| |
| |||||||
Log-Analyse und Auswertung: avira meldet mehrere trojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.08.2010, 11:44
| #16 |
 |  avira meldet mehrere trojaner oops, kleiner fauxpas.. hier also der combofix log: Combofix Logfile: Code:
ATTFilter ComboFix 10-08-12.03 - amueller 13.08.2010 12:22:50.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.49.1031.18.2037.1317 [GMT 2:00]
ausgeführt von:: c:\users\amueller\Desktop\vir\cofi.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {B02B524A-0C22-45DD-A6D1-70C7010CE58E}
FW: Avira FireWall *disabled* {B02B524A-0C22-45DD-A6D1-70C7010CE58E}
SP: AntiVir Desktop *disabled* (Updated) {B02B524A-0C22-45DD-A6D1-70C7010CE58E}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Ijl11.dll
Infizierte Kopie von c:\windows\system32\drivers\smb.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-13 bis 2010-08-13 ))))))))))))))))))))))))))))))
.
2010-08-13 10:34 . 2010-08-13 10:35 -------- d-----w- c:\users\amueller\AppData\Local\temp
2010-08-13 10:34 . 2010-08-13 10:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-12 13:42 . 2010-08-12 13:42 -------- d-----w- c:\program files\CCleaner
2010-08-12 11:47 . 2010-08-12 11:47 -------- d-----w- C:\_OTL
2010-08-04 08:28 . 2010-08-04 08:31 32594 ----a-w- c:\windows\scunin.dat
2010-08-04 08:28 . 2010-08-04 08:31 967 ----a-w- c:\windows\ScUnin.pif
2010-08-04 08:28 . 2010-08-04 08:31 69632 ----a-w- c:\windows\ScUnin.exe
2010-07-21 18:57 . 2010-08-11 00:11 -------- d-----w- c:\users\amueller\AppData\Roaming\17DAFEA4C85B8AAF94F4E89598256240
2010-07-18 16:30 . 2010-07-18 16:30 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-18 16:29 . 2010-07-18 16:23 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-18 16:29 . 2010-07-18 16:23 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-18 16:29 . 2010-07-18 16:29 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-18 16:29 . 2010-07-18 16:29 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-18 16:28 . 2010-07-18 16:28 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-18 16:28 . 2010-07-18 16:28 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-18 16:28 . 2010-07-18 20:06 -------- d-----w- c:\users\amueller\AppData\Roaming\DivX
2010-07-18 16:27 . 2010-07-18 16:27 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-18 16:27 . 2010-07-18 16:27 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-18 16:27 . 2010-07-18 16:27 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-18 16:26 . 2010-07-18 16:26 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-07-18 16:26 . 2010-07-18 16:26 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-18 16:26 . 2010-07-18 16:26 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-18 16:26 . 2010-07-18 16:26 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-18 16:26 . 2010-07-18 16:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-18 16:26 . 2010-07-18 16:26 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-07-18 16:24 . 2010-07-18 16:29 -------- d-----w- c:\program files\DivX
2010-07-18 16:23 . 2010-07-18 16:23 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-18 16:23 . 2010-07-18 16:30 -------- d-----w- c:\programdata\DivX
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 10:26 . 2006-11-02 15:38 710156 ----a-w- c:\windows\system32\perfh007.dat
2010-08-13 10:26 . 2006-11-02 15:38 142126 ----a-w- c:\windows\system32\perfc007.dat
2010-08-12 13:02 . 2008-12-04 12:32 -------- d-----w- c:\program files\Capture-A-ScreenShot
2010-08-12 12:00 . 2009-02-27 17:06 -------- d-----w- c:\users\amueller\AppData\Roaming\Skype
2010-08-12 11:59 . 2009-02-27 17:08 -------- d-----w- c:\users\amueller\AppData\Roaming\skypePM
2010-08-11 00:11 . 2009-03-30 13:42 -------- d-----w- c:\program files\Last.fm
2010-08-10 11:42 . 2009-06-22 17:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 12:20 . 2010-01-14 10:22 -------- d-----w- c:\program files\Starcraft
2010-07-14 10:32 . 2009-02-27 17:06 -------- d-----r- c:\program files\Skype
2010-07-14 10:32 . 2010-07-14 10:32 -------- d-----w- c:\program files\Common Files\Skype
2010-07-14 10:32 . 2009-02-27 17:06 -------- d-----w- c:\programdata\Skype
2010-06-29 10:07 . 2010-06-29 09:54 -------- d-----w- c:\users\amueller\AppData\Roaming\Apple Computer
2010-06-29 09:54 . 2010-06-29 09:51 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-29 09:54 . 2010-06-29 09:51 -------- d-----w- c:\program files\iTunes
2010-06-29 09:52 . 2010-06-29 09:52 -------- d-----w- c:\program files\iPod
2010-06-29 09:52 . 2010-06-29 09:43 -------- d-----w- c:\program files\Common Files\Apple
2010-06-29 09:51 . 2010-06-29 09:49 -------- d-----w- c:\programdata\Apple Computer
2010-06-29 09:50 . 2010-06-29 09:49 -------- d-----w- c:\program files\QuickTime
2010-06-29 09:48 . 2010-06-29 09:48 -------- d-----w- c:\program files\Apple Software Update
2010-06-29 09:44 . 2010-06-29 09:44 -------- d-----w- c:\program files\Bonjour
