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.07.15 12:18:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
========== Files Created - No Company Name ==========
[2010.08.12 16:43:30 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.12 16:37:23 | 000,005,174 | ---- | C] () -- C:\Users\Checker\Documents\cc_20100812_163721.reg
[2010.08.12 16:36:49 | 000,052,210 | ---- | C] () -- C:\Users\Checker\Documents\cc_20100812_163647.reg
[2010.08.05 22:42:10 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2010.08.05 22:40:13 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.08.01 18:09:51 | 000,001,909 | ---- | C] () -- C:\Users\Checker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.08.01 18:09:51 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.18 20:59:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.15 12:19:06 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.06.21 18:20:17 | 000,046,592 | -H-- | C] () -- C:\Windows\System32\lpreepad.dll
[2010.05.09 12:20:02 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.09 12:20:02 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.10.11 15:30:58 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.10.03 21:38:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll
[2009.09.30 10:47:16 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2009.09.30 10:47:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2009.09.30 10:47:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2009.09.30 10:47:16 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F30723D8
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 12.08.2010 17:15:14 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Checker\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 387,65 Gb Free Space | 83,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHECKER
Current User Name: Checker
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0722CFC8-FB86-B21D-57D2-8CB1E4AFF39E}" = CCC Help Danish
"{0842768F-A173-8B9D-EEDD-DB89B0BC75D9}" = Catalyst Control Center HydraVision Full
"{16AEDA59-36F3-D016-830A-CCAF0B308ECD}" = CCC Help English
"{1B66C6A6-A833-18B6-A644-0D89F6E7CD83}" = ccc-core-static
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FF281F1-4C2F-0D07-BCF0-2CA8E493A671}" = CCC Help Chinese Traditional
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{380EBAEB-DDAF-B6F3-2551-03351C611264}" = CCC Help Italian
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B206713-B5A9-8997-97D3-7D3BAEF0D863}" = CCC Help Thai
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E354FBA-C7CE-402A-BB0D-225230BB1918}" = Logitech G15 Keyboard Software 1.04
"{3EB2B92A-49F5-CE65-37B1-8D3E95178228}" = Catalyst Control Center Graphics Full Existing
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44FF51BA-F614-73F9-BCE5-10D1EA3CCBBF}" = CCC Help Finnish
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{491E59D3-4E72-6276-52CA-D9658C941B01}" = CCC Help Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A381195-A058-D453-EC4C-A27D438A236C}" = CCC Help Czech
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55F1C4F2-7076-32BE-1134-FD7696DAFAFB}" = Catalyst Control Center InstallProxy
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{644FCC7C-63F5-5EE1-258D-30A5FD195891}" = HydraVision
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6EA12203-3A1F-D36E-001A-EEED26D69C08}" = CCC Help Korean
"{6F083009-8E47-004F-8459-FEC59389BC4B}" = CCC Help Portuguese
"{7F77542B-C7D0-9A23-7817-018F2C7AC066}" = CCC Help Norwegian
"{86A4E293-3356-851A-A92B-F7417E33EA6B}" = Catalyst Control Center Graphics Full New
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.0.7
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8D58A2D8-3F73-4239-2BFA-45C33C6994B9}" = CCC Help Dutch
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9EEFDD22-6CBA-8BBC-A46F-A0175CC071D3}" = CCC Help Swedish
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D91AD2-056B-EE87-D196-81F9834551DA}" = CCC Help Polish
"{BBD19BBF-9ABD-F856-5AA1-58A31C3000D3}" = Catalyst Control Center Core Implementation
"{BCD42839-C433-159D-C0E0-00071FAFFF11}" = ATI Catalyst Install Manager
"{C08C8FCE-6EAB-97E4-403C-5ED67C475B53}" = CCC Help Spanish
"{C3D2EE61-7B29-000E-FFB2-9ECACDC142BD}" = CCC Help Japanese
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C70DCDB3-04F7-F325-5BB2-D646C77342A1}" = CCC Help German
"{CA947F32-E30F-79C0-497C-AA923CA87E6E}" = Catalyst Control Center Localization All
"{CCEC07F5-49FC-3CEA-C5DB-5E8311CD9F8C}" = CCC Help French
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2A1367C-2C73-7B44-BCC4-C8CFEA0BA870}" = CCC Help Chinese Standard
"{D2CD6E9B-C783-B1E1-0415-7DA6D54B8869}" = ccc-utility
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3EF3D90-CB56-5A6A-6F51-8A3A308A39A8}" = CCC Help Greek
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D8E339C9-D9DC-94D3-7731-DFEEA6D2277C}" = CCC Help Russian
"{E0112FF2-FB01-1442-9365-EAC63B08729D}" = Catalyst Control Center Graphics Previews Vista
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3EEBF5A-C102-E6CA-9194-2A4A86D74C81}" = CCC Help Hungarian
"{EF18BFA9-45A1-235F-6F6C-F78D3ED37437}" = Catalyst Control Center Graphics Light
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F839F4CD-FA17-CB5D-5422-AB846989EE18}" = Catalyst Control Center Graphics Previews Common
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aonUpdate" = aonUpdate
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Digital Editions" = Adobe Digital Editions
"Eazel-DE Toolbar" = Eazel-DE Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MessengerDiscovery 2_is1" = MessengerDiscovery 2.0.48
"MessengerDiscovery_is1" = MessengerDiscovery 2.5.95
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CreepSmash.com" = CreepSmash.com
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.08.2010 09:05:11 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 12.08.2010 09:05:12 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 12.08.2010 09:05:12 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 12.08.2010 09:05:13 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 12.08.2010 09:06:16 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 12.08.2010 09:06:17 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 12.08.2010 09:10:18 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 12.08.2010 10:11:29 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 12.08.2010 10:14:20 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 12.08.2010 10:16:50 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
[ Media Center Events ]
Error - 26.01.2010 14:17:32 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 7:17:32 PM - Error connecting to the internet. 7:17:32 PM - Unable
to contact server..
Error - 26.01.2010 14:17:42 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 7:17:37 PM - Error connecting to the internet. 7:17:37 PM - Unable
to contact server..
Error - 01.02.2010 13:51:14 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 6:51:14 PM - Error connecting to the internet. 6:51:14 PM - Unable
to contact server..
Error - 01.02.2010 13:51:22 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 6:51:19 PM - Error connecting to the internet. 6:51:19 PM - Unable
to contact server..
Error - 17.02.2010 13:53:51 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 6:53:50 PM - Error connecting to the internet. 6:53:50 PM - Unable
to contact server..
Error - 17.02.2010 13:53:59 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 6:53:56 PM - Error connecting to the internet. 6:53:56 PM - Unable
to contact server..
Error - 18.02.2010 01:47:00 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 6:46:56 AM - Error connecting to the internet. 6:46:56 AM - Unable
to contact server..
Error - 18.02.2010 08:21:55 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 1:21:47 PM - Error connecting to the internet. 1:21:47 PM - Unable
to contact server..
Error - 26.02.2010 12:45:09 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 5:45:09 PM - Error connecting to the internet. 5:45:09 PM - Unable
to contact server..
Error - 26.02.2010 12:45:18 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 5:45:15 PM - Error connecting to the internet. 5:45:15 PM - Unable
to contact server..
