|
Plagegeister aller Art und deren Bekämpfung: GMER Auswertung verdacht auf RootkitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.09.2010, 11:14 | #1 |
| GMER Auswertung verdacht auf Rootkit Hallo Leute, ich habe den Verdacht das sich bei mir ein Rootkit eingeschlichen hat. Könnte sich bitte ein Fachmann mal diese log-Datei anschauen? GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-09-07 12:06:30 Windows 6.1.7600 Running: u4lbqzbq.exe; Driver: C:\Users\Silvio\AppData\Local\Temp\pxldqpog.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830383F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020634 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830381DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830386F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830391A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C51599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\sprg.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 91E74CA0 5 Bytes JMP 866DE1D8 .text axzqo30l.SYS 91FC4000 12 Bytes [44, 38, 02, 83, EE, 36, 02, ...] {INC ESP; CMP [EDX], AL; SUB ESI, 0x36; ADD AL, [EBX-0x7cfde860]} .text axzqo30l.SYS 91FC400D 9 Bytes [17, 02, 83, 48, 3B, 02, 83, ...] {POP SS; ADD AL, [EBX-0x7cfdc4b8]; ADD [EAX], AL} .text axzqo30l.SYS 91FC4017 7 Bytes [00, DE, B7, 10, 8B, E6, B5] .text axzqo30l.SYS 91FC401F 12 Bytes [8B, F1, 12, 11, 8B, FC, 13, ...] {MOV ESI, ECX; ADC DL, [ECX]; MOV EDI, ESP; ADC EDX, [ECX]; MOV ESI, [EDX]; AAD 0x11} .text axzqo30l.SYS 91FC402C 149 Bytes [00, 00, 00, 00, D0, C1, C4, ...] .text ... .text peauth.sys 98F62C9D 28 Bytes [84, 64, A6, 45, 81, 17, C0, ...] .text peauth.sys 98F62CC1 28 Bytes [84, 64, A6, 45, 81, 17, C0, ...] PAGE peauth.sys 98F68E20 101 Bytes [89, AF, C5, 7C, 58, 57, 2A, ...] PAGE peauth.sys 98F6902C 102 Bytes [10, 0C, 24, 11, B4, 32, 0F, ...] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9AF0F000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9AF0F123 629 Bytes [A5, F0, 9A, FE, 05, 34, A5, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 9AF0F399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F 9AF0F3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B 9AF0F4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B00F042] \SystemRoot\System32\Drivers\sprg.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B00F6D6] \SystemRoot\System32\Drivers\sprg.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B00F800] \SystemRoot\System32\Drivers\sprg.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B00F13E] \SystemRoot\System32\Drivers\sprg.sys IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6B87A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6B8794D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6B8794E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6B8794B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6B8794A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6B87AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6B87A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 855901F8 AttachedDevice \FileSystem\Ntfs \Ntfs OODrvled.sys (O&O DriveLED Filter Driver (Win32)/O&O Software GmbH) Device \Driver\NetBT \Device\NetBT_Tcpip_{18371FB9-3371-476A-9B6A-596FAACC0DE2} 866401F8 Device \Driver\volmgr \Device\VolMgrControl 8558C1F8 Device \Driver\usbuhci \Device\USBPDO-0 866DF1F8 Device \Driver\usbuhci \Device\USBPDO-1 866DF1F8 Device \Driver\usbuhci \Device\USBPDO-2 866DF1F8 Device \Driver\sptd \Device\1949078047 sprg.sys Device \Driver\usbuhci \Device\USBPDO-3 866DF1F8 Device \Driver\usbehci \Device\USBPDO-4 866DC500 Device \Driver\volmgr \Device\HarddiskVolume1 8558C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{F3FD4E9E-962D-47D7-8B97-5D67A6E80929} 866401F8 Device \Driver\volmgr \Device\HarddiskVolume2 8558C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 8657A500 Device \Driver\ACPI_HAL \Device\00000065 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume3 8558C1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 8657A500 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8558E1F8 Device \Driver\atapi \Device\Ide\IdePort0 8558E1F8 Device \Driver\atapi \Device\Ide\IdePort1 8558E1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 8558E1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 866401F8 Device \Driver\BTHUSB \Device\00000086 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000086 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000088 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000088 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\usbuhci \Device\USBFDO-0 866DF1F8 Device \Driver\usbuhci \Device\USBFDO-1 866DF1F8 Device \Driver\usbuhci \Device\USBFDO-2 866DF1F8 Device \Driver\PCI_PNP4043 \Device\0000006e sprg.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{D84C3DD2-7BC5-4992-A91D-AEF998552E13} 866401F8 Device \Driver\usbuhci \Device\USBFDO-3 866DF1F8 Device \Driver\usbehci \Device\USBFDO-4 866DC500 Device \Driver\axzqo30l \Device\Scsi\axzqo30l1Port2Path0Target0Lun0 865811F8 Device \Driver\axzqo30l \Device\Scsi\axzqo30l1 865811F8 ---- Threads - GMER 1.0.15 ---- Thread System [4:3572] 9AF1CF2E ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@0012d29a6ced 0x98 0x69 0x67 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@9c18743bef75 0xFD 0xFB 0x53 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@1886ac8c1b46 0x44 0xAC 0xB2 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d8220f5 0xCE 0x17 0x59 0x9C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d4d0861 0x83 0x05 0x96 0xE6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@000db5824d40 0xCD 0x03 0xB4 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???m???????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1????????????????????STORAGE\VolumeSnapshot??????????s????????????4?????????????m????? ???????m?????m???????1????????????????????machine.inf??????????????m???????????????????????5???????????????????2??? ???????m???????????l?1????????????????????????os???m?????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1????????????????????? ???????m?????m???????1????????????&??????????????????????????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1????????????????????? ???????k?????????????-???????????????????????4???????m????? ???????m?????m???????1???????????????????????m???m???m???m???m???m???m???m???m????????????? ???????m???????????l?1????????@???????????? ???????k?????????????-?????????????????f?????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1?????????????????????????????????????m?m?????????????,??12?????m????? ???????k?????m???????-??????????g?????S-??? ? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???|?????????????????????????????|?????|?????|???|??????????????v_mscdsc.inf_x86_neutral_ef3a0c30c03f0225???MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB52F9BB-0B6B-47A2-86C4-0138AD6BB34B}] DATAGRAM 4????????????`??????????.NT?????????????????? ???????o??????????????????????|????????i??? ??????????????????Microsoft????????????2????????m?????????Microsoft?????????????????????J?????????????MSAFD NetBIOS [\Device\NetBT_Tcpip_{B713D249-7ED1-4BA4-A5B6-8A992B91E427}] SEQPACKET 16?????\SystemRoot\system32\drivers\ws2ifsl.sys????tu???????????|???|???????????????????????????????????????????????????????????????????|???|??? ???????o?????|?????|????????$???????????????J??|?????????e????@%SystemRoot%\system32\dwm.exe,-2000?????????|??????p????????|????????h?????%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted?????J??|?????????n????@%SystemRoot%\system32\dwm.exe,-2001????? ???|??????????????localSystem?????????????????????????ServiceMain?????????????????t??????? ?????????????,??|????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xFC 0xEA 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDF 0xD3 0x4F 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x73 0x89 0x36 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@0012d29a6ced 0x98 0x69 0x67 0x4B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@9c18743bef75 0xFD 0xFB 0x53 0x4B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@1886ac8c1b46 0x44 0xAC 0xB2 0xDD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d8220f5 0xCE 0x17 0x59 0x9C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d4d0861 0x83 0x05 0x96 0xE6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@000db5824d40 0xCD 0x03 0xB4 0xE3 ... Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????s???????e???????????{???????????????????????????????????s??? ???????s?????s???????????????????? ?????? ???????s????? ???????s???????????????????????????????????????s?s?s??? ???????s????????????????????r?p??? ?????????????l??s?????????????????????????????X???(??????P????????????(??????P???????????????l??s?????????????????????????????X???(??????P????????????(??????P???????????????l??s??????????????/??????????????X???(??????P????????????(??????P??????????????'0??s???,???????????????????/???????????????????????????;???????t????????????????D??s???9?????????????????????????0???(??????P???????????????D??????c????????????/e10?????????????????e?????s???????s????????????H??s?????????????????????????4?????????? ???????????????????H??s???????????/?????????????4?????????? ???????????????????0??s?????????????????s???s???????s?????????????????????????????????9p??s????????????????????????????????/????????????????\???(??????P??????????????????? ??????????????????????????0??e2??? ???????s???????????s????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???se5??@%systemroot%\system32\wkssvc.dll,-1002???????R??????????????d??????????????????????Terminal Server Device Redirector Driver?D???D?????s?????s???????s???????e??????????????????????????11??????? ???????o?????s????????????????^???????????????????????????? ???}??????????????disk_install????????????????t???????????????t?????????????????????m?????Microsoft???????????????kbd101.dll?72???System32\Drivers\ksecdd.sys?????????????????????????????????????????t???????? ????:??s????????h??????s???s??????????????????????????????????? D??????}??????ee???s??? ???????s????????????????????4????? ?????????????????????????????s?????????????????????????????????????????????????? ???????o?????s?????s??????????R????????V??\SystemRoot\system32\DRIVERS\iaStorV.sys?l??SCSI Miniport?????R??s???????????d??iastorv.inf_x86_neutral_18cccb83b34e1453?????s?s?s?s?s?s?s?????????????g?????????????????????-??e5??*6to4mp??????????????!???e??????????????t?????????????????????????????????????????R??s????????h??????????s??????p????????v???v? Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x36 0x0F 0xFB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDF 0xD3 0x4F 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x73 0x89 0x36 ... ---- EOF - GMER 1.0.15 ---- |
07.09.2010, 12:30 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMER Auswertung verdacht auf Rootkit Hallo und
__________________Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
07.09.2010, 12:42 | #3 | |
| GMER Auswertung verdacht auf RootkitZitat:
|
07.09.2010, 13:23 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMER Auswertung verdacht auf Rootkit Lass bitte diese sinnfreien Fullquotes. Virenscanner solltest Du ruhig vorher deaktivieren.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.09.2010, 16:34 | #5 |
| GMER Auswertung verdacht auf RootkitCode:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4561 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 07.09.2010 15:13:23 mbam-log-2010-09-07 (15-13-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 281484 Laufzeit: 1 Stunde(n), 22 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\maxl\Downloads\Cubes_Visualization_for_WA2.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully. Code:
ATTFilter OTL logfile created on: 07.09.2010 17:58:40 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\maxl\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,96 Gb Total Space | 4,39 Gb Free Space | 12,55% Space Free | Partition Type: NTFS Drive D: | 76,73 Gb Total Space | 7,04 Gb Free Space | 9,17% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-M2 Current User Name: maxl Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\maxl\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Windows\System32\drivers\CDAC11BA.EXE (Macrovision) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\OO Software\DriveLED\oodlag.exe (O&O Software GmbH) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Live\Mail\wlmail.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Notebook Hardware Control\nhc.exe (hxxp://www.pbus-167.com) ========== Modules (SafeList) ========== MOD - C:\Users\maxl\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (C-DillaCdaC11BA) -- C:\Windows\System32\drivers\CDAC11BA.EXE (Macrovision) SRV - (O&O DriveLED) -- C:\Program Files\OO Software\DriveLED\oodlag.exe (O&O Software GmbH) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation ) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (CdaC15BA) -- C:\Windows\System32\drivers\CDAC15BA.SYS (Macrovision Europe Ltd) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (OODrvled) -- C:\Windows\system32\DRIVERS\OODrvled.sys (O&O Software GmbH) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (VWiFiFlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (NSNDIS5) -- C:\Windows\System32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 2C 7C D9 18 D7 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: counterpixel@jabubo.de:1.15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}:5.0.21 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.08.17 21:00:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.02 23:52:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.02 23:52:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.08.17 21:00:23 | 000,000,000 | ---D | M] [2009.10.25 15:43:20 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\mozilla\Extensions [2010.09.07 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\mozilla\Firefox\Profiles\jkx2zej4.default\extensions [2010.08.16 14:14:18 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\maxl\AppData\Roaming\mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66} [2010.09.02 13:30:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\maxl\AppData\Roaming\mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.30 11:48:46 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\maxl\AppData\Roaming\mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.05.06 12:52:45 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\mozilla\Firefox\Profiles\jkx2zej4.default\extensions\counterpixel@jabubo.de [2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\maxl\AppData\Roaming\Mozilla\FireFox\Profiles\jkx2zej4.default\searchplugins\conduit.xml [2010.09.05 11:57:14 | 000,001,595 | ---- | M] () -- C:\Users\maxl\AppData\Roaming\Mozilla\FireFox\Profiles\jkx2zej4.default\searchplugins\ixquick---deutsch.xml [2010.09.02 11:57:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.09.02 11:57:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} [2010.05.02 20:15:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.11 10:45:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2004.07.02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Programme\Mozilla Firefox\components\np32asw.dll [2004.07.02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Programme\Mozilla Firefox\plugins\np32asw.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2007.02.20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll [2010.07.25 01:16:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.25 01:16:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.25 01:16:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.25 01:16:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.25 01:16:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ISUSPM Startup] C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab (Java Plug-in 1.5.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.81 217.0.43.65 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\Shell - "" = AutoRun O33 - MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\Shell - "" = AutoRun O33 - MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\Shell - "" = AutoRun O33 - MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.07 15:21:19 | 000,000,000 | ---D | C] -- C:\Drivers [2010.09.07 13:46:42 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Roaming\Malwarebytes [2010.09.07 13:46:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.07 13:46:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.07 13:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.07 13:46:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.06 14:25:06 | 000,000,000 | ---D | C] -- C:\Programme\eBay [2010.09.06 14:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay [2010.09.04 06:22:43 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Roaming\Skype [2010.09.04 06:22:36 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.09.04 06:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.09.03 17:12:18 | 000,000,000 | ---D | C] -- C:\Programme\Sothink SWF-Decompiler [2010.09.02 23:52:32 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.09.02 23:52:04 | 000,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System32\NPSWF32_FlashUtil.exe [2010.09.02 23:51:06 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.09.02 15:06:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll [2010.09.02 15:06:28 | 000,000,000 | ---D | C] -- C:\Programme\Sothink SWF Quicker [2010.09.02 15:00:33 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Local\SourceTec [2010.09.02 15:00:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SourceTec [2010.09.02 15:00:22 | 000,000,000 | ---D | C] -- C:\Programme\Sothink SWF Decompiler [2010.09.02 14:38:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macromedia Shared [2010.09.02 14:37:53 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Local\Macromedia [2010.09.02 14:37:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macromedia [2010.09.02 14:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia [2010.09.02 14:36:35 | 000,000,000 | ---D | C] -- C:\Programme\Macromedia [2010.09.02 11:57:49 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.09.02 11:57:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.09.02 11:57:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.09.02 11:56:47 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Local\Sun [2010.08.31 22:04:08 | 000,000,000 | ---D | C] -- C:\Users\maxl\Desktop\musik_pazi [2010.08.30 15:47:54 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Roaming\vlc [2010.08.30 08:40:58 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Roaming\BOM [2010.08.30 08:40:34 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctl32.ocx [2010.08.30 08:40:34 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscmcde.dll [2010.08.30 08:40:34 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mswinsck.ocx [2010.08.30 08:40:34 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctde.dll [2010.08.30 08:40:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winskde.dll [2010.08.30 08:40:33 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinet.ocx [2010.08.30 08:40:31 | 000,000,000 | ---D | C] -- C:\Programme\Biet-O-Matic [2010.08.29 16:19:40 | 000,000,000 | ---D | C] -- C:\Programme\ALCATech [2010.08.18 01:52:19 | 000,000,000 | ---D | C] -- C:\Programme\DJ Mix Pro [2010.08.17 21:00:00 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2010.08.17 20:59:53 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2010.08.17 20:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2010.08.16 13:12:17 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000 [2010.08.16 13:12:17 | 000,000,000 | ---D | C] -- C:\Programme\Traktor DJ Player [2010.08.13 21:18:57 | 000,000,000 | ---D | C] -- C:\Programme\ElcomSoft [2010.08.13 21:18:52 | 000,000,000 | ---D | C] -- C:\Programme\Advanced Archive Password Recovery [2010.08.13 17:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Beatlock Technology [2010.08.12 18:33:30 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Roaming\Mp3tag [2010.08.12 18:33:11 | 000,000,000 | ---D | C] -- C:\Programme\Mp3tag [2010.08.12 11:52:18 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2010.08.12 11:52:18 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.12 11:52:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.12 11:52:09 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.12 11:52:09 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.12 11:52:01 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.12 11:52:01 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.12 11:52:01 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.12 11:52:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.12 11:52:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.12 11:52:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.12 11:52:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.12 11:52:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.12 11:50:54 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.11 10:45:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java ========== Files - Modified Within 30 Days ========== [2010.09.07 18:00:26 | 003,670,016 | -HS- | M] () -- C:\Users\maxl\NTUSER.DAT [2010.09.07 17:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.07 15:44:27 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.07 15:44:27 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.07 15:39:53 | 001,527,504 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.07 15:39:53 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.07 15:39:53 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.07 15:39:53 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.07 15:39:53 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.07 15:37:20 | 000,022,528 | ---- | M] (pBUS-167 Software - hxxp://www.pbus-167.com) -- C:\Windows\System32\drivers\nhcDriver.sys [2010.09.07 15:36:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.07 15:36:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.07 15:36:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.07 15:36:26 | 2408,439,808 | -HS- | M] () -- C:\hiberfil.sys [2010.09.07 15:29:07 | 001,641,861 | -H-- | M] () -- C:\Users\maxl\AppData\Local\IconCache.db [2010.09.07 13:46:37 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.01 15:20:35 | 000,048,128 | ---- | M] () -- C:\Users\maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.29 14:44:25 | 039,084,160 | ---- | M] () -- C:\Users\maxl\Desktop\Stars On 45 - Disco Hits Of The 70's Mix.mp3 [2010.08.26 02:20:40 | 000,450,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.23 23:45:07 | 000,131,256 | ---- | M] () -- C:\Users\maxl\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.17 21:26:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2010.08.17 21:12:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.08.13 20:43:31 | 000,001,081 | ---- | M] () -- C:\Windows\ARCHPR.INI ========== Files Created - No Company Name ========== [2010.09.07 13:46:37 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.02 23:52:03 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2010.08.30 08:40:34 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2010.08.17 21:26:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2010.08.17 21:12:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.08.16 11:49:18 | 039,084,160 | ---- | C] () -- C:\Users\maxl\Desktop\Stars On 45 - Disco Hits Of The 70's Mix.mp3 [2010.08.13 20:42:36 | 000,001,081 | ---- | C] () -- C:\Windows\ARCHPR.INI [2010.08.05 15:36:45 | 000,000,094 | ---- | C] () -- C:\Users\maxl\AppData\Local\fusioncache.dat [2010.06.07 20:26:43 | 000,000,018 | ---- | C] () -- C:\Users\maxl\AppData\Roaming\sys386ll.dat [2010.06.07 20:26:40 | 000,000,032 | ---- | C] () -- C:\Windows\weitere.INI [2010.06.07 20:25:06 | 000,000,010 | ---- | C] () -- C:\Users\maxl\AppData\Roaming\hhxprot5 [2010.03.28 21:00:01 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.03.28 21:00:01 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.02.13 16:05:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.02.13 16:02:42 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.02.11 12:01:54 | 000,048,128 | ---- | C] () -- C:\Users\maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.11 11:58:34 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.02.11 11:58:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.02.10 11:36:56 | 000,033,134 | ---- | C] () -- C:\Users\maxl\AppData\Roaming\UserTile.png [2010.01.05 13:12:32 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.10.25 17:45:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.25 16:48:38 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010.06.07 20:26:43 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\10-Sekunden-Haushaltsbuch [2009.10.25 18:07:41 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Autodesk [2010.08.31 01:03:04 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\BOM [2010.05.03 22:06:29 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Bytemobile [2010.03.03 00:10:24 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\cerasus [2010.03.01 23:17:14 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\cerasus.media [2009.10.25 17:43:39 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\DAEMON Tools Lite [2010.02.04 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Duden [2009.11.06 16:16:24 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\ICQLite [2010.08.05 15:38:18 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Mathsoft [2010.08.12 19:05:10 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Mp3tag [2010.02.11 20:47:05 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Nokia [2010.01.15 13:12:34 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Nokia Ovi Suite [2010.01.21 11:34:54 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\PC Suite [2010.03.29 10:13:42 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Samsung [2010.01.10 02:36:34 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\SpinTop [2010.06.17 10:59:32 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\TeamViewer [2010.04.19 14:58:42 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\TrueCrypt [2010.09.04 18:01:48 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\uTorrent [2010.05.03 22:06:28 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Vodafone [2010.08.04 19:52:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFFC859A @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:331B76C7 < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.09.2010 17:58:40 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\maxl\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,96 Gb Total Space | 4,39 Gb Free Space | 12,55% Space Free | Partition Type: NTFS Drive D: | 76,73 Gb Total Space | 7,04 Gb Free Space | 9,17% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-M2 Current User Name: maxl Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .ini [@ = inifile] -- C:\LVZ\TOOLS\EmEditor.EXE (EmSoft, k.k.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inifile [open] -- "C:\LVZ\TOOLS\EmEditor.EXE" "%1"pen (EmSoft, k.k.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{008F9A3A-24A0-408B-AD7F-95C414219A00}" = Adobe Setup "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ Lite 5.10 Banner Remover 1.6 "{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform "{17E34776-B06A-4AFB-BA31-1BB17E9E107B}" = LaKu "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21 "{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.5 "{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution "{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004 "{3248F0A8-6813-11D6-A77B-00B0D0150210}" = J2SE Runtime Environment 5.0 Update 21 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10 "{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004 "{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter "{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62326989-2861-4911-A39E-26373BD3FF66}" = Duden Korrektor PLUS "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{74B58083-B5B9-46a5-847C-248F97FF2A56}" = Topfield Tools "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AEBFD30-B94F-4A49-8106-03039708BDD4}" = Duden Korrektor Patch 012009 "{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional "{AD841E2B-2F15-498E-A6C0-2FDF716B2806}_is1" = Big City Mystery "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{BADA5821-F6D3-49E9-945B-ADE46F792B46}" = Netdraw-Free "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX "{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker "{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E8334783-E2F9-4CA6-86F8-090051418F09}" = Mathcad 13 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Adobe_2225677e524ae91efb80c700be972bf" = Adobe Flash CS3 Professional "Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1 "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin "Autodesk Express Viewer" = Autodesk Express Viewer "Avi2Dvd" = Avi2Dvd 0.5 "AviSynth" = AviSynth 2.5 "B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "Biet-O-Matic v2.14.6" = Biet-O-Matic v2.14.6 "CdaC13Ba" = SafeCast Shared Components "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Setup.divx.com" = DivX-Setup "DJ Mix Pro" = DJ Mix Pro "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab 7_is1" = DVDFab 7.0.6.2 (20/05/2010) "HDMI" = Intel(R) Graphics Media Accelerator Driver "ICQLite" = ICQ 5.1 "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Essentials" = Microsoft Security Essentials "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Mp3tag" = Mp3tag v2.46a "Network Stumbler" = Network Stumbler 0.4.0 (remove only) "Nokia Ovi Suite" = Nokia Ovi Suite "Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix "PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10 "PokerStars" = PokerStars "Sothink SWF Decompiler Retail zoo_is1" = Sothink SWF Decompiler "SurfMusik 3.1a_is1" = SurfMusik 3.1a "Totalcmd" = Total Commander (Remove or Repair) "TrueCrypt" = TrueCrypt "Tunatic" = Tunatic "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.4 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer "Xvid_is1" = Xvid 1.2.1 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "5f48e2ab41c5d005" = RapidShare Manager "Advanced Archive Password Recovery" = Advanced Archive Password Recovery ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07.09.2010 08:22:21 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.09.2010 08:22:21 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.09.2010 08:37:18 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.09.2010 08:42:32 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.09.2010 08:42:32 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.09.2010 08:42:32 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.09.2010 08:42:32 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.09.2010 08:42:32 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.09.2010 08:44:14 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.09.2010 09:42:23 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 24.04.2010 19:52:06 | Computer Name = PC-M2 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden. Error - 24.04.2010 19:52:07 | Computer Name = PC-M2 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden. Error - 25.04.2010 04:15:21 | Computer Name = PC-M2 | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 25.04.2010 04:38:50 | Computer Name = PC-M2 | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 03.05.2010 14:44:55 | Computer Name = PC-M2 | Source = VDS Basic Provider | ID = 33554433 Description = Error - 03.05.2010 14:48:47 | Computer Name = PC-M2 | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.81.802.0 Update Source: %%859 Update Stage: %%852 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 04.05.2010 12:40:53 | Computer Name = PC-M2 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: tcpipBM Error - 04.05.2010 13:55:30 | Computer Name = PC-M2 | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?04.?05.?2010 um 19:42:20 unerwartet heruntergefahren. Error - 04.05.2010 13:55:36 | Computer Name = PC-M2 | Source = BugCheck | ID = 1001 Description = Error - 04.05.2010 13:56:04 | Computer Name = PC-M2 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: tcpipBM < End of report > Geändert von maxl909 (07.09.2010 um 17:05 Uhr) |
07.09.2010, 18:44 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMER Auswertung verdacht auf Rootkit Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL O4 - HKLM..\Run: [] File not found O4 - HKCU..\Run: [] File not found O33 - MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\Shell - "" = AutoRun O33 - MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\Shell - "" = AutoRun O33 - MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\Shell - "" = AutoRun O33 - MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found [2010.06.07 20:26:43 | 000,000,018 | ---- | C] () -- C:\Users\maxl\AppData\Roaming\sys386ll.dat [2010.06.07 20:26:40 | 000,000,032 | ---- | C] () -- C:\Windows\weitere.INI [2010.06.07 20:25:06 | 000,000,010 | ---- | C] () -- C:\Users\maxl\AppData\Roaming\hhxprot5 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFFC859A @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:331B76C7 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> GMER Auswertung verdacht auf Rootkit |
07.09.2010, 19:25 | #7 |
| GMER Auswertung verdacht auf RootkitCode:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06182abd-56e3-11df-850d-9830a273a126}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06182abd-56e3-11df-850d-9830a273a126}\ not found. File G:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06182b11-56e3-11df-850d-9830a273a126}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06182b11-56e3-11df-850d-9830a273a126}\ not found. File G:\setup_vmc_lite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\ not found. File G:\WD SmartWare.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\LaunchU3.exe not found. C:\Users\maxl\AppData\Roaming\sys386ll.dat moved successfully. C:\Windows\weitere.INI moved successfully. C:\Users\maxl\AppData\Roaming\hhxprot5 moved successfully. ADS C:\ProgramData\TEMP:52B72A7C deleted successfully. ADS C:\ProgramData\TEMP:AFFC859A deleted successfully. ADS C:\ProgramData\TEMP:331B76C7 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: maxl ->Temp folder emptied: 749533106 bytes ->Temporary Internet Files folder emptied: 252333631 bytes ->Java cache emptied: 53941963 bytes ->FireFox cache emptied: 37990222 bytes ->Flash cache emptied: 2908074 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 153834051 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.193,00 mb OTL by OldTimer - Version 3.2.11.0 log created on 09072010_202047 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
07.09.2010, 19:35 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMER Auswertung verdacht auf Rootkit Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
07.09.2010, 20:10 | #9 |
| GMER Auswertung verdacht auf RootkitCode:
ATTFilter ComboFix 10-09-07.01 - maxl 07.09.2010 20:57:49.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3062.2270 [GMT 2:00] ausgeführt von:: c:\users\maxl\Desktop\cofi.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Inetde.dll . ((((((((((((((((((((((( Dateien erstellt von 2010-08-07 bis 2010-09-07 )))))))))))))))))))))))))))))) . 2010-09-07 19:05 . 2010-09-07 19:05 -------- d-----w- c:\users\maxl\AppData\Local\temp 2010-09-07 19:05 . 2010-09-07 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-07 18:49 . 2010-09-07 18:49 -------- d-----w- c:\program files\CCleaner 2010-09-07 18:20 . 2010-09-07 18:20 -------- d-----w- C:\_OTL 2010-09-07 17:42 . 2010-09-07 17:52 -------- d-----w- c:\program files\ICQ-Banner-Remover 2010-09-07 17:41 . 2010-09-07 18:48 -------- d-----w- c:\users\maxl\AppData\Roaming\ICQ 2010-09-07 17:41 . 2010-09-07 17:41 -------- d-----w- c:\users\maxl\AppData\Local\AOL 2010-09-07 17:41 . 2010-09-07 17:54 -------- d-----w- c:\program files\ICQ7.2 2010-09-07 13:21 . 2010-09-07 13:21 -------- d-----w- C:\Drivers 2010-09-07 11:46 . 2010-09-07 11:46 -------- d-----w- c:\users\maxl\AppData\Roaming\Malwarebytes 2010-09-07 11:46 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-07 11:46 . 2010-09-07 11:46 -------- d-----w- c:\programdata\Malwarebytes 2010-09-07 11:46 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-07 11:46 . 2010-09-07 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-06 12:25 . 2010-09-06 12:55 -------- d-----w- c:\programdata\eBay 2010-09-06 12:25 . 2010-09-06 12:25 -------- d-----w- c:\program files\eBay 2010-09-04 04:22 . 2010-09-04 06:01 -------- d-----w- c:\users\maxl\AppData\Roaming\Skype 2010-09-04 04:22 . 2010-09-04 04:22 -------- d-----r- c:\program files\Skype 2010-09-04 04:22 . 2010-09-04 04:22 -------- d-----w- c:\programdata\Skype 2010-09-03 15:12 . 2010-09-03 15:12 -------- d-----w- c:\program files\Sothink SWF-Decompiler 2010-09-02 21:52 . 2010-09-02 21:52 -------- d-----w- c:\program files\QuickTime 2010-09-02 21:52 . 2007-02-20 14:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe 2010-09-02 21:52 . 2007-02-20 14:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll 2010-09-02 21:51 . 2010-09-02 21:51 -------- d-----w- c:\program files\Bonjour 2010-09-02 13:06 . 