Trojan.Win32.Generic!BT nach neuinstallation immer noch auf dem PC

HelpMeSoon · 22.08.2010, 11:39

Hallo brauche dringend einen Rat,

ich habe nach der Neuinstallation von Windows Vista und allen dazu gehörenden Updates immer noch die Malware Trojan.Win32.Generic!BT auf meinem PC. Dieser befindet sich in folgenden Dateien.

c\users\rolf\appdata\local\mi\..\1smnk0dz\helpengarchive(2).exe
c\users\rolf\appdata\local\mi\..\
c\users\rolf\appdata\local\mi\..\5\gugdcln8\lightarchive(1).exe
c\users\rolf\appdata\local\mi\..\l6161ldc\checkerarchive\(1).exe
c\users\rolf\appdata\local\mi\..\

Mit Ad Aware wurde die Malware gefunden und Angezeigt. Alle anderen Programme ( Nortin Internet Security 2010, SUPERAntiSpyware, CCleaner, Malwarebytes ) haben nicht gefunden.

Irgendetwas stimmt aber nicht da ich nun zum 2ten mal folgende Nachricht erhalten haben ( Aufgrund verdächtiger Aktivitäten auf dem Battle.net-Account ******@yahoo.de, musste dieser gesperrt werden.

Da ich kein PC Spezi bin bräuchte ich mal Hilfe wie dieser zu entfernen ist.und welchen schaden diese Malware machen kann. Traue mich gar nicht mehr irgendwo einzuloggen.

Danke euch und hoffe auf schnelle Hilfe

cosinus · 23.08.2010, 14:19

Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

HelpMeSoon · 23.08.2010, 19:02

Hier die OTL logfile

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.08.2010 19:25:46 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135,23 Gb Total Space | 106,73 Gb Free Space | 78,92% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 97,56 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 15,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 918,53 Gb Free Space | 98,61% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: ****-PC
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Spamihilator\spamihilator.exe (Michel Krämer)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\iPlus\iPlusManager.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\AVerMedia\AVer MediaCenter\AVer MediaCenter.exe (AVerMedia TECHNOLOGIES, Inc.)
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - C:\Programme\Marvell\61xx\svc\mvraidsvc.exe ()
PRC - C:\Programme\Marvell\61xx\Apache2\bin\Apache.exe (Apache Software Foundation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
MOD - C:\Programme\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AVerScheduleService) -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (AVerRemote) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Marvell RAID) -- C:\Programme\Marvell\61xx\svc\mvraidsvc.exe ()
SRV - (MRUWebService) -- C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (Apache Software Foundation)
 
 
 
[2010.08.19 21:31:03 | 000,000,000 | ---D | C] -- C:\Programme\ASUS
[2010.08.19 21:30:02 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010.08.19 21:30:02 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010.08.19 21:29:54 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010.08.19 21:29:54 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010.08.19 21:29:54 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010.08.19 21:29:48 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010.08.19 21:29:48 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010.08.19 21:29:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\iPlus
[2010.08.19 21:23:58 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010.08.19 21:23:58 | 000,103,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbfake.sys
[2010.08.19 21:23:58 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010.08.19 21:23:57 | 000,000,000 | ---D | C] -- C:\Programme\iPlus
[2010.08.19 21:13:41 | 000,000,000 | R--D | C] -- C:\Users\****\Searches
[2010.08.19 21:13:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Identities
[2010.08.19 21:13:30 | 000,000,000 | R--D | C] -- C:\Users\****\Contacts
[2010.08.19 21:13:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\VirtualStore
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Vorlagen
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\AppData\Local\Verlauf
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\AppData\Local\Temporary Internet Files
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Startmenü
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\SendTo
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Recent
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Netzwerkumgebung
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Lokale Einstellungen
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Documents\Eigene Videos
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Documents\Eigene Musik
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Eigene Dateien
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Documents\Eigene Bilder
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Druckumgebung
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Cookies
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\AppData\Local\Anwendungsdaten
[2010.08.19 21:13:24 | 000,000,000 | -HSD | C] -- C:\Users\****\Anwendungsdaten
[2010.08.19 21:13:23 | 000,000,000 | --SD | C] -- C:\Users\****\AppData\Roaming\Microsoft
[2010.08.19 21:13:23 | 000,000,000 | R--D | C] -- C:\Users\****\Videos
[2010.08.19 21:13:23 | 000,000,000 | R--D | C] -- C:\Users\****\Saved Games
[2010.08.19 21:13:23 | 000,000,000 | R--D | C] -- C:\Users\****\Pictures
[2010.08.19 21:13:23 | 000,000,000 | R--D | C] -- C:\Users\****\Music
[2010.08.19 21:13:23 | 000,000,000 | R--D | C] -- C:\Users\****\Links
[2010.08.19 21:13:23 | 000,000,000 | R--D | C] -- C:\Users\****\Favorites
[2010.08.19 21:13:23 | 000,000,000 | R--D | C] -- C:\Users\****\Downloads
[2010.08.19 21:13:23 | 000,000,000 | R--D | C] -- C:\Users\****\Documents
[2010.08.19 21:13:23 | 000,000,000 | R--D | C] -- C:\Users\****\Desktop
[2010.08.19 21:13:23 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData
[2010.08.19 21:13:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Temp
[2010.08.19 21:13:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Microsoft
[2010.08.19 21:13:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Media Center Programs
[2010.08.19 21:11:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.08.19 21:11:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.08.19 21:11:06 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.08.19 21:11:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.08.19 21:11:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.08.19 21:11:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.08.19 21:11:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.08.19 21:11:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.08.19 21:11:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.08.19 21:10:25 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010.08.19 21:01:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.08.19 20:55:05 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.23 19:26:55 | 001,048,576 | -HS- | M] () -- C:\Users\****\NTUSER.DAT
[2010.08.23 19:12:27 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.23 19:12:27 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.23 19:06:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2010.08.23 18:47:39 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.23 18:47:39 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.23 18:47:39 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.23 18:47:39 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.23 18:47:39 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.23 18:43:18 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.23 18:43:17 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.23 18:43:05 | 000,000,162 | ---- | M] () -- C:\Windows\System32\61xx.xml
[2010.08.23 18:42:58 | 000,000,009 | ---- | M] () -- C:\Windows\mvraidver.dat
[2010.08.23 18:42:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.23 18:42:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.22 18:33:29 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.22 18:33:29 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.22 18:33:26 | 002,676,436 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db
[2010.08.22 15:06:52 | 000,002,081 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
[2010.08.22 15:06:52 | 000,002,039 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
[2010.08.22 15:06:48 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\AVer MediaCenter.lnk
[2010.08.22 15:04:32 | 001,838,506 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\Cat.DB
[2010.08.22 12:55:04 | 000,000,888 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
[2010.08.22 11:43:46 | 000,339,991 | ---- | M] () -- C:\Users\****\Desktop\RSIT.exe
[2010.08.21 20:14:14 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.21 20:09:01 | 000,006,874 | ---- | M] () -- C:\Users\****\Documents\cc_20100821_200840.reg
[2010.08.21 20:06:27 | 000,000,804 | ---- | M] () -- C:\Users\****\Desktop\CCleaner.lnk
[2010.08.21 19:38:41 | 000,010,506 | ---- | M] () -- C:\Users\****\Documents\Hallo.docx
[2010.08.21 16:48:19 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.08.21 16:39:08 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.08.21 16:18:02 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.08.21 16:15:40 | 000,059,464 | ---- | M] () -- C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.21 16:13:46 | 000,270,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.21 16:11:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.08.21 15:27:16 | 000,001,157 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.08.21 14:14:44 | 001,038,912 | ---- | M] (PC Drivers HeadQuarters                                      ) -- C:\Users\****\Documents\DriverInstaller.exe
[2010.08.21 14:13:27 | 000,361,666 | ---- | M] (RegNow.com) -- C:\Users\****\Documents\Download_DriverDetective-6.3.1.5.exe
[2010.08.21 14:06:21 | 000,015,263 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2010.08.21 14:02:12 | 000,000,991 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MarvellTrayStartup.lnk
[2010.08.21 14:02:08 | 000,000,236 | ---- | M] () -- C:\Windows\zraidtray.ini
[2010.08.21 14:02:07 | 000,000,108 | ---- | M] () -- C:\Windows\za_mv_raid.ev
[2010.08.21 14:01:46 | 000,047,395 | ---- | M] () -- C:\Windows\php.ini
[2010.08.21 13:49:29 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.08.21 13:47:56 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010.08.21 13:21:59 | 000,014,952 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2010.08.20 20:03:13 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010.08.20 19:51:19 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.08.20 19:51:19 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.08.20 19:51:19 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.08.20 19:25:24 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.20 18:47:05 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.08.20 18:33:23 | 000,001,356 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2010.08.19 21:53:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010.08.19 21:51:14 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.19 21:36:00 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.08.19 21:23:58 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\iPlus.lnk
[2010.08.19 21:13:24 | 000,000,020 | -HS- | M] () -- C:\Users\****\ntuser.ini
[2010.08.19 21:03:17 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.08.19 21:02:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.08.12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.08.12 14:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
 