[ System Events ]
Error - 28.02.2010 10:03:26 | Computer Name = HD4890 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 28.02.2010 10:03:26 | Computer Name = HD4890 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.02.2010 10:16:49 | Computer Name = HD4890 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 28.02.2010 10:16:49 | Computer Name = HD4890 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 01.03.2010 12:28:50 | Computer Name = HD4890 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 01.03.2010 12:28:50 | Computer Name = HD4890 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 02.03.2010 12:35:37 | Computer Name = HD4890 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 02.03.2010 12:35:37 | Computer Name = HD4890 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 03.03.2010 13:31:47 | Computer Name = HD4890 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 03.03.2010 13:31:47 | Computer Name = HD4890 | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
So ich hoffe ihr könnt mir mit meinem Problem weiterhelfen, da ich schon langsam am Verzweifeln bin. |
|
14.08.2010, 18:20
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Mach bitte einen Vollscan mit aktuellem Malwarebytes.
__________________
__________________ |
|
14.08.2010, 18:59
| #3 |
| | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Abend
__________________Danke für deine Antwort Ich habe 2-mal mit Malwarebytes einen Vollscan gemacht und das Programm ist bei beiden Versuchen nach ca 15-20 min abgestürzt. |
|
14.08.2010, 23:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O33 - MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O36 - AppCertDlls: ie4uched - (C:\Windows\system32\lpreepad.dll) - C:\Windows\System32\lpreepad.dll ()
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F30723D8
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.08.2010, 09:53
| #5 |
| | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Ich habe Malwarebyte im abgesicherten Modus durchlaufen lassen und es ist nicht abgestürzt. Hier die Logs: Malwarebyte: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4428
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
15.08.2010 10:32:53
mbam-log-2010-08-15 (10-32-53).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 259948
Laufzeit: 26 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300d739d-ab74-11de-92a9-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300d739d-ab74-11de-92a9-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300d739f-ab74-11de-92a9-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300d739f-ab74-11de-92a9-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754e0060-b668-11de-8419-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754e0060-b668-11de-8419-806e6f6e6963}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\ not found.
File F:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2433531-e41e-11de-b78a-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2433531-e41e-11de-b78a-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2433535-e41e-11de-b78a-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2433535-e41e-11de-b78a-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd165671-9c03-11de-a242-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd165671-9c03-11de-a242-806e6f6e6963}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\ie4uched:C:\Windows\system32\lpreepad.dll deleted successfully.
C:\Windows\System32\lpreepad.dll moved successfully.
ADS C:\ProgramData\Temp:F30723D8 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Checker
->Temp folder emptied: 14650271 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 2618 bytes
User: dasd
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 532938 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 14,00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 08152010_104452
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
15.08.2010, 18:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? |
|
15.08.2010, 19:07
| #7 |
| | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Hier das Log: Code:
ATTFilter ComboFix 10-08-14.06 - Checker 15.08.2010 19:55:45.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2167 [GMT 2:00]
Running from: c:\users\Checker\Desktop\cofi.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\muzapp.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.
2010-08-15 17:54 . 2010-08-15 17:54 -------- d-----w- C:\32788R22FWJFW
2010-08-14 17:30 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-14 17:30 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-14 17:30 . 2010-08-14 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-12 19:14 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-12 19:14 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-12 19:14 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-12 19:14 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-12 19:14 . 2010-03-09 10:08 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-12 19:14 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-08-12 19:14 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-12 14:45 . 2010-08-12 14:45 -------- d-----w- c:\users\Checker\AppData\Roaming\Malwarebytes
2010-08-12 14:43 . 2010-08-12 14:43 -------- d-----w- c:\programdata\Malwarebytes
2010-08-12 14:09 . 2010-08-12 14:09 -------- d-----w- C:\_OTL
2010-08-05 21:19 . 2010-08-05 21:20 -------- d-----w- c:\users\Checker\AppData\Roaming\vlc
2010-08-05 21:19 . 2010-08-05 21:19 -------- d-----w- c:\program files\VideoLAN
2010-08-05 20:42 . 2010-08-05 20:42 -------- d-----w- c:\program files\ClipGrab
2010-08-05 20:40 . 2010-08-05 20:40 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-07-18 18:59 . 2010-07-18 18:59 0 ----a-w- c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 08:53 . 2009-09-07 15:07 663720 ----a-w- c:\windows\system32\perfh007.dat
2010-08-15 08:53 . 2009-09-07 15:07 135384 ----a-w- c:\windows\system32\perfc007.dat
2010-08-12 13:54 . 2009-09-26 06:57 -------- d-----w- c:\program files\ChessBase
2010-08-12 11:04 . 2009-09-07 14:27 114104 ----a-w- c:\users\Checker\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 18:26 . 2009-09-07 14:50 -------- d-----w- c:\programdata\Microsoft Help
2010-08-05 20:43 . 2010-02-20 15:51 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-01 14:06 . 2009-09-15 17:23 -------- d-----w- c:\users\Checker\AppData\Roaming\MessengerDiscovery 2
2010-07-29 06:30 . 2010-08-11 15:52 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 15:52 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-15 10:18 . 2010-02-14 14:42 -------- d-----w- c:\programdata\Alwil Software
2010-07-15 10:18 . 2010-02-14 20:51 -------- d-----w- c:\program files\OpenOffice.org 3
2010-06-30 06:25 . 2010-08-11 15:52 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-11 15:52 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 15:52 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 15:52 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 17:16 . 2009-10-07 16:52 -------- d-----w- c:\users\Checker\AppData\Roaming\Dev-Cpp
2010-06-21 16:58 . 2010-06-21 16:49 -------- d-----w- c:\users\Checker\AppData\Roaming\Orbit
2010-06-21 16:49 . 2010-06-21 16:49 -------- d-----w- c:\users\Checker\AppData\Roaming\GrabPro
2010-06-20 08:49 . 2010-06-20 08:47 -------- d-----w- c:\program files\Motherboard Monitor 5
2010-06-19 18:00 . 2010-02-14 20:51 1 ----a-w- c:\users\Checker\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-19 13:53 . 2010-06-19 13:53 -------- d-----w- c:\users\Checker\AppData\Roaming\Bump Technologies, Inc
2010-06-19 06:33 . 2010-08-11 15:52 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 15:52 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 15:52 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 15:52 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-11 15:52 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-11 15:52 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-08 18:28 . 2010-06-08 18:23 2167292 ----a-w- c:\users\Checker\AppData\Roaming\MessengerDiscovery 2\1917497706\Update.exe
2010-06-08 06:02 . 2010-08-11 15:52 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-06 12:10 . 2009-10-11 13:30 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 12:10 . 2009-10-11 13:30 138056 ----a-w- c:\users\Checker\AppData\Roaming\PnkBstrK.sys
2010-06-06 12:10 . 2009-10-11 13:30 138056 ----a-w- c:\users\Checker\AppData\Roaming\PnkBstrK.sys
2010-06-06 12:10 . 2010-06-05 17:02 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-06-06 12:10 . 2009-10-11 13:30 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-05 07:31 . 2010-06-05 07:31 113440 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2010-05-27 07:24 . 2010-06-11 13:09 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 13:09 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 18:32 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}"= "c:\program files\Eazel-DE\tbEaze.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]
2009-07-02 08:18 2215960 ----a-w- c:\program files\Eazel-DE\tbEaze.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}"= "c:\program files\Eazel-DE\tbEaze.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}"= "c:\program files\Eazel-DE\tbEaze.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-07-23 162912]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 774168]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 1132056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]
c:\users\Checker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2009-10-28 08:51 3402552 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
2008-08-07 12:10 2854912 ----a-w- c:\program files\MOUSE Editor\MouseEditor.exe
R1 ntiomin;ntiomin; [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-21 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-21 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-21 121856]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-21 98560]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
S1 aswSP;aswSP; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-10-26 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-09 217088]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-10-26 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-10-09 36640]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Checker\AppData\Roaming\Mozilla\Firefox\Profiles\kcf98jt2.Checker\
FF - prefs.js: browser.startup.homepage - google.at
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-15 20:04:10
ComboFix-quarantined-files.txt 2010-08-15 18:04
Pre-Run: 416.823.873.536 bytes free
Post-Run: 416.723.861.504 bytes free
- - End Of File - - B5360379BFFC9D63C5766AFCC24748D8
|
|
15.08.2010, 19:34
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2010, 21:27
| #9 |
| | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Bei Osam kam Part 7 bei der Anleitung nicht: Danach clicke wieder "Next" -> "Next" -> Next". Hier die Logs: GMER: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-15 22:03:32
Windows 6.1.7600
Running: n3vpuipv.exe; Driver: C:\Users\Checker\AppData\Local\Temp\uwldqpog.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830383F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020FB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830381DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830386F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830391A8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x911274FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x91127322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x9112745C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8308A8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830AA3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntoskrnl.exe!ZwLoadDriver 831F6124 7 Bytes JMP 91127460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 83236E0D 5 Bytes JMP 911234BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 8325E1CA 5 Bytes JMP 911249D8 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 832A7F2B 7 Bytes JMP 91127326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 83326812 7 Bytes JMP 91127502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9303B000, 0x2D5378, 0xE8000020]
.text peauth.sys 94AF4C9D 28 Bytes [D5, B5, 7F, E0, 80, 15, C4, ...]