2009-06-04 13:28 44544 ----a-w- c:\windows\system32\msxml4a.dll 2010-09-02 13:06 . 2010-09-02 13:06 -------- d-----w- c:\program files\Sothink SWF Quicker 2010-09-02 13:00 . 2010-09-02 13:00 -------- d-----w- c:\users\maxl\AppData\Local\SourceTec 2010-09-02 13:00 . 2010-09-02 13:06 -------- d-----w- c:\program files\Common Files\SourceTec 2010-09-02 13:00 . 2010-09-03 15:11 -------- d-----w- c:\program files\Sothink SWF Decompiler 2010-09-02 12:38 . 2010-09-02 12:38 -------- d-----w- c:\program files\Common Files\Macromedia Shared 2010-09-02 12:37 . 2010-09-02 12:37 -------- d-----w- c:\users\maxl\AppData\Local\Macromedia 2010-09-02 12:37 . 2010-09-02 12:37 -------- d-----w- c:\program files\Common Files\Macromedia 2010-09-02 12:36 . 2010-09-02 12:36 -------- d-----w- c:\program files\Macromedia 2010-09-02 11:12 . 2002-01-24 09:00 1798144 ----a-w- c:\users\maxl\AppData\Roaming\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin.dll 2010-09-02 11:12 . 2002-03-05 21:38 147456 ----a-w- c:\users\maxl\AppData\Roaming\Macromedia\Flash MX\Configuration\Importers\AIImport.dll 2010-09-02 11:12 . 2002-02-06 10:23 1085440 ----a-w- c:\users\maxl\AppData\Roaming\Macromedia\Flash MX\Configuration\Importers\FhDbRdr.dll 2010-09-02 11:12 . 2002-02-02 08:52 2088960 ----a-w- c:\users\maxl\AppData\Roaming\Macromedia\Flash MX\Configuration\Importers\Fireworks Importer.dll 2010-09-02 11:12 . 2002-03-05 19:23 815104 ----a-w- c:\users\maxl\AppData\Roaming\Macromedia\Flash MX\Configuration\authplay.dll 2010-09-02 09:56 . 2010-09-02 09:56 -------- d-----w- c:\users\maxl\AppData\Local\Sun 2010-08-30 13:47 . 2010-08-30 13:49 -------- d-----w- c:\users\maxl\AppData\Roaming\vlc 2010-08-30 06:40 . 2010-08-30 23:03 -------- d-----w- c:\users\maxl\AppData\Roaming\BOM 2010-08-30 06:40 . 2000-04-03 18:06 16896 ----a-w- c:\windows\system32\winskde.dll 2010-08-30 06:40 . 1998-07-05 22:00 22528 ----a-w- c:\windows\system32\Tabctde.dll 2010-08-30 06:40 . 1998-07-05 22:00 158208 ----a-w- c:\windows\system32\Mscmcde.dll 2010-08-30 06:40 . 2010-08-30 06:40 -------- d-----w- c:\program files\Biet-O-Matic 2010-08-29 14:19 . 2010-08-29 14:19 -------- d-----w- c:\program files\ALCATech 2010-08-25 09:24 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll 2010-08-17 23:52 . 2010-08-17 23:54 -------- d-----w- c:\program files\DJ Mix Pro 2010-08-17 19:00 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2010-08-17 18:59 . 2010-08-17 18:59 -------- d-----w- c:\program files\PC Connectivity Solution 2010-08-17 18:58 . 2010-08-17 18:58 12212040 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe 2010-08-17 18:58 . 2010-08-17 18:58 13930312 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe 2010-08-17 18:58 . 2010-08-17 18:58 77824 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe 2010-08-17 18:58 . 2010-08-17 18:58 50000 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe 2010-08-17 18:58 . 2010-08-17 18:58 38912 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe 2010-08-17 18:58 . 2010-08-17 18:58 38912 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe 2010-08-17 18:58 . 2010-08-17 18:57 103412296 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe 2010-08-17 18:58 . 2010-08-17 18:58 -------- d-----w- c:\programdata\NokiaInstallerCache 2010-08-16 12:14 . 2010-01-25 15:06 147456 ----a-w- c:\users\maxl\AppData\Roaming\Mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll 2010-08-16 12:14 . 2009-05-06 13:26 4096 ----a-w- c:\users\maxl\AppData\Roaming\Mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\libraries\detoured.dll 2010-08-16 11:12 . 2010-08-16 11:24 -------- d-----w- c:\program files\Traktor DJ Player 2010-08-13 19:18 . 2010-08-13 19:18 -------- d-----w- c:\program files\ElcomSoft 2010-08-13 19:18 . 2010-08-13 19:22 -------- d-----w- c:\program files\Advanced Archive Password Recovery 2010-08-13 15:08 . 2010-08-13 15:08 -------- d-----w- c:\programdata\Beatlock Technology 2010-08-12 16:33 . 2010-08-12 17:05 -------- d-----w- c:\users\maxl\AppData\Roaming\Mp3tag 2010-08-12 16:33 . 2010-08-12 16:33 -------- d-----w- c:\program files\Mp3tag 2010-08-12 09:53 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-12 09:51 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll 2010-08-12 09:50 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys 2010-08-11 08:45 . 2010-09-02 09:56 -------- d-----w- c:\program files\Common Files\Java . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-07 18:55 . 2009-10-25 15:07 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys 2010-09-07 17:50 . 2009-10-25 15:55 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-09-07 17:36 . 2009-10-25 15:59 -------- d-----w- c:\program files\ICQLite 2010-09-07 16:26 . 2010-01-25 13:11 -------- d-----w- c:\program files\JDownloader 2010-09-07 13:39 . 2009-07-14 08:47 664634 ----a-w- c:\windows\system32\perfh007.dat 2010-09-07 13:39 . 2009-07-14 08:47 134770 ----a-w- c:\windows\system32\perfc007.dat 2010-09-04 16:01 . 2010-03-17 12:43 -------- d-----w- c:\users\maxl\AppData\Roaming\uTorrent 2010-09-03 09:39 . 2009-12-30 14:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-02 22:04 . 2010-05-03 20:05 -------- d-----w- c:\programdata\FLEXnet 2010-09-02 21:51 . 2009-10-25 15:51 -------- d-----w- c:\program files\Common Files\Adobe 2010-09-02 21:43 . 2009-10-25 16:05 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-09-02 11:40 . 2009-11-15 14:50 -------- d-----w- c:\program files\Google 2010-09-02 09:57 . 2009-10-25 13:48 -------- d-----w- c:\program files\Java 2010-08-26 00:25 . 2010-03-27 15:23 -------- d-----w- c:\program files\Common Files\Real 2010-08-26 00:25 . 2010-03-27 15:23 -------- d-----w- c:\program files\Real 2010-08-23 21:45 . 2009-10-25 13:25 131256 ----a-w- c:\users\maxl\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-23 21:32 . 2010-01-15 11:06 -------- d-----w- c:\program files\Common Files\Nokia 2010-08-23 21:32 . 2010-01-15 11:04 -------- d-----w- c:\program files\Nokia 2010-08-17 19:26 . 2010-08-17 19:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf 2010-08-17 19:12 . 2010-08-17 19:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf 2010-08-17 19:03 . 2010-01-15 11:04 -------- d-----w- c:\programdata\OviInstallerCache 2010-08-13 18:59 . 2010-02-11 19:38 -------- d-----w- c:\program files\Akademische Arbeitsgemeinschaft 2010-08-13 00:06 . 2010-08-06 11:20 -------- d-----w- c:\program files\MP3-DJ 2010-08-10 22:04 . 2010-06-21 08:55 -------- d-----w- c:\program files\Netdraw-Free 2010-08-06 00:03 . 2010-08-06 00:03 -------- d-----w- c:\programdata\eMule 2010-08-05 22:40 . 2010-05-04 21:13 -------- d-----w- c:\program files\Tunatic 2010-08-05 13:38 . 2010-08-05 13:38 -------- d-----w- c:\users\maxl\AppData\Roaming\Mathsoft 2010-08-05 13:36 . 2010-08-05 13:36 94 ----a-w- c:\users\maxl\AppData\Local\fusioncache.dat 2010-08-05 13:36 . 2009-10-25 15:54 -------- d-----w- c:\program files\Common Files\InstallShield 2010-08-05 13:30 . 2010-08-05 13:30 -------- d-----w- c:\program files\Mathsoft 2010-07-31 06:15 . 2010-03-17 12:44 -------- d-----w- c:\program files\uTorrent 2010-07-29 06:30 . 2010-08-12 09:52 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30 . 2010-08-12 09:52 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-07-27 13:57 . 2010-07-27 13:57 49152 ----a-r- c:\windows\system32\inetwh32.dll 2010-07-27 13:57 . 2010-07-27 13:57 1044480 ----a-r- c:\windows\system32\roboex32.dll 2010-07-24 10:32 . 2010-07-24 10:32 -------- d-----w- c:\users\maxl\AppData\Roaming\DivX 2010-07-17 03:00 . 2010-05-02 18:15 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-30 06:25 . 2010-08-12 09:52 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-22 02:47 . 2010-08-12 09:52 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-22 02:47 . 2010-08-12 09:52 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-06-22 02:47 . 2010-08-12 09:52 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-06-21 08:55 . 2010-06-21 08:55 40960 ----a-r- c:\users\maxl\AppData\Roaming\Microsoft\Installer\{BADA5821-F6D3-49E9-945B-ADE46F792B46}\NETDRW32.exe1_BADA5821F6D349E9945BADE46F792B46.exe 2010-06-21 08:55 . 2010-06-21 08:55 40960 ----a-r- c:\users\maxl\AppData\Roaming\Microsoft\Installer\{BADA5821-F6D3-49E9-945B-ADE46F792B46}\NETDRW32.exe_BADA5821F6D349E9945BADE46F792B46.exe 2010-06-21 08:55 . 2010-06-21 08:55 40960 ----a-r- c:\users\maxl\AppData\Roaming\Microsoft\Installer\{BADA5821-F6D3-49E9-945B-ADE46F792B46}\ARPPRODUCTICON.exe 2010-06-21 08:48 . 2010-06-21 08:48 40960 ----a-r- c:\users\maxl\AppData\Roaming\Microsoft\Installer\{17E34776-B06A-4AFB-BA31-1BB17E9E107B}\ARPPRODUCTICON.exe 2010-06-19 06:33 . 2010-08-12 09:52 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-19 06:33 . 2010-08-12 09:52 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:23 . 2010-08-12 09:52 37376 ----a-w- c:\windows\system32\rtutils.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] " Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936] Windows Live Mail.lnk - c:\program files\Windows Live\Mail\wlmail.exe [2009-7-26 112464] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2004-12-14 01:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-01-22 10:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVZ-Service] 2010-05-03 09:07 78848 ------w- c:\lvz\LVZ-Service-Tray.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-05-28 07:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-09-01 15:21 328568 ----a-w- c:\program files\uTorrent\uTorrent.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 135664] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-07 375808] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1343400] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-21 691696] S0 OODrvled;OODrvled;c:\windows\system32\DRIVERS\OODrvled.sys [2009-09-28 25608] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 O&O DriveLED;O&O DriveLED Service;c:\program files\OO Software\DriveLED\oodlag.exe [2009-09-28 529664] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-01 29472] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368] S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] . Inhalt des "geplante Tasks" Ordners 2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 14:50] 2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 14:50] . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = *.local IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm FF - ProfilePath - c:\users\maxl\AppData\Roaming\Mozilla\Firefox\Profiles\jkx2zej4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - eBay FF - prefs.js: browser.startup.homepage - www.google.de FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll FF - component: c:\users\maxl\AppData\Roaming\Mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll FF - plugin: c:\windows\system32\Wat\npWatWeb.dll ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . ------- Dateityp-Verknüpfung ------- . inifile="c:\lvz\TOOLS\EmEditor.EXE" "%1"?? .scr=AutoCADScriptFile . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2010-09-07 21:08:12 ComboFix-quarantined-files.txt 2010-09-07 19:08 Vor Suchlauf: 5.550.170.112 Bytes frei Nach Suchlauf: 5.446.467.584 Bytes frei - - End Of File - - A0ADF89DD65CE7DD4F4D133E0AB10973 |
08.09.2010, 12:25 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMER Auswertung verdacht auf Rootkit Ok. Bitte nun ein Log OSAM erstellen und posten. Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
08.09.2010, 13:13 | #11 |