2010-06-29 09:43 . 2010-06-29 09:43 -------- d-----w- c:\programdata\Apple
2010-06-15 18:01 . 2010-06-15 18:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-05-24 13:16 . 2010-03-31 14:26 1 ----a-w- c:\users\amueller\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-21 12:14 . 2009-10-08 09:04 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lion"="c:\program files\Lion\Lion.exe" [2009-02-09 227429]
"Google Update"="c:\users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-25 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-26 282792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^amueller^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\amueller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-25 12:29 133104 ----atw- c:\users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect.EXE]
2007-11-19 16:18 2711552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:34 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-04-19 337064]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-19 405672]
R3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\DRIVERS\WG511ICB.sys [2005-02-16 352256]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-03-26 102856]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-19 536232]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-03-26 135336]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-06-25 185640]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-03-26 79432]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000Core.job
- c:\users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 12:29]
2010-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000UA.job
- c:\users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 12:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: registration.sonystyle-europe.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 12:35
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-13 12:41:08
ComboFix-quarantined-files.txt 2010-08-13 10:41
Vor Suchlauf: 15 Verzeichnis(se), 23.155.945.472 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 23.132.065.792 Bytes frei
- - End Of File - - 2AD371E3033F9B546747B5EC7729954B
__________________  action is the enemy of thought |
|
13.08.2010, 12:46
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | avira meldet mehrere trojaner Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ |
|
14.08.2010, 12:35
| #18 |
| | avira meldet mehrere trojaner Hi Arne,
__________________gmer ist immer abgestürzt. hier aber der osam log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 http://www.online-solutions.ru/en/ Saved at 13:32:23 on 14.08.2010 OS: Windows Vista Home Basic Edition (Build 6000), 32-bit Default Browser: Google Inc. Google Chrome 0.0.0.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000Core.job" - "Google Inc." - C:\Users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1455154888-4151250377-1015525046-1000UA.job" - "Google Inc." - C:\Users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avfwot" (avfwot) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avfwot.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys "catchme" (catchme) - ? - C:\Users\amueller\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PalmUSBD" (PalmUSBD) - ? - C:\Windows\System32\drivers\PalmUSBD.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - ? - C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - ? - C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {C3538050-FACE-11DE-8A39-0800200C9A66} "{C3538050-FACE-11DE-8A39-0800200C9A66}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {0CCA191D-13A6-4E29-B746-314DEE697D83} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader5.ocx / http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? - (File not found | COM-object registry key not found) / http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\amueller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "GabPath" - ? - C:\Users\amueller\AppData\Roaming\GabPath\gabpath.exe "Google Update" - "Google Inc." - "C:\Users\amueller\AppData\Local\Google\Update\GoogleUpdate.exe" /c "Lion" - ? - "C:\Program Files\Lion\Lion.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HPLJ1020LM" - "Zenographics, Inc." - C:\Windows\system32\ZLhp1020.DLL "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira FireWall" (AntiVirFirewallService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe "Bytemobile Web Configurator" (bmwebcfg) - "Bytemobile, Inc." - C:\Windows\system32\bmwebcfg.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ResultDns Service" (ResultDns Service) - ? - C:\ProgramData\ResultDns\resultdns111.exe (File found, but it contains no detailed information) "SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit http://forum.online-solutions.ru ---------------------------------------- bootkit remover folgt als nächstes...