.text peauth.sys 94AF4CC1 28 Bytes [D5, B5, 7F, E0, 80, 15, C4, ...]
PAGE peauth.sys 94AFAB9B 72 Bytes [C9, 15, 0C, 42, D8, 73, BE, ...]
PAGE peauth.sys 94AFABEC 111 Bytes [19, F8, 9B, C6, 7A, 7A, F1, ...]
PAGE peauth.sys 94AFB02C 102 Bytes [56, E3, 5D, E3, C7, D4, 54, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A0827000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A0827123 629 Bytes [25, 82, A0, FE, 05, 34, 25, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A0827399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A08273FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A08274AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
? C:\Users\Checker\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\Checker\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\ACPI_HAL \Device\0000008b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fcf407307
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fcf407307@0022981bdb66 0xAE 0x70 0x87 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???k?s???k?????k??????????????????????<??k?????g????ROOT\RDP_MOU?????????????????????????????????????????4???????u???????i???????e???????{???????z???|????:??????????k????4?????????????cdrom.inf????????k???????????????j???D??s5???????????v????????m38????????o???k??????????????????????????????Port_#0002.Hub_#0001?0??.NT?????????o????????????f??????02???????????c?????s-0???????????4??????????? ??k??? ?????re ???????u??????????????t???LegacyDriver????????????????? ???e??????ib??? ??k???????????????????????????????????????i??????,%???e?k?k?k?????k??? ???????~???????~???????k??????????????????????????????????????vwifibus?????i?i?j?s?i??ms_ndiswanipv6???????????i???????e??????*6to4mp???????????????N??k??????????????*6to4mp??v???????????????????????z???????????4????????????X??k???2????????N??k???q????D???????N??????-?????????nF0???????k??????????????????????????????????1c????X??????u???????s???????????????????????????k??? ???????h?j?k?k?k???k??????????????????????????????usbccgp??????g?j?j?j?k???j?????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????????????????????USB\VID_05FE&PID_0011&REV_0000?USB\VID_05FE&PID_0011????system32\DRIVERS\asyncmac.sys???????????????????????ta????????4?????????p?????????????????????????R??????B?????n93??STORAGE\VolumeSnapshot????????N??????5?????n9A???????i??????????????????????????????tunnel???????????????????????????i???????????e??????????4.40.2.0?????u??????????????????GEN_SCSIADAPTER??y???????h??????#????????????5?????e??????P??????????????d???????d??????????????????????????ef??4-3-2007?????????????????????B??????C9?????~???~?????~???????????????????????h???????.??? r????????????5??????N??????l????D.76???????????????????????????-?D67??????? ??HID\VID_09DA&PID_8090&REV_0606&MI_01&Col02?HID\VID_09DA&PID_8090&MI_01&Col02?HID_DEVICE_SYSTEM_CONTROL?HID_DEVICE_UP:0001_U:0080?HID_DEVICE?????{dae20dad-a20b-11de-ab39-806e6f6e6963}??????{745a17a0-74d3-11d0-b6fe-00a0c90f57da}\0025??&??@hidserv.inf,%mfgname%;Microsoft????{dae20dad-a20b-11de-ab39-806e6f6e6963}???????????????????????????e???e???????????9?????s13??? 0??????8?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???n?|???????k??????????6.1.7600.16385??6.???k?????k?&???????????????????k?k?????????????n??or???? ??k??????????ms_l2tpminiport??1???k?k?????????k??????????Microsoft????k?k?k??STORAGE\Volume??????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??????*6to4mp??f???????k???a??pv???????????????2???????k???????????????2???k?k?????????????2???????????k??????????6.1.7600.16385??6.???k?k?????????????2????????(??k???o?? (??WAN Miniport (IPv6)??????k?k0F???????????????????????k??????????netrasa.inf??????k?kBa???????????2???2???????k??????????Ndi-Mp-Ipv6??????k??? ???????k?????k?????j?????????????????????C???????????????????s????? ???????k???????????j??????????Z????????????i?j?k?k?k?k?k?k?k?k?k???????0?????k?&??@netrasa.inf,%mp-bh-dispname%;WAN Miniport (Network Monitor)????? h??k???2?????2?2??8&8a4564c&0??7???????????????k???3??????????Nd???????????2???2???????k???????????????2???k?krs??????????????????????????????????? ???????k?????k?????j???????????????????????E?????????????????s????? ???????k???????????j?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???j?{???????v???j???k?k????{b09d5628-9ee1-11de-8820-806e6f6e6963}?D16??? ???l??????????????{4d36e965-e325-11ce-bfc1-08002be10318}\0000???????l??????:?gro???????u??? ???????k?????j?????j????????????&??????????????????????????????????j??? ???????j???????????j??????????\????????????????k???????????A?????s4F???????&?????j?&???????j???|???e???????????0???2???j??????????????????WUDFRd?war????N?????????????????? b??????????????????k??NDIS?E???k??LegacyDriver?g??? "??k?????????????????????????????s?????????????????k?????}?????????????k?????????????????????s?????????k??????s???????????????????????PEAUTH?l p???????????f?j?k?k?k?k?k?????????????k?&???????????.????????????X??k????????????N????????????????n?????????;??????s???NativeWifiP??????????z???k??{4d36e96a-e325-11ce-bfc1-08002be10318}?5?????????0??????s???? ???????????????? ???????"???&??????????????1??{00000000-0000-0000-ffff-ffffffffffff}?ryM????h??????0?g?0??usbvideo????????????????????????Ne???l?l?/???j?j?j?j?????????i?j?k?k?????????????????k??1394ohci???????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????????????????????????????????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}???????l?l?l?l?l?k?l?l?l??????????????????????????????????@netrasa.inf,%msft%;Microsoft????????????????e??text?????????????B??????????????????????????????Microsoft????????????u?????s?u???{??????s???? ???????????????????k????????"???x??????????????k?l?l?l?l?k?l???l???????????????d??? ???????????????????????????B???????d???????????????????????????????????2?????????????n\????????????????????????????????k???.??????????????????USB\Class_03&SubClass_01&Prot_02?USB\Class_03&SubClass_01?USB\Class_03??Sm??USB\VID_09DA&PID_8090&REV_0606&MI_01?USB\VID_09DA&PID_8090&MI_01?????????????????9???9??????????????co??Microsoft?????N??????d??????????{4d36e972-e325-11ce-bfc1-08002be10318}???i??????????? ???i?????????era???????????8???????v??????????????????HID_Inst????USB\Class_03&SubClass_01&Prot_01?USB\Class_03&SubClass_01?USB\Class_03??e\???????????.???????.???????????4??????????EF???????????}??De???????????p??6_???????????1?????s1.????*????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???t?|???t?t?t?t?t?t?t????????????????????N??????~????????????X??????u???t??????????*6to4mp?-1???????????????|??? ???????o??????????????????????P????????????????????????????t??????????Bluetooth????????????????????\??????li???????d?????????????????t???t???????????????u?|??? ???????o???????????t?,????????D????????V?????????????????????????????????g?????????????e??an??? ???????o?????t?????t??????????N???????m????????????0???????????????4??ee???????????c???f???????B??????s????????????????????????????????????????????????????????????????????|???????????f???????f????$??t???F???????7???7??????????????????????????????? ???????????????????????????????????????????????????t??????????????6-21-2006???????p???? ???????t???????????t????????,?4??? ???????????Base?????t???t????????????????4??t??????????????????Vendor 8Product 16?????t??????????????????????????? ???????o?????t?????t????????$?b???????C?????$??t?????????e????@comres.dll,-2797?????@??t????????h?????%SystemRoot%\System32\msdtc.exe???????$??t?????????n????@co