| GMER Auswertung verdacht auf RootkitCode:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:08:58 on 08.09.2010 OS: Windows 7 (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl "plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl "styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys "catchme" (catchme) - ? - C:\Users\maxl\AppData\Local\Temp\catchme.sys (File not found) "CdaC15BA" (CdaC15BA) - "Macrovision Europe Ltd" - C:\Windows\system32\drivers\CDAC15BA.SYS "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "Notebook Hardware Control Driver" (nhcDriverDevice) - "pBUS-167 Software - hxxp://www.pbus-167.com" - C:\Windows\system32\drivers\nhcDriver.sys "NSNDIS5 NDIS Protocol Driver" (NSNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\NSNDIS5.SYS "OODrvled" (OODrvled) - "O&O Software GmbH" - C:\Windows\System32\DRIVERS\OODrvled.sys "Sony Ericsson USB Flash Driver" (ggsemc) - "Sony Ericsson Mobile Communications" - C:\Windows\System32\DRIVERS\ggsemc.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk" - C:\Windows\system32\AcSignIcon.dll {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll (File found, but it contains no detailed information) {E4D8441D-F89C-4b5c-90AC-A857E1768F1F} "Haali Matroska Thumbnail Exctractor" - ? - (File not found | COM-object registry key not found) {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CC450D71-CC90-424C-8638-1F2DBAC87A54} "ArmHelper Control" - ? - ./Images/armhelper.ocx (File not found) / file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.5.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL "Sothink SWF Catcher" - ? - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Windows Live Mail.lnk" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\wlmail.exe (Shortcut exists | File exists) "Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "MSSE" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe "C-DillaCdaC11BA" (C-DillaCdaC11BA) - "Macrovision" - C:\Windows\system32\drivers\CDAC11BA.EXE "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Macromedia Licensing Service" (Macromedia Licensing Service) - "Macromedia" - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "O&O DriveLED Service" (O&O DriveLED) - "O&O Software GmbH" - C:\Program Files\OO Software\DriveLED\oodlag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter .\debug.cpp(238) : Debug log started at 08.09.2010 - 12:10:43 .\boot_cleaner.cpp(527) : Bootkit Remover .\boot_cleaner.cpp(528) : (c) 2009 eSage Lab .\boot_cleaner.cpp(529) : www.esagelab.com .\boot_cleaner.cpp(533) : Program version: 1.2.0.0 .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 (build 7600), 32-bit .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x82c54000 0x00410000 "\SystemRoot\system32\ntkrnlpa.exe" .\debug.cpp(256) : 0x82c1d000 0x00037000 "\SystemRoot\system32\halmacpi.dll" .\debug.cpp(256) : 0x80bc9000 0x00008000 "\SystemRoot\system32\kdcom.dll" .\debug.cpp(256) : 0x83209000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll" .\debug.cpp(256) : 0x83281000 0x00011000 "\SystemRoot\system32\PSHED.dll" .\debug.cpp(256) : 0x83292000 0x00008000 "\SystemRoot\system32\BOOTVID.dll" .\debug.cpp(256) : 0x8329a000 0x00042000 "\SystemRoot\system32\CLFS.SYS" .\debug.cpp(256) : 0x832dc000 0x000ab000 "\SystemRoot\system32\CI.dll" .\debug.cpp(256) : 0x83387000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys" .\debug.cpp(256) : 0x8ae04000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS" .\debug.cpp(256) : 0x8ae12000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys" .\debug.cpp(256) : 0x8ae5a000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS" .\debug.cpp(256) : 0x8ae63000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys" .\debug.cpp(256) : 0x8ae6b000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys" .\debug.cpp(256) : 0x8ae76000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys" .\debug.cpp(256) : 0x8aea0000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys" .\debug.cpp(256) : 0x8aeb1000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys" .\debug.cpp(256) : 0x8aeb9000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0x8aec4000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys" .\debug.cpp(256) : 0x8aed4000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys" .\debug.cpp(256) : 0x8af1f000 0x00007000 "\SystemRoot\system32\DRIVERS\intelide.sys" .\debug.cpp(256) : 0x8af26000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS" .\debug.cpp(256) : 0x8af34000 0x0002e000 "\SystemRoot\system32\DRIVERS\pcmcia.sys" .\debug.cpp(256) : 0x8af62000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys" .\debug.cpp(256) : 0x8af78000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys" .\debug.cpp(256) : 0x8af81000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS" .\debug.cpp(256) : 0x8afa4000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys" .\debug.cpp(256) : 0x8afad000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys" .\debug.cpp(256) : 0x8afe1000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys" .\debug.cpp(256) : 0x8aff2000 0x0000b000 "\SystemRoot\system32\DRIVERS\OODrvled.sys" .\debug.cpp(256) : 0x8b023000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys" .\debug.cpp(256) : 0x8b152000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys" .\debug.cpp(256) : 0x8b17d000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys" .\debug.cpp(256) : 0x8b190000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys" .\debug.cpp(256) : 0x8b1ed000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys" .\debug.cpp(256) : 0x8b000000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys" .\debug.cpp(256) : 0x8b21e000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys" .\debug.cpp(256) : 0x8b2d5000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS" .\debug.cpp(256) : 0x8b313000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys" .\debug.cpp(256) : 0x8b435000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys" .\debug.cpp(256) : 0x8b57e000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys" .\debug.cpp(256) : 0x8b5af000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys" .\debug.cpp(256) : 0x8b5b8000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys" .\debug.cpp(256) : 0x8b5f7000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys" .\debug.cpp(256) : 0x8b400000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys" .\debug.cpp(256) : 0x8b338000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys" .\debug.cpp(256) : 0x8b42d000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys" .\debug.cpp(256) : 0x8b348000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys" .\debug.cpp(256) : 0x8b37a000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys" .\debug.cpp(256) : 0x8b38b000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS" .\debug.cpp(256) : 0x8fa0e000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0x8fa2d000 0x00023000 "\SystemRoot\system32\DRIVERS\MpFilter.sys" .\debug.cpp(256) : 0x8fa50000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0x8fa57000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0x8fa5e000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0x8fa6a000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS" .\debug.cpp(256) : 0x8fa8b000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys" .\debug.cpp(256) : 0x8fa98000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0x8faa0000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys" .\debug.cpp(256) : 0x8faa8000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys" .\debug.cpp(256) : 0x8fab0000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0x8fabb000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0x8fac9000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys" .\debug.cpp(256) : 0x8fae0000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0x8faeb000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys" .\debug.cpp(256) : 0x8fb45000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0x8fb77000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys" .\debug.cpp(256) : 0x8fb7e000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys" .\debug.cpp(256) : 0x8fb9d000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys" .\debug.cpp(256) : 0x8fbae000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0x8fbbc000 0x00006000 "\SystemRoot\System32\Drivers\StarOpen.SYS" .\debug.cpp(256) : 0x8fbc2000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0x90018000 0x00035000 "\SystemRoot\System32\drivers\truecrypt.sys" .\debug.cpp(256) : 0x9004d000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0x9005d000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0x9009e000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys" .\debug.cpp(256) : 0x900a8000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0x900b2000 0x00005000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys" .\debug.cpp(256) : 0x900b7000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys" .\debug.cpp(256) : 0x900c3000 0x00064000 "\SystemRoot\system32\drivers\csc.sys" .\debug.cpp(256) : 0x90127000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys" .\debug.cpp(256) : 0x9013f000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys" .\debug.cpp(256) : 0x9014d000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys" .\debug.cpp(256) : 0x9016e000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0x9063f000 0x00509000 "\SystemRoot\system32\DRIVERS\igdkmd32.sys" .\debug.cpp(256) : 0x90b48000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys" .\debug.cpp(256) : 0x90600000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys" .\debug.cpp(256) : 0x90180000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys" .\debug.cpp(256) : 0x91a1c000 0x00413000 "\SystemRoot\system32\DRIVERS\netw5v32.sys" .\debug.cpp(256) : 0x91e2f000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0x91e3a000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0x91e85000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0x91e94000 0x0000f000 "\SystemRoot\system32\DRIVERS\Rtnicxp.sys" .\debug.cpp(256) : 0x91ea3000 0x0002c000 "\SystemRoot\system32\DRIVERS\1394ohci.sys" .\debug.cpp(256) : 0x91ecf000 0x00019000 "\SystemRoot\system32\DRIVERS\sdbus.sys" .\debug.cpp(256) : 0x91ee8000 0x00011000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys" .\debug.cpp(256) : 0x91ef9000 0x00014000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys" .\debug.cpp(256) : 0x91f0d000 0x00052000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys" .\debug.cpp(256) : 0x91f5f000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0x91f63000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0x91f7b000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0x91f88000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0x91f95000 0x00018000 "\SystemRoot\System32\Drivers\AnyDVD.sys" .\debug.cpp(256) : 0x91fad000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys" .\debug.cpp(256) : 0x91fba000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys" .\debug.cpp(256) : 0x91fcc000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0x91fe4000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0x9019f000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0x91a00000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0x901c1000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0x901d8000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys" .\debug.cpp(256) : 0x91fef000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys" .\debug.cpp(256) : 0x91ff9000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0x96417000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0x9644b000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys" .\debug.cpp(256) : 0x96459000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0x9649d000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0x964ae000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys" .\debug.cpp(256) : 0x964fe000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0x9652d000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0x96546000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys" .\debug.cpp(256) : 0x96553000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys" .\debug.cpp(256) : 0x9655e000 0x00009000 "\SystemRoot\System32\Drivers\dump_atapi.sys" .\debug.cpp(256) : 0x96567000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys" .\debug.cpp(256) : 0x82180000 0x0024a000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0x96578000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0x96582000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys" .\debug.cpp(256) : 0x823e0000 0x00009000 "\SystemRoot\System32\TSDDD.dll" .\debug.cpp(256) : 0x82020000 0x0001e000 "\SystemRoot\System32\cdd.dll" .\debug.cpp(256) : 0x9658d000 0x00012000 "\SystemRoot\System32\Drivers\BTHUSB.sys" .\debug.cpp(256) : 0x8c23f000 0x00064000 "\SystemRoot\System32\Drivers\bthport.sys" .\debug.cpp(256) : 0x8c2a3000 0x00002000 "\SystemRoot\System32\Drivers\USBD.SYS" .\debug.cpp(256) : 0x8c2a5000 0x00024000 "\SystemRoot\system32\DRIVERS\rfcomm.sys" .\debug.cpp(256) : 0x8c2c9000 0x0000d000 "\SystemRoot\system32\DRIVERS\BthEnum.sys" .\debug.cpp(256) : 0x8c2d6000 0x0001b000 "\SystemRoot\system32\DRIVERS\bthpan.sys" .\debug.cpp(256) : 0x8c2f1000 0x00012000 "\SystemRoot\system32\DRIVERS\bthmodem.sys" .\debug.cpp(256) : 0x8c303000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys" .\debug.cpp(256) : 0x8c310000 0x00073000 "\SystemRoot\system32\drivers\btwavdt.sys" .