__________________ |
|
14.08.2010, 12:39
| #19 |
| | avira meldet mehrere trojaner und hier nun der bootkit remover: .\debug.cpp(238) : Debug log started at 14.08.2010 - 11:37:09 .\boot_cleaner.cpp(675) : Bootkit Remover .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab .\boot_cleaner.cpp(677) : www.esagelab.com .\boot_cleaner.cpp(681) : Program version: 1.1.0.0 .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows Vista Home Basic Edition (build 6000), 32-bit .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x82000000 0x00395000 "\SystemRoot\system32\ntoskrnl.exe" .\debug.cpp(256) : 0x82395000 0x00034000 "\SystemRoot\system32\hal.dll" .\debug.cpp(256) : 0x806c6000 0x00008000 "\SystemRoot\system32\kdcom.dll" .\debug.cpp(256) : 0x80666000 0x00060000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll" .\debug.cpp(256) : 0x8065d000 0x00009000 "\SystemRoot\system32\PSHED.dll" .\debug.cpp(256) : 0x80655000 0x00008000 "\SystemRoot\system32\BOOTVID.dll" .\debug.cpp(256) : 0x8061a000 0x0003b000 "\SystemRoot\system32\CLFS.SYS" .\debug.cpp(256) : 0x80539000 0x000e1000 "\SystemRoot\system32\CI.dll" .\debug.cpp(256) : 0x804be000 0x0007b000 "\SystemRoot\system32\drivers\Wdf01000.sys" .\debug.cpp(256) : 0x804b1000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS" .\debug.cpp(256) : 0x8046e000 0x00043000 "\SystemRoot\system32\drivers\acpi.sys" .\debug.cpp(256) : 0x80465000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS" .\debug.cpp(256) : 0x8045d000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys" .\debug.cpp(256) : 0x80438000 0x00025000 "\SystemRoot\system32\drivers\pci.sys" .\debug.cpp(256) : 0x80429000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys" .\debug.cpp(256) : 0x80426000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys" .\debug.cpp(256) : 0x8041c000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0x8040c000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys" .\debug.cpp(256) : 0x80405000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys" .\debug.cpp(256) : 0x87bf2000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS" .\debug.cpp(256) : 0x87bc8000 0x0002a000 "\SystemRoot\system32\DRIVERS\pcmcia.sys" .\debug.cpp(256) : 0x87b7e000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys" .\debug.cpp(256) : 0x87b76000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys" .\debug.cpp(256) : 0x87b58000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS" .\debug.cpp(256) : 0x87b27000 0x00031000 "\SystemRoot\system32\drivers\fltmgr.sys" .\debug.cpp(256) : 0x87b17000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys" .\debug.cpp(256) : 0x87a13000 0x00104000 "\SystemRoot\system32\drivers\ndis.sys" .\debug.cpp(256) : 0x879e8000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys" .\debug.cpp(256) : 0x879af000 0x00039000 "\SystemRoot\system32\drivers\NETIO.SYS" .\debug.cpp(256) : 0x878a7000 0x00108000 "\SystemRoot\System32\Drivers\Ntfs.sys" .\debug.cpp(256) : 0x8783d000 0x0006a000 "\SystemRoot\System32\Drivers\ksecdd.sys" .\debug.cpp(256) : 0x87807000 0x00036000 "\SystemRoot\system32\drivers\volsnap.sys" .\debug.cpp(256) : 0x80400000 0x00005000 "\SystemRoot\system32\DRIVERS\TVALZ_O.SYS" .\debug.cpp(256) : 0x87ff8000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys" .\debug.cpp(256) : 0x87fe9000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys" .\debug.cpp(256) : 0x87fda000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys" .\debug.cpp(256) : 0x87fb5000 0x00025000 "\SystemRoot\System32\drivers\ecache.sys" .\debug.cpp(256) : 0x87fa4000 0x00011000 "\SystemRoot\system32\drivers\disk.sys" .\debug.cpp(256) : 0x87f83000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS" .\debug.cpp(256) : 0x87f7a000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys" .\debug.cpp(256) : 0x88d4d000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys" .\debug.cpp(256) : 0x88cc8000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys" .\debug.cpp(256) : 0x88d3f000 0x0000e000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0x88da0000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0x8b639000 0x00177000 "\SystemRoot\system32\DRIVERS\igdkmd32.sys" .\debug.cpp(256) : 0x8b59c000 0x0009d000 "\SystemRoot\System32\drivers\dxgkrnl.sys" .\debug.cpp(256) : 0x88d32000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys" .\debug.cpp(256) : 0x88d20000 0x00012000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys" .\debug.cpp(256) : 0x8c240000 0x001c0000 "\SystemRoot\system32\DRIVERS\NETw3v32.sys" .\debug.cpp(256) : 0x88de3000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0x8b55f000 0x0003d000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0x8b551000 0x0000e000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0x87ca7000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys" .\debug.cpp(256) : 0x8b543000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS" .\debug.cpp(256) : 0x8b52b000 0x00018000 "\SystemRoot\system32\DRIVERS\sdbus.sys" .\debug.cpp(256) : 0x8b503000 0x00028000 "\SystemRoot\system32\DRIVERS\e100b325.sys" .\debug.cpp(256) : 0x8b4f0000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0x8b4e5000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0x8b4da000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0x8b4c2000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0x88e6e000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys" .\debug.cpp(256) : 0x8b4af000 0x00013000 "\SystemRoot\system32\DRIVERS\avfwim.sys" .\debug.cpp(256) : 0x8b484000 0x0002b000 "\SystemRoot\system32\DRIVERS\msiscsi.sys" .