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fcf407307 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fcf407307@0022981bdb66 0xAE 0x70 0x87 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???eP???? ???????f?????d???????????????????????????1????{4d36e97d-e325-11ce-bfc1-08002be10318}\0011?????????????????????????*6to4mp?????{4d36e97d-e325-11ce-bfc1-08002be10318}??????{4d36e97d-e325-11ce-bfc1-08002be10318}??????{00000000-0000-0000-ffff-ffffffffffff}?vic???????????????????????????h???0?????????n10???????s???i?|?|???f??????????????????????????? ???????e??????????????????????????????????? ???????e?????d???????1??L????????? ???????? ?????e?????????f?????????????f???f????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000??????$???f??????????????????????????{4d36e978-e325-11ce-bfc1-08
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???i?????????{???k???|??????????????t???system32\DRIVERS\HDAudBus.sys?DAudBus.sys????????k????????????????????????????????????????????????????8??i????????h???????8??s????????h???????8??s????????????<??i????????h???????6??i?????????e??????$??o??????p???????m?????????????f??i?????????e????????????????t????????????????????i???|??NdisWan?????RpcSs??r?????????k??????p????????????????????????{???????????t?g32???????p??????p???Microsoft UAA Bus Driver for High Definition Audio??????system32\DRIVERS\hidusb.sys?\hidusb.sys???????V??i?????????e???????????????? ??????g????@%SystemRoot%\system32\drivers\http.sys,-1????????4??i????????h?????????????????????????????????????????????????????????????t????????{???????????:???????????????????V??00??Microsoft HID Class Driver???????????????????????????u????????????????????????????????????????P??i????????h?????\SystemRoot\system32\DRIVERS\HpSAMD.sys?A5???????i??????p???SCSI Miniport?????P??i???????????d??hpsamd.inf_x86_neutral_f4d0397ad0d9b1cc??????i?i?i?i?i?i?i?????????????g???
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???s?s?????????????g?????????s???????e??*6to4mp??z???????s???0???2??@%SystemRoot%\system32\drivers\fvevol.sys,-100?????????s?s????T??????????????d???????????????????:???0??????????????????????t???????|N??@%SystemRoot%\system32\drivers\fltmgr.sys,-10000????????????????????????????????????t???????????????????????????? ???????o?????s?????s????????$???y????x??????P??s?????????e????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??s????????h?????%systemroot%\system32\fxssvc.exe????????????????t??????s?????s????????????????????????????????P??s?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????s???+????????@??s???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??s??????????????NT AUTHORITY\NetworkService???????,??s???+???????+???????????????????????????s??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???g?s?????g????HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000?HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380????HdAudAddService???????N??g?????????D?????????|??????s???? ???????h?????????????-??????????????????????s?????? ???????h???????????????????????????????????g?g????????? ???????h?????????????1??L????????? ??????????????g???g???g????????? ???????g?????g???????1????????????&???????????????????????? ???????g?????g???????1????????????????????? ???????g???????????g?1????????T????????????????????:???:????T??g??????????Audio Device on High Definition Audio Bus??????g????? ???????g?????????????1????????????&????????????????????F??????????????? ???????g?????h???????1????????????????????? ???????g???????????g?1?????????????????????????????????????????g??????????hdaudio.inf:Microsoft.ntx86:HdAudModel:6.1.7600.16385::hdaudio\func_01???????g?g?g???????g??????????????IRQ:HAL??????g?g?g???????????6???????g?g????? ???????f?????g?????????????????????????0?????????????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???i?d???????2??????????????ms??Network???????N??i????????h??????????????0????????????6??i????????h???????\??i?????????n?????????????r??tO??@%systemroot%\system32\drivers\luafv.sys,-100????????????????????????????i??????????rdbss????????????i??????p???FSFilter Virtualization?????Extended base????????i??????????system32\drivers\modem.sys???????????????????p??\SystemRoot\system32\drivers\luafv.sys??????Network????????????????g???????????????g????@%systemroot%\system32\drivers\luafv.sys,-101???mrxsmb????????????????????????P??i?????????e?????v???i???????????????????????i??????p?????????????????????\??i?????????e?????????i???????????????i?????????e????????????????t?????????????????????????????????????R???????????????????P??i?????????e???????????????g?????????|???????|????8??i????????h????????????????g ?????????????????????<??s????????h???????????????????????X??p?????????e?????????????????????????????????????????/???????????i??????????????????????t????????d???????????????????????|?|?|???????2??????????????e??????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???s?s????T??????????????d???????????????????:???0??????????????????????t???????|N??@%SystemRoot%\system32\drivers\fltmgr.sys,-10000????????????????????????????????????t???????????????????????????? ???????o?????s?????s????????$???y????x??????P??s?????????e????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??s????????h?????%systemroot%\system32\fxssvc.exe????????????????t??????s?????s????????????????????????????????P??s?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????s???+????????@??s???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??s??????????????NT AUTHORITY\NetworkService???????,??s???+???????+???????????????????????????s??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s???????????r?????????????????????????????????p?????????????(??????P??????????????????? ???????????????????????????? ???????o?????