\debug.cpp(256) : 0x8c383000 0x0001b000 "\SystemRoot\system32\DRIVERS\hidbth.sys" .\debug.cpp(256) : 0x8c39e000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0x8c3b1000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0x8c835000 0x00081000 "\SystemRoot\system32\drivers\btwaudio.sys" .\debug.cpp(256) : 0x8c8b6000 0x0000b000 "\SystemRoot\system32\DRIVERS\btwl2cap.sys" .\debug.cpp(256) : 0x8c8c1000 0x00003000 "\SystemRoot\system32\DRIVERS\btwrchid.sys" .\debug.cpp(256) : 0x8c8c4000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys" .\debug.cpp(256) : 0x8c8cf000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys" .\debug.cpp(256) : 0x8c8ea000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys" .\debug.cpp(256) : 0x8c904000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys" .\debug.cpp(256) : 0x8c914000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys" .\debug.cpp(256) : 0x8c95a000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0x8c96a000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys" .\debug.cpp(256) : 0x98428000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys" .\debug.cpp(256) : 0x984ad000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys" .\debug.cpp(256) : 0x984c6000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys" .\debug.cpp(256) : 0x984d8000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0x984fb000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys" .\debug.cpp(256) : 0x98536000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys" .\debug.cpp(256) : 0x98569000 0x00003000 "\??\C:\Windows\system32\drivers\CDAC15BA.SYS" .\debug.cpp(256) : 0x9856c000 0x00009000 "\SystemRoot\system32\DRIVERS\MpNWMon.sys" .\debug.cpp(256) : 0xac816000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys" .\debug.cpp(256) : 0xac8ad000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS" .\debug.cpp(256) : 0xac8b7000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys" .\debug.cpp(256) : 0xac8d8000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys" .\debug.cpp(256) : 0xac8e5000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys" .\debug.cpp(256) : 0xac934000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys" .\debug.cpp(256) : 0xac985000 0x0000a000 "\??\C:\Windows\system32\drivers\nhcDriver.sys" .\debug.cpp(256) : 0xac800000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys" .\debug.cpp(256) : 0x76ea0000 0x0013c000 "\Windows\System32\ntdll.dll" .\debug.cpp(256) : 0x47ea0000 0x00013000 "\Windows\System32\smss.exe" .\debug.cpp(256) : 0x770e0000 0x00050000 "\Windows\System32\apisetschema.dll" .\debug.cpp(256) : 0x003b0000 0x000a6000 "\Windows\System32\autochk.exe" .\debug.cpp(256) : 0x76d60000 0x00135000 "\Windows\System32\urlmon.dll" .\debug.cpp(256) : 0x77000000 0x000cc000 "\Windows\System32\msctf.dll" .\debug.cpp(256) : 0x76ff0000 0x00006000 "\Windows\System32\nsi.dll" .\debug.cpp(256) : 0x76c90000 0x000c9000 "\Windows\System32\user32.dll" .\debug.cpp(256) : 0x76bf0000 0x000a0000 "\Windows\System32\advapi32.dll" .\debug.cpp(256) : 0x76bd0000 0x0001f000 "\Windows\System32\imm32.dll" .\debug.cpp(256) : 0x76b70000 0x00057000 "\Windows\System32\shlwapi.dll" .\debug.cpp(256) : 0x76fe0000 0x0000a000 "\Windows\System32\lpk.dll" .\debug.cpp(256) : 0x76b30000 0x00035000 "\Windows\System32\ws2_32.dll" .\debug.cpp(256) : 0x76990000 0x0019d000 "\Windows\System32\setupapi.dll" .\debug.cpp(256) : 0x76790000 0x001f9000 "\Windows\System32\iertutil.dll" .\debug.cpp(256) : 0x766f0000 0x0009d000 "\Windows\System32\usp10.dll" .\debug.cpp(256) : 0x766e0000 0x00003000 "\Windows\System32\normaliz.dll" .\debug.cpp(256) : 0x76650000 0x0008f000 "\Windows\System32\oleaut32.dll" .\debug.cpp(256) : 0x765d0000 0x0007b000 "\Windows\System32\comdlg32.dll" .\debug.cpp(256) : 0x75980000 0x00c49000 "\Windows\System32\shell32.dll" .\debug.cpp(256) : 0x75930000 0x0004e000 "\Windows\System32\gdi32.dll" .\debug.cpp(256) : 0x758d0000 0x00052000 "\Windows\System32\difxapi.dll" .\debug.cpp(256) : 0x75820000 0x000a1000 "\Windows\System32\rpcrt4.dll" .\debug.cpp(256) : 0x75740000 0x000d4000 "\Windows\System32\kernel32.dll" .\debug.cpp(256) : 0x75690000 0x000ac000 "\Windows\System32\msvcrt.dll" .\debug.cpp(256) : 0x75660000 0x0002a000 "\Windows\System32\imagehlp.dll" .\debug.cpp(256) : 0x75610000 0x00045000 "\Windows\System32\Wldap32.dll" .\debug.cpp(256) : 0x75600000 0x00005000 "\Windows\System32\psapi.dll" .\debug.cpp(256) : 0x75500000 0x000f4000 "\Windows\System32\wininet.dll" .\debug.cpp(256) : 0x75470000 0x00083000 "\Windows\System32\clbcatq.dll" .\debug.cpp(256) : 0x75450000 0x00019000 "\Windows\System32\sechost.dll" .\debug.cpp(256) : 0x752f0000 0x0015c000 "\Windows\System32\ole32.dll" .\debug.cpp(256) : 0x751d0000 0x0011c000 "\Windows\System32\crypt32.dll" .\debug.cpp(256) : 0x75140000 0x00084000 "\Windows\System32\comctl32.dll" .\debug.cpp(256) : 0x750f0000 0x0004a000 "\Windows\System32\KernelBase.dll" .\debug.cpp(256) : 0x750d0000 0x00012000 "\Windows\System32\devobj.dll" .\debug.cpp(256) : 0x750a0000 0x00027000 "\Windows\System32\cfgmgr32.dll" .\debug.cpp(256) : 0x75070000 0x0002d000 "\Windows\System32\wintrust.dll" .\debug.cpp(256) : 0x75060000 0x0000c000 "\Windows\System32\msasn1.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination "\Device\HarddiskVolume3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\000000b6" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination "\Device\Ndis" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice" .\debug.cpp(400) : Destination "\Device\WUDFLpcDevice" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM12" .\debug.cpp(400) : Destination "\Device\BthModem3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\0000005a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6C272675-58EE-4043-A4D3-92DBADB1B5F0}" .\debug.cpp(400) : Destination "\Device\NDMP21" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination "\Device\Video0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ00#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\00000068" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000005b" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000058" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000017" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN" .\debug.cpp(400) : Destination "\Device\AgileVPN" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&00010001_PID&00b1#7&6570f76&0&9C18743BEF75_C00000000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination "\Device\BthModem5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}" .\debug.cpp(400) : Destination "\Device\00000081" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination "\Device\00000061" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0010#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\0000000b" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000005" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination "\Device\Video1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0A5C&PID_2101#5&20d213d1&0&2#{0850302a-b344-4fda-9be9-90576b8d46f0}" .\debug.cpp(400) : Destination "\Device\USBPDO-5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f#7&6570f76&0&0012D29A6CED_C00000000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination "\Device\BthModem6" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_207A17AA&REV_05#4&221001b3&0&34F0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3417dd3f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000001" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination "\Device\Video2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:" .\debug.cpp(400) : Destination "\Device\CdRom0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000059" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001101-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000#7&6570f76&0&00265D8220F5_C00000000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\BthModem3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM15" .\debug.cpp(400) : Destination "\Device\BthModem0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination "\Device\Video3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CD2E3D66-3902-491D-948F-69FF30710F4A}" .\debug.cpp(400) : Destination "\Device\NDMP10" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{64FBB26A-6A9B-4A9B-A3BA-C9DF740698EC}" .\debug.cpp(400) : Destination "\Device\NDMP4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice" .\debug.cpp(400) : Destination "\Device\WMIAdminDevice" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BthPan" .\debug.cpp(400) : Destination "\Device\BthPan" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3" .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________TX07____#5&17dfe16a&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000001" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000001" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement" .\debug.cpp(400) : Destination "\Device\ProcessManagement" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000#7&6570f76&0&00265D4D0861_C00000001#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination "\Device\BthModem2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM16" .\debug.cpp(400) : Destination "\Device\BthModem8" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination "\Device\Video4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2b630f55&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}" .\debug.cpp(400) : Destination "\Device\NDMP26" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_206B17AA&REV_02#3&33fd14ca&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A42A3278-A2D8-49A9-A557-4A0B646886F0}" .\debug.cpp(400) : Destination "\Device\NDMP7" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{13D56F7F-5899-4AD6-AED9-C70BC8292B80}" .\debug.cpp(400) : Destination "\Device\NDMP1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl" .\debug.cpp(400) : Destination "\Device\VolMgrControl" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTWAVDT" .\debug.cpp(400) : Destination "\Device\BTWAVDT" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&00010001_PID&00b1#7&6570f76&0&9C18743BEF75_C00000000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\BthModem5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPLCF00#4&1ce21d91&0&UID67568640#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}" .\debug.cpp(400) : Destination "\Device\00000083" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6" .\debug.cpp(400) : Destination "\Device\Video5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000061" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\00000069" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination "\Device\00000079" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&f592d36&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination "\Device\CompositeBattery" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination "\Device\WMIDataDevice" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun" .\debug.cpp(400) : Destination "\Device\TeredoTun" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice" .\debug.cpp(400) : Destination "\Device\SPDevice" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000056" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPLCF00#4&1ce21d91&0&UID67568640#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}" .\debug.cpp(400) : Destination "\Device\00000083" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&17c1fb17&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&80272ba&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000007a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000003" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{08166d0e-c163-11de-b1b6-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000001" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth" .\debug.cpp(400) : Destination "\Device\PEAuth" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A8ADC3FF-8301-4CEA-9DCB-9DCF8C113DDA}" .\debug.cpp(400) : Destination "\Device\NDMP23" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0019#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000014" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{012BB052-079E-4635-9B33-B453A1D64325}" .\debug.cpp(400) : Destination "\Device\NDMP19" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination "\Device\NamedPipe" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0012#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000000d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000007" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000004" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt" .