\debug.cpp(256) : 0x8b444000 0x00040000 "\SystemRoot\system32\DRIVERS\storport.sys" .\debug.cpp(256) : 0x8b439000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0x8b422000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0x8b417000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0x8c21d000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0x87dab000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0x8b404000 0x00013000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0x88eae000 0x00007000 "\SystemRoot\system32\DRIVERS\teamviewervpn.sys" .\debug.cpp(256) : 0x8c12d000 0x0000f000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0x88f98000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0x8c0f6000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0x88c06000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0x8c120000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys" .\debug.cpp(256) : 0x8c0c2000 0x00034000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0x87d07000 0x00010000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0x8c083000 0x0003f000 "\SystemRoot\system32\drivers\HdAudio.sys" .\debug.cpp(256) : 0x8c056000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0x8c031000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0x8c705000 0x000fb000 "\SystemRoot\system32\DRIVERS\AGRSM.sys" .\debug.cpp(256) : 0x87800000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0x8c024000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys" .\debug.cpp(256) : 0x88cf5000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0x88ea0000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0x88ea7000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0x8c018000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0x8c6e4000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS" .\debug.cpp(256) : 0x88f88000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0x88f10000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys" .\debug.cpp(256) : 0x8c00d000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0x8c6b6000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0x88cfe000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0x8c5e1000 0x000d5000 "\SystemRoot\System32\drivers\tcpip.sys" .\debug.cpp(256) : 0x8c5c8000 0x00019000 "\SystemRoot\System32\drivers\fwpkclnt.sys" .\debug.cpp(256) : 0x8c573000 0x00015000 "\SystemRoot\system32\DRIVERS\tdx.sys" .\debug.cpp(256) : 0x8b7bf000 0x00005000 "\SystemRoot\System32\Drivers\tcpipBM.SYS" .\debug.cpp(256) : 0x8c55f000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys" .\debug.cpp(256) : 0x8c547000 0x00018000 "\SystemRoot\system32\DRIVERS\avfwot.sys" .\debug.cpp(256) : 0x8c4f0000 0x00047000 "\SystemRoot\system32\drivers\afd.sys" .\debug.cpp(256) : 0x8c4be000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0x88d10000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys" .\debug.cpp(256) : 0x8c4a8000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys" .\debug.cpp(256) : 0x8c49a000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0x8cbed000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0x88e7a000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys" .\debug.cpp(256) : 0x8cbb2000 0x0003b000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0x88c10000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys" .\debug.cpp(256) : 0x8cb9b000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys" .\debug.cpp(256) : 0x8cb79000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys" .\debug.cpp(256) : 0x88fb0000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys" .\debug.cpp(256) : 0x88cec000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys" .\debug.cpp(256) : 0x87c97000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0x87e34000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0x88f18000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys" .\debug.cpp(256) : 0x8cb6c000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys" .\debug.cpp(256) : 0x88cb0000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys" .\debug.cpp(256) : 0x88f20000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys" .\debug.cpp(256) : 0x94600000 0x00200000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0x88c24000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0x8c15a000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys" .\debug.cpp(256) : 0x94400000 0x00009000 "\SystemRoot\System32\TSDDD.dll" .\debug.cpp(256) : 0x94410000 0x0000e000 "\SystemRoot\System32\cdd.dll" .\debug.cpp(256) : 0x938ca000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys" .\debug.cpp(256) : 0x938b5000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys" .\debug.cpp(256) : 0xa70bd000 0x0008e000 "\SystemRoot\system32\drivers\spsys.sys" .\debug.cpp(256) : 0x87c67000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys" .\debug.cpp(256) : 0xa7092000 0x0002b000 "\SystemRoot\system32\DRIVERS\nwifi.sys" .\debug.cpp(256) : 0x88c4c000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0x93886000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys" .\debug.cpp(256) : 0xa81ed000 0x00066000 "\SystemRoot\system32\drivers\HTTP.sys" .\debug.cpp(256) : 0xa81d2000 0x0001b000 "\SystemRoot\System32\DRIVERS\srvnet.sys" .\debug.cpp(256) : 0xa812c000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys" .\debug.cpp(256) : 0xa8118000 0x00014000 "\SystemRoot\System32\drivers\mpsdrv.sys" .\debug.cpp(256) : 0xa80f8000 0x00020000 "\SystemRoot\system32\drivers\mrxdav.sys" .