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:14:48 on 15.08.2010 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "lgLcdCpl" - "Logitech Inc." - C:\Program Files\Common Files\Logitech\LCD Manager\LgLcdCpl.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "ALWIL Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "ALWIL Software" - C:\Windows\system32\drivers\aswRdr.sys "aswSP" (aswSP) - "ALWIL Software" - C:\Windows\system32\drivers\aswSP.sys "ATI Service for HD Audio Codec" (AtiHdmiService) - "ATI Research Inc." - C:\Windows\System32\drivers\AtiHdmi.sys "avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\Users\Checker\AppData\Local\Temp\catchme.sys (File not found) "dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\Windows\System32\drivers\dgderdrv.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "GMSIPCI" (GMSIPCI) - ? - D:\INSTALL\GMSIPCI.SYS (File not found) "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys (File not found) "ntiomin" (ntiomin) - ? - C:\Windows\system32\drivers\ntiomin.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Eazel-DE Toolbar" - "Conduit Ltd." - C:\Program Files\Eazel-DE\tbEaze.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} "Eazel-DE Toolbar" - "Conduit Ltd." - C:\Program Files\Eazel-DE\tbEaze.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} "Eazel-DE Toolbar" - "Conduit Ltd." - C:\Program Files\Eazel-DE\tbEaze.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} "Eazel-DE Toolbar" - "Conduit Ltd." - C:\Program Files\Eazel-DE\tbEaze.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Checker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avast5" - "ALWIL Software" - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "Launch LCDMon" - "Logitech Inc." - "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" "Launch LGDCore" - "Logitech Inc." - "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s "YouCam Mirror Tray icon" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - ? - C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (File not found) "avast! Antivirus" (avast! Antivirus) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Mail Scanner" (avast! Mail Scanner) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Web Scanner" (avast! Web Scanner) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "Device Error Recovery Service" (dgdersvc) - "Devguru Co., Ltd." - C:\Windows\system32\dgdersvc.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe (File not found) "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
15.08.2010, 21:29
| #10 |
| | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? bootkit remover: Code:
ATTFilter .\debug.cpp(238) : Debug log started at 15.08.2010 - 20:18:59
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x83009000 0x00400000 "\SystemRoot\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x83409000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80ba3000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8bc20000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8bc98000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8bca9000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x8bcb1000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x8bcf3000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8bd9e000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8be0f000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8be1d000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x8be65000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0x8be6e000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x8be76000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x8bea0000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x8beab000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x8bebc000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x8becc000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8bf17000 0x00007000 "\SystemRoot\system32\DRIVERS\pciide.sys"
.\debug.cpp(256) : 0x8bf1e000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8bf2c000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8bf42000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x8bf4b000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x8bf6e000 0x00025000 "\SystemRoot\system32\DRIVERS\nvstor.sys"
.\debug.cpp(256) : 0x8bf93000 0x00047000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x8bfda000 0x0001d000 "\SystemRoot\system32\DRIVERS\nvstor32.sys"
.\debug.cpp(256) : 0x8bff7000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x8bc00000 0x0000a000 "\SystemRoot\system32\DRIVERS\msahci.sys"
.\debug.cpp(256) : 0x8c00f000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8c043000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8c054000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8c183000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8c1ae000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8c1c1000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x8c21e000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8c22c000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8c235000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8c2ec000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8c32a000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8c43d000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8c586000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8c5b7000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x8c5c0000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x8c5ff000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8c607000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8c634000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8c644000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8c64c000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8c67e000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8c68f000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8c6f9000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8c718000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8c71f000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8c726000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8c732000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8c753000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8c760000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8c768000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8c770000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x8c778000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8c783000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8c791000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8c7a8000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8c7b3000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
.\debug.cpp(256) : 0x8c34f000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8c7bd000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"
.\debug.cpp(256) : 0x8c7c2000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8c7f4000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x8c400000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8c41f000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x8c3a9000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8c3b7000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x8c3d1000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x8c3e4000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x92401000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x92442000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x9244c000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x92456000 0x00005000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys"
.\debug.cpp(256) : 0x9245b000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x92467000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x924cb000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x924e3000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x924f1000 0x00027000 "\SystemRoot\System32\Drivers\aswSP.SYS"
.\debug.cpp(256) : 0x92518000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x92539000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x93032000 0x00515000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x93547000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x935fe000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x93637000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x93656000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x93660000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x9366a000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x936b5000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x936c4000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x936ca000 0x0002c000 "\SystemRoot\system32\DRIVERS\1394ohci.sys"
.\debug.cpp(256) : 0x936f6000 0x000fb000 "\SystemRoot\system32\DRIVERS\nvmfdx32.sys"
.\debug.cpp(256) : 0x937f1000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x93000000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x93012000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x9254b000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x92556000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x92578000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x92590000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x925a7000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x925be000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x925c8000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x925d5000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x925e2000 0x0000b000 "\SystemRoot\system32\DRIVERS\VClone.sys"
.\debug.cpp(256) : 0x925ed000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0x9302a000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x92613000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x92647000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x92655000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x92699000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x926aa000 0x0001c000 "\SystemRoot\system32\drivers\AtiHdmi.sys"
.\debug.cpp(256) : 0x926c6000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x926f5000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x9270e000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x95d70000 0x0024a000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x9275e000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x92768000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x92775000 0x0000a000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"
.\debug.cpp(256) : 0x9277f000 0x0001d000 "\SystemRoot\System32\Drivers\dump_nvstor32.sys"
.\debug.cpp(256) : 0x9279c000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x927ad000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x927b8000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x927cb000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x9302c000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x927d2000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x927dd000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x8c6b4000 0x00024000 "\SystemRoot\System32\Drivers\usbvideo.sys"
.\debug.cpp(256) : 0x8c6d8000 0x00014000 "\SystemRoot\system32\drivers\usbaudio.sys"
.\debug.cpp(256) : 0x927f4000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x95fd0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x8c6ec000 0x0000c000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x91816000 0x000a9000 "\SystemRoot\system32\DRIVERS\netr28u.sys"
.\debug.cpp(256) : 0x918bf000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x95c00000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x918c9000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x918e4000 0x00017000 "\??\C:\Windows\system32\drivers\aswMonFlt.sys"
.\debug.cpp(256) : 0x918fb000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
.\debug.cpp(256) : 0x918fe000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x91918000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x91928000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x9196e000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x9197e000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x91991000 0x00009000 "\SystemRoot\system32\DRIVERS\vwifimp.sys"
.\debug.cpp(256) : 0x9199a000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x91a1f000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x91a38000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x91a4a000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x91a6d000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x91aa8000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x91adb000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x91b72000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x91b7c000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x91b9d000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x91baa000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xa203b000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa208c000 0x0006a000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0xa20f6000 0x00003000 "\SystemRoot\System32\drivers\dgderdrv.sys"
.\debug.cpp(256) : 0xa20f9000 0x00009000 "\??\C:\Windows\system32\FsUsbExDisk.SYS"