========== Files Created - No Company Name ==========
 
[2010.08.22 15:06:52 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
[2010.08.22 15:06:51 | 000,002,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
[2010.08.22 15:06:47 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\AVer MediaCenter.lnk
[2010.08.22 15:05:49 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll
[2010.08.22 15:05:49 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys
[2010.08.22 15:05:38 | 000,253,952 | R--- | C] () -- C:\Windows\System32\sptlib02.dll
[2010.08.22 15:05:38 | 000,249,856 | R--- | C] () -- C:\Windows\System32\sptlib01.dll
[2010.08.22 15:05:38 | 000,245,760 | R--- | C] () -- C:\Windows\System32\sptlib03.dll
[2010.08.22 12:55:04 | 000,000,888 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
[2010.08.22 11:43:45 | 000,339,991 | ---- | C] () -- C:\Users\****\Desktop\RSIT.exe
[2010.08.21 20:14:14 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.21 20:08:58 | 000,006,874 | ---- | C] () -- C:\Users\****\Documents\cc_20100821_200840.reg
[2010.08.21 20:06:27 | 000,000,804 | ---- | C] () -- C:\Users\****\Desktop\CCleaner.lnk
[2010.08.21 19:38:41 | 000,010,506 | ---- | C] () -- C:\Users\****\Documents\Hallo.docx
[2010.08.21 18:06:14 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.08.21 16:48:18 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.08.21 16:44:41 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2010.08.21 16:18:01 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.08.21 16:11:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.08.21 15:27:16 | 000,001,157 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.08.21 14:02:10 | 000,000,991 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MarvellTrayStartup.lnk
[2010.08.21 14:02:07 | 000,000,108 | ---- | C] () -- C:\Windows\za_mv_raid.ev
[2010.08.21 14:02:06 | 000,000,009 | ---- | C] () -- C:\Windows\mvraidver.dat
[2010.08.21 14:02:03 | 000,000,162 | ---- | C] () -- C:\Windows\System32\61xx.xml
[2010.08.21 13:29:58 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010.08.21 13:29:57 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010.08.21 13:29:51 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010.08.21 13:29:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.21 13:29:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.21 13:29:48 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010.08.21 13:29:47 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010.08.21 13:29:44 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010.08.21 13:29:34 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010.08.21 13:29:32 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010.08.21 13:29:01 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010.08.21 13:28:56 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010.08.21 13:27:49 | 000,015,263 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.08.21 13:21:58 | 000,014,952 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.08.21 13:16:40 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.08.21 13:16:38 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.08.21 12:56:46 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.08.20 20:01:49 | 001,838,506 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\Cat.DB
[2010.08.20 19:58:39 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.cat
[2010.08.20 19:58:39 | 000,007,787 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnetv.cat
[2010.08.20 19:58:39 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.cat
[2010.08.20 19:58:39 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.cat
[2010.08.20 19:58:39 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.cat
[2010.08.20 19:58:39 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symds.cat
[2010.08.20 19:58:39 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\cchpx86.cat
[2010.08.20 19:58:39 | 000,007,368 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet.cat
[2010.08.20 19:58:39 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.inf
[2010.08.20 19:58:39 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symds.inf
[2010.08.20 19:58:39 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\cchpx86.inf
[2010.08.20 19:58:39 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnetv.inf
[2010.08.20 19:58:39 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet.inf
[2010.08.20 19:58:39 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.inf
[2010.08.20 19:58:39 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.inf
[2010.08.20 19:58:39 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.inf
[2010.08.20 19:58:18 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\isolate.ini
[2010.08.20 19:51:20 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.08.20 19:51:20 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.08.20 19:51:14 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010.08.20 19:25:24 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.20 19:12:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.08.20 19:12:02 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010.08.20 19:09:42 | 000,007,181 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2010.08.20 18:47:05 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.08.19 22:07:15 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010.08.19 21:51:14 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.19 21:31:05 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2010.08.19 21:31:05 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010.08.19 21:23:58 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\iPlus.lnk
[2010.08.19 21:13:25 | 000,001,356 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2010.08.19 21:13:24 | 000,000,020 | -HS- | C] () -- C:\Users\****\ntuser.ini
[2010.08.19 21:13:23 | 001,048,576 | -HS- | C] () -- C:\Users\****\NTUSER.DAT
[2010.08.19 21:13:23 | 000,524,288 | -HS- | C] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.08.19 21:13:23 | 000,524,288 | -HS- | C] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.19 21:13:23 | 000,262,144 | -H-- | C] () -- C:\Users\****\ntuser.dat.LOG1
[2010.08.19 21:13:23 | 000,065,536 | -HS- | C] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.19 21:13:23 | 000,000,000 | -H-- | C] () -- C:\Users\****\ntuser.dat.LOG2
[2010.08.19 21:02:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2007.05.23 02:17:30 | 000,047,395 | ---- | C] () -- C:\Windows\php.ini
[2007.04.26 03:21:36 | 000,000,236 | ---- | C] () -- C:\Windows\zraidtray.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.18 13:44:48 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2006.10.11 05:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\Windows\System32\ASUSASV2.DLL
< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.08.2010 19:25:46 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135,23 Gb Total Space | 106,73 Gb Free Space | 78,92% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 97,56 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 15,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 918,53 Gb Free Space | 98,61% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: ****-PC
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{239DF42C-3248-4E19-9EED-7C4F8582CAC2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{32044D83-3BF8-466E-916D-30D4A183EDE4}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 
"{3926014D-9AE2-4280-A7C2-12FFD4690A59}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5B3E1EF7-DA0B-4080-B8AC-F1419B928D42}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 
"{A83FBF19-E0D7-4D04-AC47-5690FC4D51B4}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 
"{D06C4DA6-7340-4E20-A772-2505281A104E}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 
"{D55B5565-A8E1-4C54-B950-48952A7348C9}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{D8B26611-439B-40D4-8018-EB01612228BF}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 
"{E0637D59-99C9-4162-B8DF-17323C089D70}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 
"{E61BCFBB-73A9-4075-951F-9BFFCD5622CD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{4FFAC1FF-FF61-48D8-AC8C-532CD952A9E2}C:\users\****\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\****\program files\dna\btdna.exe | 
"UDP Query User{490A923E-23D1-40F3-9A1C-A0F7380BEB7A}C:\users\****\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\****\program files\dna\btdna.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ED5D0B7-A193-413F-815A-530BE36B38F7}" = Spamihilator 0.9.9.53 (32-Bit)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVerMedia A706 PCI Hybrid DVB-S" = AVerMedia A706 PCI Hybrid DVB-S 3.6.0.2
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.2
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins
"CCleaner" = CCleaner
"Foxit Reader" = Foxit Reader
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"iPlus manager_is1" = iPlus manager 2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mv61xxDriver" = marvell 61xx
"mv61xxMRU" = Marvell MRU
"NIS" = Norton Internet Security
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Winload Toolbar" = Winload Toolbar
"xvid" = XviD MPEG-4 Video Codec
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.08.2010 13:06:57 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.08.2010 13:32:28 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung HijackThis-Setup.exe, Version 0.0.0.0, Zeitstempel
 0x4c6e7045, fehlerhaftes Modul HijackThis-Setup.exe, Version 0.0.0.0, Zeitstempel
 0x4c6e7045, Ausnahmecode 0xc0000005, Fehleroffset 0x000f36f2,  Prozess-ID 0x7f0, 
Anwendungsstartzeit 01cb4156af74d326.
 