\debug.cpp(256) : 0xa80da000 0x0001e000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0xa80a1000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys" .\debug.cpp(256) : 0xa808f000 0x00012000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys" .\debug.cpp(256) : 0xa802b000 0x00024000 "\SystemRoot\System32\DRIVERS\srv2.sys" .\debug.cpp(256) : 0xa93af000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys" .\debug.cpp(256) : 0x8c46d000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys" .\debug.cpp(256) : 0xa9115000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys" .\debug.cpp(256) : 0x88c60000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS" .\debug.cpp(256) : 0x8c9ca000 0x0000b000 "\SystemRoot\System32\drivers\tcpipreg.sys" .\debug.cpp(256) : 0xaac73000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys" .\debug.cpp(256) : 0x77da0000 0x0011e000 "\Windows\System32\ntdll.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ00#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000004f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000003d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination="\Device\Video0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination="\Device\Ndis" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aabfec85-87d9-11dd-9c81-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_11791205&REV_1000#4&1527b8d3&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination="\Device\Video1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aabfeb9a-87d9-11dd-9c81-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ01#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000050" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E34CD445-D9B5-45AC-8C30-61A9E6C9AE11}" .\debug.cpp(400) : Destination="\Device\NDMP20" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination="\Device\Video2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice" .\debug.cpp(400) : Destination="\Device\WMIAdminDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2" .\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio" .\debug.cpp(400) : Destination="\Device\avgio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination="\Device\Video3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1902#4&2d423663&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000064" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1092&SUBSYS_FF101179&REV_02#4&2d0ca0ef&0&40F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl" .\debug.cpp(400) : Destination="\Device\VolMgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{47D1B54A-BC04-42CB-9E97-704ACE734496}" .\debug.cpp(400) : Destination="\Device\NDMP3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CDDED3AA-98D4-4F7B-99EC-5034F66300EA}" .\debug.cpp(400) : Destination="\Device\NDMP5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10418086&REV_02#4&244df351&0&00E2#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_FF101179&REV_02#3&33fd14ca&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{601A5F35-E01E-4A22-A307-3541312908BA}" .\debug.cpp(400) : Destination="\Device\NDMP19" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B6E989E7-9657-4344-A422-CC75067FC050}" .\debug.cpp(400) : Destination="\Device\NDMP10" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination="\Device\Video4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_11791205&REV_1000#4&1527b8d3&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}" .\debug.cpp(400) : Destination="\Device\0000006b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0" .\debug.cpp(400) : Destination="\Device\Tun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000051" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPLC800#4&13b22520&0&UID67568640#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}" .\debug.cpp(400) : Destination="\Device\00000070" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________PT06____#5&81d9ea1&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination="\Device\CompositeBattery" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_FF101179&REV_02#3&33fd14ca&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\00000052" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&35497427&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice" .\debug.cpp(400) : Destination="\Device\SpDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination="\Device\WMIDataDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2cdb9e15&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth" .\debug.cpp(400) : Destination="\Device\PEAuth" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt" .\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination="\Device\NamedPipe" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3" .\debug.cpp(400) : Destination="\Device\AgereModem5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007#4&1527b8d3&0&0101#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination="\Device\0000006c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C045#6&23b6cd53&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aabfeb9b-87d9-11dd-9c81-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&21b63e49&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice" .\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_FF101179&REV_02#3&33fd14ca&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803A&SUBSYS_FF101179&REV_00#4&2d0ca0ef&0&31F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{23701ABC-4500-4D5A-AC27-E0ACC125DA56}" .