.\debug.cpp(256) : 0x77510000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x47af0000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77750000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00500000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x77720000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x77700000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x768c0000 0x00c49000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x77650000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x767c0000 0x000f4000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x766f0000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x76620000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x76590000 0x00083000 "\Windows\System32\clbcatq.dll"
.\debug.cpp(256) : 0x76580000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x76380000 0x001f9000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x762f0000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x762a0000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x76290000 0x00006000 "\Windows\System32\nsi.dll"
.\debug.cpp(256) : 0x76280000 0x00005000 "\Windows\System32\psapi.dll"
.\debug.cpp(256) : 0x76240000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x760a0000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x75fc0000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(256) : 0x75f40000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x75ea0000 0x000a0000 "\Windows\System32\advapi32.dll"
.\debug.cpp(256) : 0x75e90000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x75e60000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x75e00000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x75db0000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x75d50000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x75cb0000 0x0009d000 "\Windows\System32\usp10.dll"
.\debug.cpp(256) : 0x75b70000 0x00135000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x75a10000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x75960000 0x000a1000 "\Windows\System32\rpcrt4.dll"
.\debug.cpp(256) : 0x75930000 0x00027000 "\Windows\System32\cfgmgr32.dll"
.\debug.cpp(256) : 0x758a0000 0x00084000 "\Windows\System32\comctl32.dll"
.\debug.cpp(256) : 0x75850000 0x0004a000 "\Windows\System32\KernelBase.dll"
.\debug.cpp(256) : 0x75820000 0x0002d000 "\Windows\System32\wintrust.dll"
.\debug.cpp(256) : 0x75800000 0x00012000 "\Windows\System32\devobj.dll"
.\debug.cpp(256) : 0x756e0000 0x0011c000 "\Windows\System32\crypt32.dll"
.\debug.cpp(256) : 0x756d0000 0x0000c000 "\Windows\System32\msasn1.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\CdRom0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination="\Device\WUDFLpcDevice"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000a1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000007e"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003d"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F22E3676-C3D9-4F5F-9448-CE68E5AC31B9}"
.\debug.cpp(400) : Destination="\Device\NDMP58"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{15A8A551-45F7-4BDD-9C2A-BFFF9A69F52D}"
.\debug.cpp(400) : Destination="\Device\NDMP17"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination="\Device\AgileVPN"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
.\debug.cpp(400) : Destination="\Device\aswSP"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1737&PID_0078#5&2f211ca2&0&4#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\000000a1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000a1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000086"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000007f"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000007c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003f"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0055#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000038"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0049#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000032"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{17360253-ABEE-47B5-99FD-172F0DC081A9}"
.\debug.cpp(400) : Destination="\Device\NDMP32"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0010#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000000b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000005"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
.\debug.cpp(400) : Destination="\Device\aswSP_Pot2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9460&SUBSYS_22811787&REV_00#6&f1a4052&0&00000018#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0039"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0054#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000037"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0048#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000031"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6E9E7229-F8E5-4ABB-99BE-7C32383A21FC}"
.\debug.cpp(400) : Destination="\Device\NDMP45"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6DBB1572-8D4C-4D8E-8F6F-AE3B73BF09AB}"
.\debug.cpp(400) : Destination="\Device\NDMP11"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000001"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination="\Device\CdRom1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AOC2436#7&1cc65386&0&UID257#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination="\Device\000000aa"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000007d"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0269&SUBSYS_73801462&REV_A3#3&267a616a&0&A0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0032"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination="\Device\WMIAdminDevice"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{bd16566a-9c03-11de-a242-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination="\Device\RaidPort0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination="\Device\ProcessManagement"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Pentium(R)_Dual-Core__CPU______E5200__@_2.50GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000008c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SCSIADAPTER#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000085"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) : Destination="\Device\NDMP65"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7AA75853-16BD-4B43-AB08-CC32E470473E}"
.\debug.cpp(400) : Destination="\Device\NDMP53"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0051#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000034"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0045#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000002e"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0038#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000027"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000001"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#6&2d40158d&0&02#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\000000b3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination="\Device\Video5"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_A147#5&2f211ca2&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000086"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0269&SUBSYS_73801462&REV_A3#3&267a616a&0&A0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0032"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0053#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000036"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CD4AF054-2B64-48DF-81F4-98094D1EC0F8}"
.\debug.cpp(400) : Destination="\Device\NDMP50"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0047#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000030"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2ca29051&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C221&MI_00#8&15d37ad7&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\000000ae"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C221#6&d1d0be2&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_A147&MI_00#6&20ff1770&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000a8"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026D&SUBSYS_73801462&REV_A3#3&267a616a&0&58#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0025"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{20A18528-1B1C-46AA-986D-1E6540722D6A}"
.\debug.cpp(400) : Destination="\Device\NDMP10"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{082B5A48-5B4E-4010-ADBA-D6356892858D}"
.\debug.cpp(400) : Destination="\Device\NDMP4"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) : Destination="\Device\RaidPort1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination="\Device\TeredoTun"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination="\Device\SPDevice"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) : Destination="\Device\000000a3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination="\Device\000000a1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000007a"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination="\Device\Serial0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0053#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000036"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{53A93108-4362-490F-BADE-1A5CB040608E}"
.\debug.cpp(400) : Destination="\Device\NDMP49"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0047#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000030"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{15565554-A714-46D6-972D-239798D3AED9}"
.\debug.cpp(400) : Destination="\Device\NDMP26"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{007B49BC-9B9F-4281-B4A7-1F39B0BDCB14}"
.\debug.cpp(400) : Destination="\Device\NDMP24"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000003"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{bd16566a-9c03-11de-a242-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination="\Device\PEAuth"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1737&PID_0078#5&2f211ca2&0&4#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AOC2436#7&1cc65386&0&UID257#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination="\Device\000000aa"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0055#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000038"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0052#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000035"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0049#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000032"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0046#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000002f"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0039#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000028"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0032#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000021"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0026#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000001b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0019#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000014"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A9462A69-9807-463F-BACB-F089D1741401}"
.\debug.cpp(400) : Destination="\Device\NDMP5"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) : Destination="\Device\vwififlt"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3350826a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{775F7CAF-6944-458C-970E-E63EAFE355A0}"
.\debug.cpp(400) : Destination="\Device\NDMP60"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B96E9924-5B92-4E79-A97F-E3CA5F2DB388}"
.\debug.cpp(400) : Destination="\Device\NDMP54"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{272B9683-0CF6-4B08-8A7A-0C93EE55E948}"
.\debug.cpp(400) : Destination="\Device\NDMP39"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0012#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000d"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C3E004A7-85C1-418A-B838-EAC9DCD6DCF5}"
.\debug.cpp(400) : Destination="\Device\NDMP15"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000007"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0998F1C7-F1A0-46F8-8780-A086AAFC745C}"
.\debug.cpp(400) : Destination="\Device\NDMP8"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000004"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&27dc142e&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde1Channel0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\000000b6"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_380D1462&REV_C0#4&5505873&0&4880#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0035"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000086"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0058#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination="\Device\Psched"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0267&SUBSYS_73801462&REV_A1#3&267a616a&0&78#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0029"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi6:"
.\debug.cpp(400) : Destination="\Device\Scsi\VClone1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
.\debug.cpp(400) : Destination="\Device\ASWTDI"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\000000a3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) : Destination="\Device\NDMP71"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003f"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9413117A-E12A-447A-8621-ED660CD626C3}"
.\debug.cpp(400) : Destination="\Device\NDMP28"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0023#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000018"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0016#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000011"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FsUsbExDisk"