Error - 21.08.2010 13:40:58 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.08.2010 05:26:03 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.08.2010 08:52:50 | Computer Name = ****-PC | Source = VSS | ID = 8194
Description = 
 
Error - 22.08.2010 09:04:03 | Computer Name = ****-PC | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 22.08.2010 09:04:18 | Computer Name = ****-PC | Source = VSS | ID = 8194
Description = 
 
Error - 22.08.2010 10:05:15 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AVer MediaCenter.exe, Version 1.7.3.10, Zeitstempel
 0x48a8ea7f, fehlerhaftes Modul A16AGraph.dll, Version 3.2.1.5, Zeitstempel 0x48994fd3,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000cabad,  Prozess-ID 0x17a4, Anwendungsstartzeit
 01cb41fd46ce038e.
 
Error - 22.08.2010 11:56:43 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.08.2010 12:43:12 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.08.2010 05:40:50 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.08.2010 05:41:27 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 22.08.2010 05:41:27 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.08.2010 05:41:50 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 22.08.2010 05:41:50 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.08.2010 09:04:03 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 22.08.2010 09:06:03 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 22.08.2010 09:06:57 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 22.08.2010 09:07:01 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 22.08.2010 11:35:45 | Computer Name = ****-PC | Source = VDS Dynamic Provider | ID = 16908298
Description = 
 
 
< End of report >

--- --- ---

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

23.08.2010 20:11:12
mbam-log-2010-08-23 (20-11-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Durchsuchte Objekte: 223471
Laufzeit: 48 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 23.08.2010, 19:30

Zitat:

Datenbank Version: 4052

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

HelpMeSoon · 24.08.2010, 18:54

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4470

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

24.08.2010 19:50:08
mbam-log-2010-08-24 (19-50-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Durchsuchte Objekte: 237735
Laufzeit: 49 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

HelpMeSoon · 24.08.2010, 18:55

So jetzt sollte es Stimmen.

Gruß
Rolli

cosinus · 24.08.2010, 19:12

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

HelpMeSoon · 25.08.2010, 18:59

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-08-24.0C - **** 25.08.2010  19:16:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1814 [GMT 2:00]
ausgeführt von:: c:\users\****\Desktop\coli.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Autorun.inf

Infizierte Kopie von c:\windows\system32\wininit.exe wurde gefunden und desinfiziert 
Kopie von - c:\coli\HarddiskVolumeShadowCopy9_!Windows!System32!wininit.exe wurde wiederhergestellt 

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-25 bis 2010-08-25  ))))))))))))))))))))))))))))))
.