\debug.cpp(400) : Destination="\Device\INTELPRO_{23701ABC-4500-4D5A-AC27-E0ACC125DA56}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4CC0185D-FF1D-4B2E-A1C3-B31012CCF325}" .\debug.cpp(400) : Destination="\Device\NDMP13" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_11791205&REV_1000#4&1527b8d3&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched" .\debug.cpp(400) : Destination="\Device\Psched" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_FF101179&REV_03#3&33fd14ca&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2d423663&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000063" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination="\Device\Mup" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_FF101179&REV_03#3&33fd14ca&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvaldx" .\debug.cpp(400) : Destination="\Device\TVALZ" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination="\Device\Tcp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\bmksa" .\debug.cpp(400) : Destination="\Device\bmksa" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination="\Device\USBFDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination="\Device\USBFDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination="\Device\00000070" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000056" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination="\Device\USBFDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination="\DosDevices\LPT1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000007" .\debug.cpp(369) : Device "\GLOBAL??\avfwot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3" .\debug.cpp(400) : Destination="\Device\USBFDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_FF101179&REV_02#3&33fd14ca&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination="\Device\FsWrap" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination="\Device\00000045" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000046" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4" .\debug.cpp(400) : Destination="\Device\USBFDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000003f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&21b63e49&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvalz" .\debug.cpp(400) : Destination="\Device\TVALZ" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B5649BC8-6B8A-4FA9-B2DF-58F23C726571}" .\debug.cpp(400) : Destination="\Device\NDMP4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000010" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination="\GLOBAL??" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature6C0839DFOffset13F9C00000Length707F00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B18377DA-6153-42F0-A42D-856BB73E5158}" .\debug.cpp(400) : Destination="\Device\NDMP2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:" .\debug.cpp(400) : Destination="\clfs" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6CEA81E5-B4A9-4694-AA44-49044D1A07B9}" .\debug.cpp(400) : Destination="\Device\NDMP7" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_11791205&REV_1000#4&1527b8d3&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}" .\debug.cpp(400) : Destination="\Device\0000006b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\bmknet" .\debug.cpp(400) : Destination="\Device\bmknet" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv" .\debug.cpp(400) : Destination="\Device\Secdrv" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aabfeb9c-87d9-11dd-9c81-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6E205AA7-EF5C-4144-8630-9C8056E46BC4}" .\debug.cpp(400) : Destination="\Device\NDMP6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CF541374-D0D7-42CD-A578-5694DE7C38ED}.dgt" .\debug.cpp(400) : Destination="\Device\{CF541374-D0D7-42CD-A578-5694DE7C38ED}.dgt" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3005F4C0-46D3-4479-805E-603BA1726A0C}" .\debug.cpp(400) : Destination="\Device\NDMP11" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000040" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CF541374-D0D7-42CD-A578-5694DE7C38ED}" .\debug.cpp(400) : Destination="\Device\NDMP21" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3F19AC37-09B4-433F-947F-BF3153E5AB0E}" .\debug.cpp(400) : Destination="\Device\NDMP14" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip" .\debug.cpp(400) : Destination="\Device\nativewifip" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&ae4bb63&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-3" .\debug.cpp(369) : Device "\GLOBAL??\avfwim" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination="\Device\MountPointManager" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007#4&1527b8d3&0&0101#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\0000006c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl" .\debug.cpp(400) : Destination="\Device\ssmctl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#2#{629758ee-986e-4d9e-8e47-de27f8ab054d}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination="\Device\WANARP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi" .\debug.cpp(400) : Destination="\Device\Nsi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature6C0839DFOffset5DD00000Length132C2FE000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{850EA409-FC82-49A7-9DEB-BABC66146CA7}" .\debug.cpp(400) : Destination="\Device\NDMP16" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_11791205&REV_1000#4&1527b8d3&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\0000006b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice" .