.\debug.cpp(400) : Destination="\Device\FsUsbExDisk"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C222&Col01#7&c87ec2a&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\000000b1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0054#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000037"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0050#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000033"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0048#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000031"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0044#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000002d"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0037#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000026"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A8D100D9-9A69-4EAF-A333-49C127C10914}"
.\debug.cpp(400) : Destination="\Device\NDMP36"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0030#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000001f"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0024#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000019"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BEBB11BE-6D00-4550-B267-4D255D26903F}"
.\debug.cpp(400) : Destination="\Device\NDMP25"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0017#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000012"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000003"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination="\Device\00000088"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C221&MI_00#8&15d37ad7&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\000000ae"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F27DD3BD-6289-4F9F-8A0E-B153DF04F66A}"
.\debug.cpp(400) : Destination="\Device\NDMP73"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000086"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000086"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0056#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000039"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C13894C5-B6C4-4DD0-8EEC-7B3E2DEBC13C}"
.\debug.cpp(400) : Destination="\Device\NDMP23"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9A9008F3-5855-45F4-AEA7-4C2E74E15F90}"
.\debug.cpp(400) : Destination="\Device\NDMP19"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{24E738E9-8055-448C-A0F6-D2FFE250F3CF}"
.\debug.cpp(400) : Destination="\Device\NDMP16"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0011#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000000c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000006"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000002"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000090"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000087"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C221&MI_01&Col01#8&39aab899&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\000000af"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\dgderdrv"
.\debug.cpp(400) : Destination="\Device\dgderdrv"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination="\Device\IPSECDOSP"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_05FE&PID_0011#6&1998a304&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\000000a5"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000086"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026E&SUBSYS_73801462&REV_A3#3&267a616a&0&59#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0026"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination="\Device\CdRom1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000080"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000089"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000007c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{06B5D5E2-A5DE-4CE6-8E9B-4C32275BC700}"
.\debug.cpp(400) : Destination="\Device\NDMP64"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0051#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000034"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0045#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002e"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0038#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000027"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C61B5B2A-B80F-482E-81C0-18A1C83D4920}"
.\debug.cpp(400) : Destination="\Device\NDMP18"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000008f"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination="\clfs"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000081"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\00000096"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0059#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{132E67E6-5520-433D-9D4E-3BAD2CEF087A}"
.\debug.cpp(400) : Destination="\Device\NDMP29"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0011#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000006"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B5A21D3D-F894-4484-91FC-C7E07508FE7A}"
.\debug.cpp(400) : Destination="\Device\NDMP6"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5FC7276E-CED1-4E7E-B0F4-BF9313825867}"
.\debug.cpp(400) : Destination="\Device\NDMP1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination="\Device\Secdrv"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C222#6&d1d0be2&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\000000a3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003d"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0040#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000029"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0033#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000022"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EC549976-EF1D-4291-ADD7-E81F5BAD4851}"
.\debug.cpp(400) : Destination="\Device\NDMP30"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0027#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000001c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy10"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bd16566d-9c03-11de-a242-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C222&Col02#7&c87ec2a&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\000000b2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C221&MI_01&Col02#8&39aab899&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\000000b0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F24763B3-11EB-45F5-AB64-1C917B1E6BF9}"
.\debug.cpp(400) : Destination="\Device\NDMP59"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0056#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000039"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0042#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0040#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000029"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0035#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000024"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0033#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000022"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0029#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000001e"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0027#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000001c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5BF1B8E8-014B-4827-BB83-30CF9FAA309F}"
.\debug.cpp(400) : Destination="\Device\NDMP22"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000004"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy11"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aeb876c8-7083-11df-a6d1-de2e48ea14b0}"
.\debug.cpp(400) : Destination="\Device\CdRom1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\000000b6"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_A147&MI_00#6&20ff1770&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000a8"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05FE&PID_0011#5&36872450&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E169385C-A32F-4165-9666-24A38C06F833}"
.\debug.cpp(400) : Destination="\Device\NDMP55"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0042#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000002b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0035#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000024"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AA35FD99-3BA3-497B-ADD0-ABDB27C90F54}"
.\debug.cpp(400) : Destination="\Device\NDMP35"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0029#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000001e"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy12"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bd16566e-9c03-11de-a242-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000a3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{51250B99-9753-4A40-8614-E985AA29D3BF}"
.\debug.cpp(400) : Destination="\Device\NDMP75"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination="\Device\nativewifip"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) : Destination="\Device\NDMP72"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000007f"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\00000096"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0057#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003a"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0052#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000035"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0046#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002f"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0039#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000028"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3BBDB426-6738-4C29-A0CF-FD8A2C25D13F}"
.\debug.cpp(400) : Destination="\Device\NDMP21"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy13"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0266&SUBSYS_73801462&REV_A1#3&267a616a&0&70#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0028"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000a3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000081"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0058#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2627D11A-ADF4-4740-9DAD-F81E092FE36F}"
.\debug.cpp(400) : Destination="\Device\NDMP37"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0010#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000005"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000002"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000007b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000007d"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{22AB14DD-0486-4BAF-91BC-4656F20A87CE}"
.\debug.cpp(400) : Destination="\Device\NDMP40"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_05FE&PID_0011#6&1998a304&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\000000a5"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9460&SUBSYS_22811787&REV_00#6&f1a4052&0&00000018#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0039"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FD983443-D603-4576-9E2C-6E20415DCBC4}"
.\debug.cpp(400) : Destination="\Device\NDMP61"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9DE3CFB1-90B3-47A3-9137-0EE722DD395D}"
.\debug.cpp(400) : Destination="\Device\NDMP48"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0031#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000020"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0025#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000001a"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0022#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000017"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0018#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000013"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0015#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000010"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FDB02492-42F9-444A-9BF0-7F9DEEA96625}"
.\debug.cpp(400) : Destination="\Device\NDMP13"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0009#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000a"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination="\Device\PartmgrControl"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination="\Device\Nsi"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMonFltProxy"
.\debug.cpp(400) : Destination="\Device\aswMonFltProxy"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
.\debug.cpp(400) : Destination="\Device\USNTracker"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination="\Device\NXTIPSEC"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000007b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) : Destination="\Device\NDMP66"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6327947D-2708-4224-BBDE-C6A3DDA7E680}"
.\debug.cpp(400) : Destination="\Device\NDMP34"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0021#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000016"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0014#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000000f"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0008#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000009"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bd165671-9c03-11de-a242-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\CdRom0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C222&Col01#7&c87ec2a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\000000b1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination="\Device\WFP"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) : Destination="\Device\WwanProt"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{dba43692-ad00-48aa-b1a7-ffa99a04ee17}"