2010-08-25 17:21 . 2010-08-25 17:33	--------	d-----w-	c:\users\****\AppData\Local\temp
2010-08-25 17:21 . 2010-08-25 17:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-22 13:14 . 2010-08-24 18:40	--------	d-----w-	c:\users\****\AppData\Local\AVer MediaCenter
2010-08-22 13:08 . 2010-08-22 13:08	--------	d-----w-	c:\programdata\AVer MediaCenter
2010-08-22 13:07 . 2010-08-22 13:07	--------	d-----w-	c:\users\****\AppData\Local\AVerMedia
2010-08-22 13:05 . 2008-08-18 03:13	90112	------r-	c:\windows\system32\CardID.dll
2010-08-22 13:05 . 2007-02-08 13:09	49152	------r-	c:\windows\system32\AVerIO.dll
2010-08-22 13:05 . 2005-04-28 19:08	3456	------r-	c:\windows\system32\AVerIO.sys
2010-08-22 13:05 . 2008-07-03 18:28	249856	------r-	c:\windows\system32\sptlib01.dll
2010-08-22 13:05 . 2008-07-02 13:37	245760	------r-	c:\windows\system32\sptlib03.dll
2010-08-22 13:05 . 2007-03-16 09:27	253952	------r-	c:\windows\system32\sptlib02.dll
2010-08-22 13:05 . 2010-08-22 13:05	--------	d-----w-	c:\program files\Common Files\AVerMedia
2010-08-22 10:55 . 2010-08-22 10:55	--------	d-----w-	c:\programdata\Spamihilator
2010-08-22 10:53 . 2010-08-25 17:33	--------	d-----w-	c:\users\****\AppData\Roaming\Spamihilator
2010-08-22 10:52 . 2010-08-22 10:52	--------	d-----w-	c:\program files\Spamihilator
2010-08-22 09:45 . 2010-08-22 12:21	--------	d-----w-	c:\program files\trend micro
2010-08-22 09:45 . 2010-08-22 09:45	--------	d-----w-	C:\rsit
2010-08-22 09:35 . 2010-08-22 09:35	--------	d-----w-	c:\users\****\AppData\Local\Sunbelt Software
2010-08-22 09:26 . 2010-08-22 09:26	--------	d-----w-	c:\users\****\AppData\Roaming\Malwarebytes
2010-08-21 18:14 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 18:14 . 2010-08-21 18:14	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-21 18:14 . 2010-08-21 18:14	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-21 18:14 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-21 18:06 . 2010-08-21 18:06	--------	d-----w-	c:\users\****\AppData\Roaming\Yahoo!
2010-08-21 18:06 . 2010-08-21 18:10	--------	d-----w-	c:\program files\Yahoo!
2010-08-21 18:06 . 2010-08-21 18:06	--------	d-----w-	c:\program files\CCleaner
2010-08-21 17:32 . 2010-08-22 14:05	--------	d-----w-	c:\users\****\AppData\Local\CrashDumps
2010-08-21 17:31 . 2010-08-21 17:31	--------	d-----w-	c:\program files\Conduit
2010-08-21 17:31 . 2010-08-21 17:31	--------	d-----w-	c:\program files\Winload
2010-08-21 16:37 . 2010-08-21 16:37	--------	d-----w-	c:\users\****\AppData\Local\AskToolbar
2010-08-21 16:06 . 2010-08-12 12:15	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-08-21 14:48 . 2010-08-22 15:05	--------	d-----w-	c:\users\****\AppData\Local\Adobe
2010-08-21 14:48 . 2010-08-21 14:48	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-21 14:44 . 2010-08-22 13:07	--------	d-----w-	c:\windows\Driver Cache
2010-08-21 14:44 . 2008-08-18 03:16	1163520	----a-w-	c:\windows\system32\drivers\AVerA706.sys
2010-08-21 14:44 . 2007-04-02 05:44	19584	----a-w-	c:\windows\system32\drivers\AVerEth.sys
2010-08-21 14:44 . 2006-08-08 16:12	81920	----a-w-	c:\windows\system32\TVRate.dll
2010-08-21 14:44 . 2006-08-03 22:24	3072	----a-w-	c:\windows\system32\34CoInstaller.dll
2010-08-21 14:42 . 2010-08-22 13:07	--------	d-----w-	c:\program files\AVerMedia
2010-08-21 14:39 . 2010-08-21 14:39	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-08-21 14:18 . 2010-08-21 14:18	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-08-21 14:18 . 2010-08-12 12:15	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-08-21 14:18 . 2010-08-21 14:18	--------	dc-h--w-	c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-21 14:18 . 2010-08-12 12:16	2979848	-c--a-w-	c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-21 14:17 . 2010-08-21 14:18	--------	d-----w-	c:\programdata\Lavasoft
2010-08-21 14:17 . 2010-08-21 14:17	--------	d-----w-	c:\program files\Lavasoft
2010-08-21 14:11 . 2010-08-21 14:11	--------	d-----w-	c:\program files\Windows Portable Devices
2010-08-21 14:08 . 2009-10-01 01:02	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2010-08-21 14:08 . 2009-10-01 01:02	31232	----a-w-	c:\windows\system32\BthMtpContextHandler.dll
2010-08-21 14:08 . 2009-10-01 01:01	81920	----a-w-	c:\windows\system32\wpdbusenum.dll
2010-08-21 14:08 . 2009-10-01 01:01	60928	----a-w-	c:\windows\system32\PortableDeviceConnectApi.dll
2010-08-21 14:08 . 2009-10-01 01:02	2537472	----a-w-	c:\windows\system32\wpdshext.dll
2010-08-21 14:08 . 2009-10-01 01:02	334848	----a-w-	c:\windows\system32\PortableDeviceApi.dll
2010-08-21 14:08 . 2009-10-01 01:02	87552	----a-w-	c:\windows\system32\WPDShServiceObj.dll
2010-08-21 14:08 . 2009-10-01 01:01	546816	----a-w-	c:\windows\system32\wpd_ci.dll
2010-08-21 14:08 . 2009-10-01 01:01	160256	----a-w-	c:\windows\system32\PortableDeviceTypes.dll
2010-08-21 14:08 . 2009-10-01 01:01	350208	----a-w-	c:\windows\system32\WPDSp.dll
2010-08-21 14:08 . 2009-10-01 01:01	196608	----a-w-	c:\windows\system32\PortableDeviceWMDRM.dll
2010-08-21 14:08 . 2009-10-01 01:01	100864	----a-w-	c:\windows\system32\PortableDeviceClassExtension.dll
2010-08-21 14:07 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2010-08-21 14:07 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2010-08-21 14:07 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2010-08-21 14:05 . 2010-08-21 14:05	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2010-08-21 13:22 . 2008-11-10 09:41	32656	----a-w-	c:\windows\system32\msonpmon.dll
2010-08-21 13:22 . 2006-10-26 17:56	33104	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-08-21 13:22 . 2010-08-21 14:05	--------	d-----w-	c:\program files\Microsoft Works
2010-08-21 13:21 . 2010-08-21 13:21	--------	d-----w-	c:\windows\PCHEALTH
2010-08-21 13:20 . 2010-08-21 13:20	--------	d-----w-	c:\users\****\AppData\Local\Microsoft Help
2010-08-21 13:20 . 2010-08-22 09:41	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-21 13:05 . 2010-08-21 13:05	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-08-21 13:01 . 2010-08-21 13:21	--------	d-----w-	c:\program files\Microsoft.NET
2010-08-21 12:48 . 2010-08-21 12:49	--------	d-----w-	c:\windows\system32\ca-ES
2010-08-21 12:48 . 2010-08-21 12:48	--------	d-----w-	c:\windows\system32\eu-ES
2010-08-21 12:48 . 2010-08-21 12:48	--------	d-----w-	c:\windows\system32\vi-VN
2010-08-21 12:31 . 2010-08-21 12:31	--------	d-----w-	c:\windows\system32\EventProviders
2010-08-21 12:12 . 2009-11-08 08:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-08-21 12:12 . 2009-11-08 08:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-08-21 12:12 . 2009-11-08 08:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-08-21 12:12 . 2009-11-08 08:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-08-21 12:12 . 2009-11-08 08:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-08-21 12:02 . 2010-08-25 17:31	9	----a-w-	c:\windows\mvraidver.dat
2010-08-21 11:54 . 2010-08-21 11:54	--------	d-----w-	c:\program files\Marvell
2010-08-21 11:50 . 2010-08-21 12:46	--------	d-----w-	c:\windows\system32\RTCOM
2010-08-21 11:49 . 2010-08-21 11:49	319456	----a-w-	c:\windows\DIFxAPI.dll
2010-08-21 11:49 . 2007-03-16 15:06	1822720	----a-w-	c:\windows\SkyTel.exe
2010-08-21 11:49 . 2006-12-13 10:30	339968	----a-w-	c:\windows\system32\SRSTSXT.dll
2010-08-21 11:49 . 2006-11-29 18:47	135168	----a-w-	c:\windows\system32\SRSWOW.dll
2010-08-21 11:49 . 2007-01-16 10:39	1191936	----a-w-	c:\windows\RtlUpd.exe
2010-08-21 11:49 . 2007-03-14 17:10	495104	----a-w-	c:\windows\system32\RtkPgExt.dll