\debug.cpp(400) : Destination="\Device\NXTIPSEC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS541612J9SA00_________________SBDOC7DP#5&30feb803&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#1#{629758ee-986e-4d9e-8e47-de27f8ab054d}" .\debug.cpp(400) : Destination="\Device\00000048" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1092&SUBSYS_FF101179&REV_02#4&2d0ca0ef&0&40F0#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3E76A2B-80F7-41D1-9612-729BC290760B}" .\debug.cpp(400) : Destination="\Device\NDMP12" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination="\Device\NDMP17" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TOSHIBA-Softwaremodem" .\debug.cpp(400) : Destination="\Device\0000006c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2da284df&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev" .\debug.cpp(400) : Destination="\Device\WFP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000054" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC" .\debug.cpp(400) : Destination="\Device\ASYNCMAC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6" .\debug.cpp(400) : Destination="\Device\WANARPV6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_11791205&REV_1000#4&1527b8d3&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0" .\debug.cpp(400) : Destination="\Device\1394BUS0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000040" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10418086&REV_02#4&244df351&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination="\Device\00000071" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C045#5&28503e87&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5AE04455-48DE-43B0-ADC9-D299545C7C81}" .\debug.cpp(400) : Destination="\Device\NDMP22" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1fda2bb4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd" .\debug.cpp(400) : Destination="\Device\AscKmd" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination="\Device\NdisWan" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvald" .\debug.cpp(400) : Destination="\Device\TVALZ" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_FF101179&REV_02#3&33fd14ca&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\0000004d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice" .\debug.cpp(400) : Destination="\Device\MPS" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________PT06____#5&81d9ea1&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination="\Device\VolMgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{77CCBC7E-F273-4F0D-9E76-F169D4A71685}" .\debug.cpp(400) : Destination="\Device\NDMP1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPLC800#4&13b22520&0&UID67568640#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}" .\debug.cpp(400) : Destination="\Device\00000070" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature6C0839DFOffset100000Length5DC00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6" .\debug.cpp(400) : Destination="\Device\NDMP18" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination="\DosDevices\COM1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination="\Device\MailSlot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tvalg" .\debug.cpp(400) : Destination="\Device\TVALZ" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{175723C1-79B4-4B75-886B-7624A3107214}" .\debug.cpp(400) : Destination="\Device\NDMP8" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{23701ABC-4500-4D5A-AC27-E0ACC125DA56}" .\debug.cpp(400) : Destination="\Device\NDMP9" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AGRSM_xface" .\debug.cpp(400) : Destination="\Device\AGRSM_xface" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination="\Device\Null" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:" .\debug.cpp(400) : Destination="\Device\RaidPort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000042" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination="\Device\Ndisuio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination="" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C045#6&23b6cd53&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000041" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle" .\debug.cpp(400) : Destination="\Device\WfpAle" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000000b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000000b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb" .\debug.cpp(400) : Destination="\Device\avipbb" .\debug.cpp(451) : ********************************************** .\boot_cleaner.cpp(1077) : System volume is \\.\C: .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 .\boot_cleaner.cpp(424) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826 .\boot_cleaner.cpp(1151) : .\boot_cleaner.cpp(1152) : Size Device Name MBR Status .\boot_cleaner.cpp(1153) : -------------------------------------------- .\boot_cleaner.cpp(1197) : 111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) .\boot_cleaner.cpp(1203) : .\boot_cleaner.cpp(1242) : Done; dir schonmal ein schönes wochenende! viele grüße aus berlin
__________________ action is the enemy of thought |
|
14.08.2010, 17:27
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojaner Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.08.2010, 09:45
| #21 |