.\debug.cpp(400) : Destination="\Device\000000a1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000086"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NDMP68"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0021#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000016"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000f"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{74E58A8E-2A9D-4FA2-A12F-9A6C15458750}"
.\debug.cpp(400) : Destination="\Device\NDMP14"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0008#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000009"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination="\Device\000000a3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO"
.\debug.cpp(400) : Destination="\Device\ElbyCDIO"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CEE16913-7550-42B1-969D-158D3C0F126F}"
.\debug.cpp(400) : Destination="\Device\NDMP57"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0043#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000002c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0036#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000025"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0023#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000018"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0016#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000011"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination="\Device\WANARPV6"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\000000b4"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1737&PID_0078#5&2f211ca2&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_A147&MI_02#6&20ff1770&0&0002#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000a9"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D94A6501-1F19-45F3-9BAF-546B8A5D2472}"
.\debug.cpp(400) : Destination="\Device\NDMP38"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0032#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000021"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0030#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000001f"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9F4A320F-7792-4D60-89E0-20F8BFFAE5C6}"
.\debug.cpp(400) : Destination="\Device\NDMP31"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0026#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000001b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0024#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000019"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0019#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000014"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0017#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000012"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2B689579-912D-42C0-97F6-F2DA86B6254E}"
.\debug.cpp(400) : Destination="\Device\NDMP2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination="\Device\1394BUS0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C223#5&36872450&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000086"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000080"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000007a"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{00195E13-CE28-4148-93AF-4877AF17E0E3}"
.\debug.cpp(400) : Destination="\Device\NDMP51"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5C191F49-459F-4887-AF12-655E1311230A}"
.\debug.cpp(400) : Destination="\Device\NDMP42"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_TSSTcorp&Prod_DVD-ROM_SH-D163B#4&1818301d&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000009c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\VClone1Port6Path0Target0Lun0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_TSSTcorp&Prod_DVD-ROM_SH-D163B#4&1818301d&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000009c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination="\Device\AscKmd"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Pentium(R)_Dual-Core__CPU______E5200__@_2.50GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000008b"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination="\Device\NDMP67"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7BE26E56-6CDA-44B4-B649-AD7E35C6AC8A}"
.\debug.cpp(400) : Destination="\Device\NDMP12"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination="\Device\MPS"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#6&2d40158d&0&02#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\000000b3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0059#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{093711DB-0864-49BB-8B64-876B25A0DB59}"
.\debug.cpp(400) : Destination="\Device\NDMP56"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{271FED14-0E23-41DC-9946-12C62ED91896}"
.\debug.cpp(400) : Destination="\Device\NDMP43"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7CD95D36-35B3-4FD3-86F8-16F258E49E40}"
.\debug.cpp(400) : Destination="\Device\NDMP41"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0012#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000000d"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000007"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{15728B78-0BD5-42CD-9BD3-8B6549F5379A}"
.\debug.cpp(400) : Destination="\Device\NDMP7"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\VClone1Port6Path0Target0Lun0"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1737&PID_0078#5&2f211ca2&0&4#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000a3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1de139f7&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0057#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003a"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0050#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000033"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0301C0AD-8EFA-483B-A549-C9D8D320F7C3}"
.\debug.cpp(400) : Destination="\Device\NDMP52"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0044#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002d"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{88A9DD40-5BC1-48EB-AD55-DFD831B9E624}"
.\debug.cpp(400) : Destination="\Device\NDMP44"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0041#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000002a"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0037#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000026"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0034#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000023"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0028#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000001d"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
.\debug.cpp(400) : Destination="\Device\aswSP_Avar"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
.\debug.cpp(400) : Destination="\Device\ASWRDR"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000a1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_A147&MI_02#6&20ff1770&0&0002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\000000a9"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) : Destination="\Device\NDMP70"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination="\Device\NDMP69"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8459C3B7-7334-4051-9C00-1D390C089C88}"
.\debug.cpp(400) : Destination="\Device\NDMP33"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0020#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000015"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0013#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000000e"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0007#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000008"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2ca29051&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort2"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination="\Device\SstpDrv"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000084"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0043#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002c"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0036#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000025"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C9C8609C-9A48-4D40-AEF0-9D0423BAB153}"
.\debug.cpp(400) : Destination="\Device\NDMP27"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0022#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000017"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0015#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000010"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0009#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000000a"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4B65D5B1-8B5F-4470-A826-988E433E6B5D}"
.\debug.cpp(400) : Destination="\Device\NDMP9"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination="\Device\00000088"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_Hitachi&Prod_HDP725050GLA#4&1818301d&0&010100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000009d"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination="\Device\WfpAle"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CD8B1565-5AC1-4F28-A985-164BC52E5DBD}"
.\debug.cpp(400) : Destination="\Device\NDMP74"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000083"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{50B4070F-B7B6-4D0E-AA44-9DBDB01CADDB}"
.\debug.cpp(400) : Destination="\Device\NDMP46"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0020#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000015"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D9F98570-93C2-4867-A616-68904A7877BE}"
.\debug.cpp(400) : Destination="\Device\NDMP20"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0013#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000e"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0007#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000008"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000007e"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E041724E-FA4C-435D-991E-1EFD9297B827}"
.\debug.cpp(400) : Destination="\Device\NDMP63"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1EB3B095-9CE7-4C1E-82A0-AD76F53FEC5A}"
.\debug.cpp(400) : Destination="\Device\NDMP47"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0041#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002a"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0034#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000023"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0031#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000020"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0028#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000001d"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0025#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000001a"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0018#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000013"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1545CC03-5036-4D9A-B6E3-8E852EBDE597}"
.\debug.cpp(400) : Destination="\Device\NDMP3"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&27dc142e&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde1Channel1"
.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
.\boot_cleaner.cpp(424) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;
|
|
15.08.2010, 21:42
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2010, 23:44
| #12 |
| | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Malwarebyte ist widermal in der 16. Minute abgestürzt. Ich habe es dann im abgesicherten Modus durchlaufen lassen. Hier die Logs: Malwarebyte: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4428
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
15.08.2010 23:35:08
mbam-log-2010-08-15 (23-35-08).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 259104
Laufzeit: 25 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/16/2010 at 00:38 AM
Application Version : 4.41.1000
Core Rules Database Version : 5360
Trace Rules Database Version: 3172
Scan type : Complete Scan
Total Scan Time : 00:54:10
Memory items scanned : 809
Memory threats detected : 0
Registry items scanned : 9994
Registry threats detected : 0
File items scanned : 122219
File threats detected : 2
Adware.Tracking Cookie
C:\Users\Checker\AppData\Roaming\Microsoft\Windows\Cookies\checker@atdmt[3].txt
C:\Users\Checker\AppData\Roaming\Microsoft\Windows\Cookies\checker@doubleclick[2].txt
|
|
16.08.2010, 07:52
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2010, 10:38
| #14 |
| | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Nein, die Meldung von Avast taucht nicht mehr auf. War das ganze nur eine Fehlermeldung von Avast oder wurde der Virus entfernt? |
|
16.08.2010, 10:41
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? Gut, dann wären wir durch - bitte die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? |
| adobe, alternate, antivirus, avast!, bho, bonjour, browser, combofix, components, conduit, corp./icp, defender, error, excel, fehler, firefox, flash player, fontcache, format, helper, install.exe, jucheck.exe, langs, langsam, launch, location, logfile, media center, microsoft office word, mozilla, nvstor.sys, object, office 2007, oldtimer, plug-in, problem, programdata, registry, required, rundll, saver, searchplugins, security, security update, senden, shell32.dll, sicherheit, software, start menu, taskhost.exe, vlc media player, webcheck |
Linear-Darstellung