2010-08-21 11:49 . 2007-03-22 14:30	18432	----a-w-	c:\windows\system32\RtkCoInst.dll
2010-08-21 11:49 . 2007-03-23 15:34	266240	----a-w-	c:\windows\system32\RtkApoApi.dll
2010-08-21 11:49 . 2007-03-21 18:58	1844224	----a-w-	c:\windows\system32\RtkAPO.dll
2010-08-21 11:49 . 2007-03-23 19:04	4423680	----a-w-	c:\windows\RtHDVCpl.exe
2010-08-21 11:49 . 2007-03-26 19:18	1761696	----a-w-	c:\windows\system32\drivers\RTKVHDA.sys
2010-08-21 11:48 . 2010-08-21 11:48	--------	d-----w-	c:\program files\Realtek
2010-08-21 11:47 . 2010-08-21 11:47	315392	----a-w-	c:\windows\HideWin.exe
2010-08-21 11:47 . 2007-01-12 16:54	520192	------r-	c:\windows\RtlExUpd.dll
2010-08-21 11:34 . 2010-08-21 11:34	--------	d-----w-	c:\windows\ASUSInstAll
2010-08-21 11:29 . 2009-04-11 06:33	986600	----a-w-	c:\windows\system32\winload.exe
2010-08-21 11:28 . 2009-04-11 05:42	93696	----a-w-	c:\windows\system32\drivers\bridge.sys
2010-08-21 11:17 . 2009-08-24 11:36	377344	----a-w-	c:\windows\system32\winhttp.dll
2010-08-21 11:17 . 2010-03-05 14:01	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-08-21 11:14 . 2010-08-21 11:15	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-08-21 10:57 . 2010-08-21 10:57	--------	d-----w-	c:\users\****\AppData\Local\WindowsUpdate
2010-08-21 10:55 . 2009-03-08 11:33	18944	----a-w-	c:\windows\system32\corpol.dll
2010-08-20 18:24 . 2010-08-20 18:24	--------	d-----w-	C:\VideoSec
2010-08-20 17:51 . 2010-08-20 17:51	124976	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-20 17:51 . 2010-08-20 17:53	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-08-20 17:51 . 2010-08-20 17:51	--------	d-----w-	c:\program files\Symantec
2010-08-20 17:50 . 2010-08-20 18:03	--------	d-----w-	c:\windows\system32\drivers\NIS
2010-08-20 17:50 . 2010-08-20 17:50	--------	d-----w-	c:\program files\Norton Internet Security
2010-08-20 17:46 . 2010-08-20 17:50	--------	d-----w-	c:\programdata\Norton
2010-08-20 17:40 . 2010-08-20 18:02	--------	d-----w-	c:\program files\NortonInstaller
2010-08-20 17:40 . 2010-08-20 17:40	--------	d-----w-	c:\programdata\NortonInstaller
2010-08-20 17:25 . 2010-08-20 17:25	--------	d-----w-	c:\users\****\AppData\Local\Opera
2010-08-20 17:25 . 2010-08-20 17:25	--------	d-----w-	c:\program files\Opera
2010-08-20 17:18 . 2010-08-21 11:16	--------	d-----w-	c:\programdata\NVIDIA
2010-08-20 17:12 . 2008-05-27 04:59	18904	----a-w-	c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-08-20 17:10 . 2010-08-21 14:48	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-20 17:10 . 2010-08-20 17:10	--------	d-----w-	c:\program files\My Company Name
2010-08-20 17:09 . 2007-12-11 09:06	753664	----a-w-	c:\windows\system32\nvcplui.exe
2010-08-20 17:09 . 2007-12-11 09:06	307200	----a-w-	c:\windows\system32\nvexpbar.dll
2010-08-20 17:09 . 2010-04-03 20:55	600680	----a-w-	c:\windows\system32\nvudisp.exe
2010-08-20 17:09 . 2010-04-03 20:55	600680	----a-w-	c:\windows\system32\NVUNINST.EXE
2010-08-20 17:02 . 2010-02-12 10:48	293376	----a-w-	c:\windows\system32\browserchoice.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 17:32 . 2010-08-21 11:16	34805	----a-w-	c:\programdata\nvModes.dat
2010-08-25 17:07 . 2008-01-21 07:15	628504	----a-w-	c:\windows\system32\perfh007.dat
2010-08-25 17:07 . 2008-01-21 07:15	126248	----a-w-	c:\windows\system32\perfc007.dat
2010-08-21 14:15 . 2010-08-19 19:13	59464	----a-w-	c:\users\****\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-21 14:11 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-08-21 14:11 . 2010-08-21 14:11	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-21 12:49 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2010-08-21 12:49 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-21 12:49 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2010-08-21 12:49 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2010-08-21 12:49 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2010-08-21 12:49 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2010-08-21 12:49 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2010-08-21 11:28 . 2010-08-21 11:28	--------	d-----w-	c:\program files\Intel
2010-08-20 17:51 . 2010-08-20 17:51	805	----a-w-	c:\windows\system32\drivers\SYMEVENT.INF
2010-08-20 17:51 . 2010-08-20 17:51	7443	----a-w-	c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-20 17:09 . 2010-08-20 17:08	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-08-20 16:33 . 2010-08-19 19:13	1356	----a-w-	c:\users\Rolf\AppData\Local\d3d9caps.dat
2010-08-19 19:11 . 2010-08-19 19:11	--------	d-sh--we	c:\programdata\Vorlagen
2010-08-19 19:11 . 2010-08-19 19:11	--------	d-sh--we	c:\programdata\Startmenü
2010-08-19 19:11 . 2010-08-19 19:11	--------	d-sh--we	c:\programdata\Favoriten
2010-08-19 19:11 . 2010-08-19 19:11	--------	d-sh--we	c:\programdata\Dokumente
2010-08-19 19:11 . 2010-08-19 19:11	--------	d-sh--we	c:\programdata\Anwendungsdaten
2010-08-19 19:11 . 2010-08-19 19:11	--------	d-sh--we	c:\program files\Gemeinsame Dateien
2010-08-19 19:02 . 2010-08-19 19:02	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-06-26 06:05 . 2010-08-21 10:56	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-21 10:56	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-21 10:56	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-21 10:56	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-18 15:04 . 2010-08-19 20:05	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-19 20:05	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-19 20:05	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:15 . 2010-08-19 20:05	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-05-27 20:08 . 2010-08-19 20:07	81920	----a-w-	c:\windows\system32\iccvid.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45	2355224	----a-w-	c:\program files\Winload\tbWinl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50	1197448	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2009-12-21 446464]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MarvellTrayStartup.lnk - c:\program files\Marvell\61xx\tray\RaidTray.bat [2010-8-21 143]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2010-8-22 1512448]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-8-22 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-8-22 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9c,6e,d4,15,30,41,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1355416]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-08-24 103040]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2007-06-15 143256]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [2010-08-09 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100823.002\IDSvix86.sys [2010-06-17 344112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-06-05 352256]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-07-14 409600]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [2007-06-12 61440]
S2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [2007-05-23 20539]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
S3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706.sys [2008-08-18 1163520]
S3 AVerEth;AVerMedia Ethernet Adapter for MPE Service;c:\windows\system32\DRIVERS\AVerEth.sys [2007-04-02 19584]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-20 102448]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-11-10 112128]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-08-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-25 19:33
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-25  19:36:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-25 17:36