\debug.cpp(400) : Destination "\Device\vwififlt" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3" .\debug.cpp(400) : Destination "\Device\BthModem6" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6352E677-B159-4B05-B40B-A5539EBC9951}" .\debug.cpp(400) : Destination "\Device\NDMP14" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination "\Device\Mup" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2F8A220-AF88-446C-9A55-453E58DD3A33}" .\debug.cpp(400) : Destination "\Device\NDMP37" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\000000b7" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM4" .\debug.cpp(400) : Destination "\Device\BthModem2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\00000061" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_206C17AA&REV_02#3&33fd14ca&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched" .\debug.cpp(400) : Destination "\Device\Psched" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1" .\debug.cpp(400) : Destination "\Device\HarddiskVolume1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f58d069d-c164-11de-9e12-00197efb8ca2}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0016#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000011" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4227&SUBSYS_10118086&REV_02#4&195a0dc1&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination "\Device\USBFDO-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standardmäßige Modem-über-Bluetooth-Verbindung #2" .\debug.cpp(400) : Destination "\Device\BthModem2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM5" .\debug.cpp(400) : Destination "\Device\BthModem1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0A5C&PID_2101#5&20d213d1&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination "\Device\USBPDO-5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}" .\debug.cpp(400) : Destination "\Device\NDMP32" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_206F17AA&REV_02#3&33fd14ca&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000017" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TrueCrypt" .\debug.cpp(400) : Destination "\Device\TrueCrypt" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination "\Device\Tcp" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________TX07____#5&17dfe16a&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0017#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000012" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000003" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination "\Device\00000083" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&00010001_PID&006e#7&6570f76&0&1886AC8C1B46_C00000000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination "\Device\BthModem4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001101-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f#7&6570f76&0&000DB5824D40_C00000000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\BthModem0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001101-0000-1000-8000-00805f9b34fb}_LOCALMFG&0000#7&6570f76&0&000000000000_00000002#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\BthModem7" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standardmäßige Modem-über-Bluetooth-Verbindung #3" .\debug.cpp(400) : Destination "\Device\BthModem5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM6" .\debug.cpp(400) : Destination "\Device\BthModem7" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination "\Device\USBFDO-1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3" .\debug.cpp(400) : Destination "\Device\HarddiskVolume3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}" .\debug.cpp(400) : Destination "\Device\00000063" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&80272ba&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\0000007b" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM7" .\debug.cpp(400) : Destination "\Device\BthModem5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standardmäßige Modem-über-Bluetooth-Verbindung #4" .\debug.cpp(400) : Destination "\Device\BthModem4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&269f8da8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000061" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\00000061" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination "\Device\USBFDO-2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0011#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\0000000c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000006" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{83B3723F-0E48-46AA-9A23-FCB17106C253}" .\debug.cpp(400) : Destination "\Device\NDMP6" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination "\DosDevices\LPT1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1" .\debug.cpp(400) : Destination "\Device\HarddiskVolume1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000006c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{08166d11-c163-11de-b1b6-806e6f6e6963}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#{00001124-0000-1000-8000-00805f9b34fb}_VID&0001045e_PID&007c&Col01#8&20ca4260&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination "\Device\000000b2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination "\Device\00000062" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination "\Device\CdRom0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice" .\debug.cpp(400) : Destination "\Device\IPSECDOSP" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000081" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000061" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3" .\debug.cpp(400) : Destination "\Device\USBFDO-3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination "\Device\FsWrap" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{08166d12-c163-11de-b1b6-806e6f6e6963}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#{84a1e9b8-12ba-4a9c-8ab0-a43784e0d149}_LOCALMFG&0000#8&19a75450&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination "\Device\000000b4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{e849804e-c719-43d8-ac88-96b894c191e2}" .\debug.cpp(400) : Destination "\Device\00000079" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0843&SUBSYS_207817AA&REV_01#4&221001b3&0&32F0#{ba39d8e2-30c9-11d4-b3cd-d916bda91711}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\0000005c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4" .\debug.cpp(400) : Destination "\Device\USBFDO-4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9CFAE5BF-4A6A-4339-A4E5-5D14C8C97295}" .\debug.cpp(400) : Destination "\Device\NDMP18" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3" .\debug.cpp(400) : Destination "\Device\HarddiskVolume3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\00000064" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&f592d36&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination "\GLOBAL??" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0592&SUBSYS_207917AA&REV_0A#4&221001b3&0&33F0#{d2d3b8e3-2400-448c-8c0d-79abecfcfda3}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000058" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1A28CC9A-1A96-4C77-B706-C37E831C0E91}" .\debug.cpp(400) : Destination "\Device\NDMP2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:" .\debug.cpp(400) : Destination "\clfs" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000005d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0011#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000000c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000006" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&80272ba&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\0000007a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001101-0000-1000-8000-00805f9b34fb}_LOCALMFG&0000#7&6570f76&0&000000000000_00000003#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\BthModem8" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTH#MS_BTHPAN#6&1444bbe2&0&2#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000086" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standardmäßige Modem-über-Bluetooth-Verbindung" .\debug.cpp(400) : Destination "\Device\BthModem6" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0BB246B8-5390-4ADD-9747-C2F3F1DD5242}" .\debug.cpp(400) : Destination "\Device\NDMP8" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\000000b6" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv" .\debug.cpp(400) : Destination "\Device\Secdrv" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&00010001_PID&006e#7&6570f76&0&1886AC8C1B46_C00000000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\BthModem4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{a17579f0-4fec-4936-9364-249460863be5}" .\debug.cpp(400) : Destination "\Device\00000081" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D84C3DD2-7BC5-4992-A91D-AEF998552E13}" .\debug.cpp(400) : Destination "\Device\NDMP25" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000004" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\StarOpen" .\debug.cpp(400) : Destination "\Device\StarOpen" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\000000b7" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F3854AE8-DE98-48CE-A6D4-ADC5DB12996F}" .\debug.cpp(400) : Destination "\Device\NDMP15" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}" .\debug.cpp(400) : Destination "\Device\00000081" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdaC17BA" .\debug.cpp(400) : Destination "\Device\CdaC17BA" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip" .\debug.cpp(400) : Destination "\Device\nativewifip" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}" .\debug.cpp(400) : Destination "\Device\NDMP33" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\0000005b" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0010#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000000b" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000005" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTH#MS_BTHPAN#6&1444bbe2&0&2#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000086" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#{00001124-0000-1000-8000-00805f9b34fb}_VID&0001045e_PID&007c&Col01#8&20ca4260&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\000000b2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\0000005d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination "\Device\MountPointManager" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000057" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000081" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000059" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{63FB0EBB-63F5-4981-8026-C4DA8985A1A4}" .\debug.cpp(400) : Destination "\Device\NDMP20" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A366669C-6278-4D71-B34A-1A8C2C327EF3}" .\debug.cpp(400) : Destination "\Device\NDMP11" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{08166d15-c163-11de-b1b6-806e6f6e6963}" .\debug.cpp(400) : Destination "\Device\CdRom0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi" .\debug.cpp(400) : Destination "\Device\Nsi" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0018#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000013" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0015#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000010" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0009#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000000a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination "\Device\00000081" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5256A5F3-136E-4193-B033-E634FF397DBA}" .\debug.cpp(400) : Destination "\Device\NDMP5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination "\Device\WANARP" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl" .\debug.cpp(400) : Destination "\Device\PartmgrControl" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nhcDriverDevice" .\debug.cpp(400) : Destination "\Device\nhcDriverDevice" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice" .\debug.cpp(400) : Destination "\Device\NXTIPSEC" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000057" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}" .\debug.cpp(400) : Destination "\Device\NDMP27" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F3FD4E9E-962D-47D7-8B97-5D67A6E80929}" .