| | avira meldet mehrere trojaner Hi Arne, mbam hat eine menge gefunden :-( darunter auch gabpath. Der ist mir schonmal bei meinem antivir aufgefallen... sasw kommt gleich hinterher. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4432 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 16.08.2010 10:38:16 mbam-log-2010-08-16 (10-38-16).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 130763 Laufzeit: 18 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 3 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 8 Infizierte Speicherprozesse: C:\ProgramData\ResultDns\resultdns111.exe (Adware.ResultDns) -> Unloaded process successfully. C:\Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> Unloaded process successfully. C:\Users\amueller\AppData\Roaming\GabPath\gabpath.exe (Adware.GabPath) -> Unloaded process successfully. Infizierte Speichermodule: C:\Program Files\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gabpath (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDns) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gabpath (Adware.GabPath) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Users\amueller\AppData\Roaming\GabPath (Adware.Agent) -> Quarantined and deleted successfully. C:\ProgramData\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\ResultDns (Adware.ResultDns) -> Delete on reboot. Infizierte Dateien: C:\ProgramData\ResultDns\resultdns111.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Users\amueller\AppData\Roaming\GabPath\gabpath.exe (Adware.GabPath) -> Quarantined and deleted successfully. C:\Users\amueller\AppData\Local\temp\smewcraonx.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\amueller\AppData\Roaming\GabPath\config.cfg (Adware.Agent) -> Quarantined and deleted successfully. C:\Users\amueller\AppData\Roaming\GabPath\GPUninstall.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot. C:\Program Files\ResultDns\uninstall.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
__________________ --> avira meldet mehrere trojaner |
|
16.08.2010, 09:54
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojaner Du solltest doch einen Fullscan machen!  Gleich nochmal amchen, aber vorher Malwarebytes aktualisieren!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2010, 12:53
| #23 |
| | avira meldet mehrere trojaner Hi Arne, ich habe SUPERAntiSpyware jetzt erstmal unterbrochen, der lief schon seit knapp 2 stunden... lasse jetzt Malwarebytes nochmal voll durchlaufen.
__________________ action is the enemy of thought |
|
16.08.2010, 14:37
| #24 |
| | avira meldet mehrere trojaner so, hier der log vom vollständigen suchlauf: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4435 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 16.08.2010 15:35:35 mbam-log-2010-08-16 (15-35-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Durchsuchte Objekte: 204285 Laufzeit: 1 Stunde(n), 19 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\amueller\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9C54R9K9\secureapp70700[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\amueller\AppData\Roaming\17DAFEA4C85B8AAF94F4E89598256240\secureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
__________________ action is the enemy of thought |
|
16.08.2010, 16:47
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojaner Und was macht SUPERAntiSpyware nun? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2010, 17:09
| #26 |
| | avira meldet mehrere trojaner wollte erstmal abwarten, ob es bei dem alten task noch bleibt ;-) Da der scan weit über eine Stunde läuft, werd ich wohl erst heute nacht dazu kommen. Ich poste das ergebnis morgen früh. dir einen schönen abend und viele sonnige grüße aus berlin!
__________________ action is the enemy of thought |
|
16.08.2010, 17:26
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojaner Sonnige Grüße sind nicht schlecht, wir haben hier in HB überwiegen Regenwetter 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2010, 17:38
| #28 |
| | avira meldet mehrere trojaner ach hätte ich doch lieber mal nichts gesagt. auf der einen seite strahlt es auf der anderen seite sehe ich nur noch eine dicke schwarze wand  dann wirds wohl doch nichts mit dem sonnigen feierabend... naja dennoch schöne grüße :-/
__________________ action is the enemy of thought |
|
17.08.2010, 08:50
| #29 |
| | avira meldet mehrere trojaner guten morgen, here we go. das sasw-protokoll: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/16/2010 at 11:59 PM Application Version : 4.41.1000 Core Rules Database Version : 5361 Trace Rules Database Version: 3173 Scan type : Complete Scan Total Scan Time : 02:13:13 Memory items scanned : 634 Memory threats detected : 0 Registry items scanned : 8167 Registry threats detected : 0 File items scanned : 110770 File threats detected : 3 Adware.Tracking Cookie C:\Users\amueller\AppData\Roaming\Microsoft\Windows\Cookies\amueller@doubleclick[1].txt ia.media-imdb.com [ C:\Users\amueller\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GLA2L9SE ] imagesrv.adition.com [ C:\Users\amueller\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GLA2L9SE ]
__________________ action is the enemy of thought |
|
17.08.2010, 09:27
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | avira meldet mehrere trojaner Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu avira meldet mehrere trojaner |
| 5 minuten, antivir, antivir guard, avg, avira, bho, bonjour, desktop, entfernen, excel, explorer, firewall, google, hijack, hijackthis, internet, internet explorer, langsam, nicht gefunden, nicht sicher, pdf, plug-in, programme, software, super, system, trojane, trojaner, viren, vista, windows |
Linear-Darstellung