Vor Suchlauf: 9 Verzeichnis(se), 111.219.937.280 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 110.126.682.112 Bytes frei

- - End Of File - - F2C14F9D00D769F3C153DF2F9DBF5B92

--- --- ---

HelpMeSoon · 25.08.2010, 19:04

Hallo,

wie bereits gesagt habe ich keine große Ahnung von PC`s daher die Frage was
dort infiziert war und vor allem mit was??

Danke für die Antwort und Hilfe

Infizierte Kopie von c:\windows\system32\wininit.exe wurde gefunden und desinfiziert
Kopie von - c:\coli\HarddiskVolumeShadowCopy9_!Windows!System32!wininit.exe wurde wiederhergestellt

cosinus · 25.08.2010, 19:57

D.h. dass ein Schädling eine essentielle Systemdatei durch eine mit bösartigem Code ersetzt hat. Wenn Du diese Datei gelöscht hättest, wäre Dein System wahrscheinlich schrott. CF hat aber die Manipulation erkannt und ein sauberes Original zurückgeschrieben.

Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

HelpMeSoon · 26.08.2010, 18:12

Report of OSAM: Autorun Manager v1.0.0.6759
hxxp://www.autorun-manager.com
Saved at 19:05:35 on 26.08.2010
OS: Home Edition Service Pack 2 (Build 6002)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18943

Scanner Settings
Rootkits detection (twice-scan)
Retrieve files information
Check Microsoft signatures

Filters
Trusted records
Empty records
Hidden registry records (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active records
Disabled records
Risk level Name Publisher Full Path Status
Boot Execute
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
"BootExecute" C:\Windows\system32\lsdelete.exe File found, but can't get any details
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
"ASUS Kernel Mode Enhanced Driver" (atkdisplf) C:\Windows\System32\drivers\ATKDispLowFilter.sys File not found
"ASUS Virtual Video Capture Device Driver" (asusgsb) C:\Windows\System32\drivers\asusgsb.sys File not found
"AsIO" (AsIO) C:\Windows\System32\drivers\AsIO.sys File found, but can't get any details
"BHDrvx86" (BHDrvx86) "Symantec Corporation" C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx86.sys File exists
"EIO Driver" (EIO) C:\Windows\System32\DRIVERS\EIO.sys File not found
"EraserUtilRebootDrv" (EraserUtilRebootDrv) "Symantec Corporation" C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File exists
"IDSVix86" (IDSVix86) "Symantec Corporation" C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100825.001\IDSvix86.sys File exists
"IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found
"IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
"IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
"Lavasoft helper driver" (Lavasoft Kernexplorer) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File found, but can't get any details
"NAVENG" (NAVENG) "Symantec Corporation" C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100826.002\NAVENG.SYS File exists
"NAVEX15" (NAVEX15) "Symantec Corporation" C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100826.002\NAVEX15.SYS File exists
"SASDIFSV" (SASDIFSV) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File exists
"SASKUTIL" (SASKUTIL) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS File exists
"SymEvent" (SymEvent) "Symantec Corporation" C:\Windows\system32\Drivers\SYMEVENT.SYS File exists
"Symantec Data Store" (SymDS) "Symantec Corporation" C:\Windows\System32\drivers\NIS\1107000.00C\SYMDS.SYS File exists
"Symantec Eraser Control driver" (eeCtrl) "Symantec Corporation" C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys File exists
"Symantec Extended File Attributes" (SymEFA) "Symantec Corporation" C:\Windows\System32\drivers\NIS\1107000.00C\SYMEFA.SYS File exists
"Symantec Hash Provider" (ccHP) "Symantec Corporation" C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys File exists
"Symantec Iron Driver" (SymIRON) "Symantec Corporation" C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS File exists
"Symantec Real Time Storage Protection" (SRTSP) "Symantec Corporation" C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS File exists
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) "Symantec Corporation" C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS File exists
"Symantec Vista Network Dispatch Driver" (SYMTDIv) "Symantec Corporation" C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS File exists
"catchme" (catchme) C:\coli\catchme.sys File not found
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" COM-object registry key not found
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" COM-object registry key not found
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" COM-object registry key not found
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" "NVIDIA Corporation" C:\Windows\system32\nvcpl.dll File exists
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" COM-object registry key not found
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" COM-object registry key not found
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL File exists
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" "NVIDIA Corporation" C:\Windows\system32\nvshext.dll File exists
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" "NVIDIA Corporation" C:\Windows\system32\nvcpl.dll File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" COM-object registry key not found
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" COM-object registry key not found
{00020d75-0000-0000-c000-000000000046} "lnkfile" COM-object registry key not found
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
"Foxit Toolbar" "Ask.com" C:\Program Files\Ask.com\GenericAskToolbar.dll File exists
ITBar7Height "ITBar7Height" COM-object registry key not found
"ITBar7Layout" COM-object registry key not found
"Norton Toolbar" "Symantec Corporation" C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll File exists
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner"
hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab "Symantec Corporation" C:\Windows\Downloaded Program Files\avsniff.dll File exists
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class"
hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab "Symantec Corporation" C:\Windows\Downloaded Program Files\rufsi.dll File exists
{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} "SysInfo Class"
hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab "Husdawg, LLC" C:\Program Files\SystemRequirementsLab\srldetect_intel_4.1.66.0.dll File exists
{0D41B8C5-2599-4893-8183-00195EC8D5F9} "asusTek_sysctrl Class"
hxxp://support.asus.de/common/asusTek_sys_ctrl.cab C:\Windows\DOWNLO~1\ASUSTE~1.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File exists
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"Foxit Toolbar" "Ask.com" C:\Program Files\Ask.com\GenericAskToolbar.dll File exists
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" "Symantec Corporation" C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll File exists
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File exists
{D4027C7F-154A-4066-A1AD-4243D8127440} "Foxit Toolbar" "Ask.com" C:\Program Files\Ask.com\GenericAskToolbar.dll File exists
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" "Symantec Corporation" C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL File exists
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" "Symantec Corporation" C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll File exists
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" "Conduit Ltd." C:\Program Files\Winload\tbWinl.dll File exists
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" COM-object registry key not found
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
"Bildschirmausschnitt- (Windows-Taste+S) und Startprogramm (Windowstaste+N) für Microsoft Office OneNote." "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE Shortcut exists | File exists
"MRU Tray" C:\Program Files\Marvell\61xx\tray\RaidTray.bat Shortcut exists | File exists
"Spamihilator.lnk" "Michel Krämer" C:\Program Files\Spamihilator\spamihilator.exe Shortcut exists | File exists
"desktop.ini" C:\Users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
"AVer HID Receiver.lnk" C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe Shortcut exists | File exists
"AVerQuick.lnk" "AVerMedia TECHNOLOGIES, Inc." C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe Shortcut exists | File exists
"desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"SUPERAntiSpyware" "SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File exists
"iPlusManager" C:\Program Files\iPlus\iPlusChecker.exe File found, but can't get any details
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
"Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File exists
"AVerRemote" (AVerRemote) "AVerMedia" C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe File exists
"AVerScheduleService" (AVerScheduleService) C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe File exists
"InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File exists
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) "Lavasoft" C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File exists
"MRU Web Service" (MRUWebService) "Apache Software Foundation" C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe File exists
"Marvell RAID Event Agent" (Marvell RAID) C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe File exists
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists
"Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
"NVIDIA Display Driver Service" (nvsvc) "NVIDIA Corporation" C:\Windows\system32\nvvsvc.exe File exists
"Norton Internet Security" (NIS) "Symantec Corporation" C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe File exists
"Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists

HelpMeSoon · 26.08.2010, 18:23

.\debug.cpp(238) : Debug log started at 26.08.2010 - 17:19:05
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x81c43000 0x003b9000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x81c10000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x80402000 0x00007000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x80409000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x80479000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8048a000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x80492000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x804d3000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8060a000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x80686000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x80693000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x806d9000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x806e2000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x806ea000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x80711000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x80720000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x8072f000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x80779000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0x80780000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8078e000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8079e000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x807a6000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x807c4000 0x00034000 "\SystemRoot\system32\DRIVERS\mv61xx.sys"
.\debug.cpp(256) : 0x805b3000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0x82208000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8223a000 0x00056000 "\SystemRoot\system32\drivers\NIS\1107000.00C\SYMDS.SYS"
.\debug.cpp(256) : 0x82290000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x822a0000 0x0000f000 "\SystemRoot\system32\DRIVERS\Lbd.sys"
.\debug.cpp(256) : 0x822af000 0x0002d000 "\SystemRoot\system32\drivers\NIS\1107000.00C\SYMEFA.SYS"
.\debug.cpp(256) : 0x822dc000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x82808000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x82913000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x8293e000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x82a0c000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x82af6000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8a405000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8a515000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8a54e000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8a556000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8a565000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x8a58c000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x8a59d000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8a5be000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x8a5e7000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x8a5f2000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x82b11000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x8f80a000 0x00b08000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
.\debug.cpp(256) : 0x90312000 0x00002000 "\SystemRoot\system32\DRIVERS\nvBridge.kmd"
.\debug.cpp(256) : 0x90314000 0x000a1000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x903b5000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x903c1000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x82b20000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x903cc000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x82b5e000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x903db000 0x0000f000 "\SystemRoot\system32\DRIVERS\l160x86.sys"
.\debug.cpp(256) : 0x8f207000 0x0011d000 "\SystemRoot\system32\DRIVERS\AVerA706.sys"
.\debug.cpp(256) : 0x8f324000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x8f34e000 0x00003000 "\SystemRoot\system32\DRIVERS\BdaSup.SYS"
.\debug.cpp(256) : 0x8f351000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0x8f35c000 0x00008000 "\SystemRoot\system32\DRIVERS\ASACPI.sys"
.\debug.cpp(256) : 0x8f364000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x8f37e000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x8f39b000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8f3a6000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8f3b1000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8f3c9000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x82979000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x903ea000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8f3f8000 0x00005000 "\SystemRoot\system32\DRIVERS\AsusVRC.sys"
.\debug.cpp(256) : 0x829ba000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x903f5000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x829d1000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x82beb000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x8234d000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x82361000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x82376000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8f3fd000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8f800000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x82386000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x82393000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x8f200000 0x00005000 "\SystemRoot\system32\DRIVERS\AVerEth.sys"
.\debug.cpp(256) : 0x82a00000 0x0000a000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0x9040b000 0x001ad000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
.\debug.cpp(256) : 0x905b8000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x823c8000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x905e5000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x905f6000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x90400000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x829f4000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x82800000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8f388000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x805d9000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x823f6000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x82200000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x90608000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x90613000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x90621000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x9062a000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x90640000 0x00059000 "\SystemRoot\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS"
.\debug.cpp(256) : 0x90699000 0x00025000 "\??\C:\Windows\system32\Drivers\SYMEVENT.SYS"
.\debug.cpp(256) : 0x906be000 0x00015000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0x906d3000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x906d5000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x906e9000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x90731000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x90763000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x90779000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x90787000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x9079a000 0x0001f000 "\SystemRoot\system32\drivers\NIS\1107000.00C\Ironx86.SYS"
.\debug.cpp(256) : 0x907b9000 0x0000a000 "\SystemRoot\system32\drivers\NIS\1107000.00C\SRTSPX.SYS"
.\debug.cpp(256) : 0x907c3000 0x00022000 "\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS"
.\debug.cpp(256) : 0x907e5000 0x00006000 "\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"
.\debug.cpp(256) : 0x90801000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x9083d000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x90847000 0x00058000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100825.001\IDSvix86.sys"
.\debug.cpp(256) : 0x9089f000 0x0005e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
.\debug.cpp(256) : 0x908fd000 0x0001d000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
.\debug.cpp(256) : 0x9091a000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x90931000 0x0007f000 "\SystemRoot\system32\drivers\NIS\1107000.00C\ccHPx86.sys"
.\debug.cpp(256) : 0x9160d000 0x000ac000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx86.sys"
.\debug.cpp(256) : 0x916b9000 0x00002000 "\SystemRoot\system32\drivers\AsIO.sys"
.\debug.cpp(256) : 0x916bb000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x916d2000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x916db000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x916eb000 0x0001a000 "\SystemRoot\system32\DRIVERS\ewusbmdm.sys"
.\debug.cpp(256) : 0x91705000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
.\debug.cpp(256) : 0x91712000 0x0001f000 "\SystemRoot\system32\DRIVERS\ewusbnet.sys"
.\debug.cpp(256) : 0x91731000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x9173a000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x91742000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x91758000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x91765000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x91770000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x99220000 0x00203000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x91778000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x91782000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x99440000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x99460000 0x0000e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x91791000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x9e609000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0x9e6b9000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x9e6c9000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x9e6dc000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x9e749000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x9e766000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x9e77f000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x9e794000 0x00021000 "\SystemRoot\system32\drivers\mrxdav.sys"
.\debug.cpp(256) : 0x9e7b5000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x917ac000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x9e7d4000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x909b0000 0x00027000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xa0600000 0x0004e000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa064e000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0xa0657000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0xa0735000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0xa073f000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xa074b000 0x00015000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
.\debug.cpp(256) : 0xa0760000 0x00012000 "\SystemRoot\system32\DRIVERS\WUDFPf.sys"
.\debug.cpp(256) : 0xa0772000 0x00057000 "\SystemRoot\System32\Drivers\NIS\1107000.00C\SRTSP.SYS"
.\debug.cpp(256) : 0xbdc00000 0x0014c000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100826.002\NAVEX15.SYS"
.\debug.cpp(256) : 0xbdd4c000 0x00014000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100826.002\NAVENG.SYS"
.\debug.cpp(256) : 0x76f00000 0x00127000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{30c79d02-abc3-11df-9b7b-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3250310AS_____________________________3.AAF___#5&18fda9ce&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0611&SUBSYS_826A1043&REV_A2#4&21d451d8&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_82771043&REV_02#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1131&DEV_7133&SUBSYS_20551461&REV_D1#4&1542fbd&0&08F0#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
.\debug.cpp(400) : Destination="\Device\SymEvent"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000087"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) : Destination="\Device\ATKACPI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9}"
.\debug.cpp(400) : Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) : Destination="\Device\Tun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&5793eda&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#ACI24F2#5&37326200&1&UID16777488#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination="\Device\00000082"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62}"
.\debug.cpp(400) : Destination="\Device\NDMP6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{35D9C415-1F42-4912-BDB9-16D20DE22F5E}"
.\debug.cpp(400) : Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000087"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination="\Device\Scsi\mv61xx1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e6befd5a-abc4-11df-8e3e-001e101f8924}"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMDS"