\debug.cpp(400) : Destination "\Device\NDMP24" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0014#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\0000000f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0008#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000009" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{08166d0e-c163-11de-b1b6-806e6f6e6963}#00000008C3D00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000061" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000000f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0008#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000009" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev" .\debug.cpp(400) : Destination "\Device\WFP" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt" .\debug.cpp(400) : Destination "\Device\WwanProt" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination "\Device\NDMP29" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC" .\debug.cpp(400) : Destination "\Device\ASYNCMAC" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_206E17AA&REV_02#3&33fd14ca&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0016#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000011" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DE6E3624-BA23-47D2-AB6E-E872366D6B1D}" .\debug.cpp(400) : Destination "\Device\NDMP3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination "\Device\Ide\IdePort0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO" .\debug.cpp(400) : Destination "\Device\ElbyCDIO" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6" .\debug.cpp(400) : Destination "\Device\WANARPV6" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000006a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0019#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000014" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination "\Device\000000b5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0017#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000012" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AD68D78F-88B7-4AC7-8AFB-8FCCE4D46157}" .\debug.cpp(400) : Destination "\Device\NDMP17" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9A51D8F8-A5CB-41EC-8F72-979F7F4CC571}" .\debug.cpp(400) : Destination "\Device\NDMP12" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0" .\debug.cpp(400) : Destination "\Device\1394BUS0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\OODrvLed" .\debug.cpp(400) : Destination "\FileSystem\Filters\OODrvLed" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{08166d0e-c163-11de-b1b6-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#{00001124-0000-1000-8000-00805f9b34fb}_VID&0001045e_PID&007c&Col02#8&20ca4260&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination "\Device\000000b3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHITACHI_HTS541612J9SA00_________________SBDIC7UP#5&2a99920f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000005c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&a49ab80&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\00000061" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000056" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3E2A0055-0602-46CC-9838-B9B9ACC93F14}" .\debug.cpp(400) : Destination "\Device\NDMP36" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination "\Device\NdisWan" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd" .\debug.cpp(400) : Destination "\Device\AscKmd" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTWL2CAP" .\debug.cpp(400) : Destination "\Device\BTWL2CAP" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14_-_Intel(R)_Core(TM)_Duo_CPU______T2450__@_2.00GHz#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination "\Device\00000066" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH" .\debug.cpp(400) : Destination "\Device\NDMP28" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination "\Device\Ide\IdePort1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice" .\debug.cpp(400) : Destination "\Device\MPS" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f#7&6570f76&0&0012D29A6CED_C00000000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\BthModem6" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0012#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\0000000d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000007" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{252F1CC2-C333-42A4-A5A4-08951EAA4A77}" .\debug.cpp(400) : Destination "\Device\NDMP35" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_207417AA&REV_10#4&221001b3&0&08F0#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination "\Device\VolMgrControl" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination "\Device\MailSlot" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{18371FB9-3371-476A-9B6A-596FAACC0DE2}" .\debug.cpp(400) : Destination "\Device\NDMP34" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_206217AA&REV_03#3&33fd14ca&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14_-_Intel(R)_Core(TM)_Duo_CPU______T2450__@_2.00GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination "\Device\00000067" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}" .\debug.cpp(400) : Destination "\Device\NDMP31" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6" .\debug.cpp(400) : Destination "\Device\NDMP30" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0020#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000015" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0013#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\0000000e" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0007#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000008" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination "\DosDevices\COM1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination "" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_207417AA&REV_10#4&221001b3&0&08F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv" .\debug.cpp(400) : Destination "\Device\SstpDrv" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdaC15BA" .\debug.cpp(400) : Destination "\Device\CdaC15BA" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination "\Device\Ndisuio" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\00000060" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000#7&6570f76&0&00265D4D0861_C00000001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\BthModem2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001101-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000#7&6570f76&0&00265D4D0861_C00000001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\BthModem1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_207617AA&REV_00#4&221001b3&0&30F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0015#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000010" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0009#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\0000000a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination "\Device\Null" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT" .\debug.cpp(400) : Destination "\Device\00000063" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000081" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_206217AA&REV_03#3&33fd14ca&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0020#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000015" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0013#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000000e" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0007#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000008" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle" .\debug.cpp(400) : Destination "\Device\WfpAle" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\0000005f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_206D17AA&REV_02#3&33fd14ca&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0AE96C60-4B97-4AA5-B0BB-61127698384B}" .\debug.cpp(400) : Destination "\Device\NDMP16" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{39E886AE-A379-4430-B394-9B2DF01F6F62}" .\debug.cpp(400) : Destination "\Device\NDMP9" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000005a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM11" .\debug.cpp(400) : Destination "\Device\BthModem4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4227&SUBSYS_10118086&REV_02#4&195a0dc1&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0018#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination "\Device\00000013" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E129510B-21DA-4EBE-9E58-233E27188141}" .\debug.cpp(400) : Destination "\Device\NDMP13" .\debug.cpp(409) : -- .\debug.cpp(453) : ********************************************** .\boot_cleaner.cpp(565) : System volume is \\.\C: .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000 .\boot_cleaner.cpp(276) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff .\boot_cleaner.cpp(1060) : .\boot_cleaner.cpp(1061) : Size Device Name MBR Status .\boot_cleaner.cpp(1062) : -------------------------------------------- .\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) .\boot_cleaner.cpp(1112) : .\boot_cleaner.cpp(1151) : Done; |
08.09.2010, 14:02 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMER Auswertung verdacht auf Rootkit Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
08.09.2010, 16:57 | #13 | |
| GMER Auswertung verdacht auf Rootkit Ok erstmal vielen Dank. Die Log-Files kommen gleich ... Ich habe aber dennoch zwei Fragen. 1. Was war es denn nun genau bzw. hast du gar nichts finden können? 2. Was bedeutet in der GMER-Auswertung diese Zeilen? Zitat:
|
08.09.2010, 19:00 | #14 |
| GMER Auswertung verdacht auf RootkitCode:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4571 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 08.09.2010 17:59:04 mbam-log-2010-09-08 (17-59-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 278630 Laufzeit: 1 Stunde(n), 10 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 09/08/2010 at 07:56 PM Application Version : 4.42.1000 Core Rules Database Version : 5471 Trace Rules Database Version: 3283 Scan type : Complete Scan Total Scan Time : 01:45:43 Memory items scanned : 637 Memory threats detected : 0 Registry items scanned : 10419 Registry threats detected : 0 File items scanned : 146285 File threats detected : 13 Adware.Tracking Cookie C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@mediaplex[2].txt C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@atdmt[2].txt C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@doubleclick[1].txt C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@oberon-media[2].txt C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@content.yieldmanager[2].txt C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@gamecenter.oberon-media[2].txt C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@apmebf[2].txt C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@content.yieldmanager[3].txt C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@sevenoneintermedia.112.2o7[1].txt C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@ad.yieldmanager[1].txt C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@2o7[2].txt ia.media-imdb.com [ C:\Users\maxl\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPEGTS2V ] icq.oberon-media.com [ C:\Users\maxl\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPEGTS2V ] |
08.09.2010, 20:06 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMER Auswertung verdacht auf Rootkit Ein Rootkit hab ich da nicht gesehen. Einige überflüssige Einträge haben wir gefixt, das ein oder andere harmlosere Zeug wurde mit Malwarebytes entfernt. Dein GMER Schippsel da zeigt ein paar Dumps der Datei ntkrnlpa.exe an. Warum willst Du das genau wissen? Was die genau bedeuten können wohl nur Programmierspezialisten interpretieren. Rechner wieder ok? Da wurden zum Schluss nur harmlose Cookies gefunden.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu GMER Auswertung verdacht auf Rootkit |
0 bytes, appdata, auswertung, bios, cdrom, code, controlset002, crypt, dwm.exe, gmer, ide, lanmanworkstation, live, localsystemnetworkrestricted, local\temp, locker, log-datei, mail, neu, notification, ntdll.dll, registry, rootkit, scan, secur, server, services, shell32.dll, software, svchost.exe, system, system32, temp, usbport.sys, verdacht, win32, windows live |