.\debug.cpp(400) : Destination="\Device\SymDS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_82771043&REV_02#3&11583659&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C517&MI_01&Col01#7&1ad37653&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1131&DEV_7133&SUBSYS_20551461&REV_D1#4&1542fbd&0&08F0#{a799a800-a46d-11d0-a18c-00a02401dcd4}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&f0a46d8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&186dc9c9&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Selene.00"
.\debug.cpp(400) : Destination="\Device\Selene.00"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_1043829F&REV_1000#4&196e0bad&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice"
.\debug.cpp(400) : Destination="\Device\SpDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) : Destination="\Device\RaidPort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_1043829F&REV_1000#4&196e0bad&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0428a7e8-adcf-11df-8891-001e101fa1f5}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{30c79d06-abc3-11df-9b7b-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1131&DEV_7133&SUBSYS_20551461&REV_D1#4&1542fbd&0&08F0#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination="\Device\PEAuth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BASHDRVCHANNEL"
.\debug.cpp(400) : Destination="\Device\BBDrvDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#CdRom&Ven_HUAWEI&Prod_Mass_Storage&Rev_2.31#7&1cd8f48a&0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_HUAWEI&PROD_TF_CARD_STORAGE&REV_#7&9A8D84C&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination="\Device\00000085"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Lbd"
.\debug.cpp(400) : Destination="\Device\Lbd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureD53151A7Offset7E00LengthE8E0B30400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_82771043&REV_02#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BC2&PID_3001#2GEV5JG3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM4"
.\debug.cpp(400) : Destination="\Device\QCUSB_COM4_1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C517&MI_01&Col05#7&1ad37653&0&0004#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_HUAWEI&Prod_TF_CARD_Storage&Rev_#7&9a8d84c&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000081"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) : Destination="\Device\NAVEX15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{30c79d07-abc3-11df-9b7b-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM5"
.\debug.cpp(400) : Destination="\Device\QCUSB_COM5_2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#ACI24F2#5&37326200&1&UID16777488#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination="\Device\00000082"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1131&DEV_7133&SUBSYS_20551461&REV_D1#4&1542fbd&0&08F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_HUAWEI&Prod_TF_CARD_Storage&Rev_#7&9a8d84c&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C517&MI_00#7&30fea0e&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0#4&18ba0aa4&0&00E5#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F5501B79-6362-4296-BAD6-2B88DF3C487F}"
.\debug.cpp(400) : Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM6"
.\debug.cpp(400) : Destination="\Device\QCUSB_COM6_3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{30c79d03-abc3-11df-9b7b-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_1043829F&REV_1000#4&196e0bad&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI10"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) : Destination="\Device\EraserCtrlDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NvAdminDevice"
.\debug.cpp(400) : Destination="\Device\NvAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C517&MI_01&Col01#7&1ad37653&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DR1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature4E604E6Offset7E00Length21CE951000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2b025fd5&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde1Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_82771043&REV_02#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1131&DEV_7133&SUBSYS_20551461&REV_D1#4&1542fbd&0&08F0#{71985f48-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000084"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMRDR"
.\debug.cpp(400) : Destination="\Device\SYMRDR"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) : Destination="\Device\Harddisk2\DR2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2b025fd5&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde1Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination="\Device\USBFDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&24798f4b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HUAWEI Mobile Connect - 3G Modem"
.\debug.cpp(400) : Destination="\Device\00000071"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-d07db27a-b12b-11df-a818-001e101f2c0e"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-d07db27a-b12b-11df-a818-001e101f2c0e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&2e355f2b&0&0#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\FloppyPDO0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination="\Device\USBFDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\0000005b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_1043829F&REV_1000#4&196e0bad&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71D7C445-F328-4585-A4E7-BD5B4DDAB5E4}"
.\debug.cpp(400) : Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) : Destination="\Device\NAVENG"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
.\debug.cpp(400) : Destination="\Device\SRTSPX"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_82771043&REV_02#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination="\Device\USBFDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C517#5&227472fb&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C517&MI_01&Col03#7&1ad37653&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#CdRom&Ven_HUAWEI&Prod_Mass_Storage&Rev_2.31#7&1cd8f48a&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVStream#AVerMedia.EtherNet#5&1ff46fb&1&0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000067"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}"
.\debug.cpp(400) : Destination="\Device\NDMP14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{451B7115-F626-4C21-94A2-A512E7A3EC7D}"
.\debug.cpp(400) : Destination="\Device\NDMP3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Seagate&Prod_FreeAgent&Rev_102D#2GEV5JG3&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_1043829F&REV_1000#4&196e0bad&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&c7613f9&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0611&SUBSYS_826A1043&REV_A2#4&21d451d8&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_1"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\0000005b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_2"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GH20NS10________________EL01____#5&643f929&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2b4a457f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVerEth"
.\debug.cpp(400) : Destination="\Device\AverEth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_3"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_4"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C517&MI_01&Col02#7&1ad37653&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&2e355f2b&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\FloppyPDO0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_12D1&PID_14AC#5&8e70af1&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_5"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1131&DEV_7133&SUBSYS_20551461&REV_D1#4&1542fbd&0&08F0#{a799a801-a46d-11d0-a18c-00a02401dcd4}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{541EFF09-BA28-42D1-A0BB-9342062D7CAE}"
.\debug.cpp(400) : Destination="\Device\NDMP15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature4E604E6Offset21CEA00000Length1869F00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_6"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F}"
.\debug.cpp(400) : Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_HUAWEI&PROD_TF_CARD_STORAGE&REV_#7&9A8D84C&0##{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\00000085"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NDMP8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_7"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SASKUTIL"
.\debug.cpp(400) : Destination="\Device\SASKUTIL"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{72E4739B-D0E6-4507-8678-1EFF670B0CE4}"
.\debug.cpp(400) : Destination="\Device\NDMP17"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_82771043&REV_02#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&19b04fbe&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_8"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_12D1&PID_14AC&MI_02#6&6b6054a&0&0002#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\00000073"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) : Destination="\Device\ASYNCMAC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_12D1&PID_14AC&MI_01#6&6b6054a&0&0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000072"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C517&MI_00#7&30fea0e&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination="\Device\WANARPV6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_9"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_12D1&PID_14AC&MI_01#6&6b6054a&0&0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000072"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1131&DEV_7133&SUBSYS_20551461&REV_D1#4&1542fbd&0&08F0#{a799a802-a46d-11d0-a18c-00a02401dcd4}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C517&MI_01&Col04#7&1ad37653&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMEFA"
.\debug.cpp(400) : Destination="\Device\SYMEFA"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_82771043&REV_02#3&11583659&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0#4&18ba0aa4&0&00E5#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&45983f6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{285D85C4-C27A-440F-9517-503D6BFBD9E6}"
.\debug.cpp(400) : Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11010"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIron"
.\debug.cpp(400) : Destination="\Device\SymIron"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e6befd5c-abc4-11df-8e3e-001e101f8924}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&186dc9c9&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination="\Device\NDMP7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_10"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI"
.\debug.cpp(400) : Destination="\Device\SymTDI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_11"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_12D1&PID_14AC&MI_03#6&6b6054a&0&0003#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{880999CA-12C0-46E4-9880-8D7E81194FEC}"
.\debug.cpp(400) : Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-d07db27d-b12b-11df-a818-001e101f2c0e"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-d07db27d-b12b-11df-a818-001e101f2c0e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_6121&SUBSYS_82A21043&REV_B2#4&1ad356c7&0&00E4#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV"
.\debug.cpp(400) : Destination="\Device\SASDIFSV"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_12"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVStream#AVerMedia.EtherNet#5&1ff46fb&1&0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000067"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_13"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SND_USER_DEVICE"
.\debug.cpp(400) : Destination="\Device\SND_USER_DEVICE"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIDSCo"
.\debug.cpp(400) : Destination="\Device\SymIDSCo"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
.\debug.cpp(400) : Destination="\Device\SRTSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&15dafd0c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_14"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{05EF7DFE-B7EA-45BE-AD52-F8F8994824F5}"
.\debug.cpp(400) : Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GH20NS10________________EL01____#5&643f929&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_82771043&REV_02#3&11583659&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_1043829F&REV_1000#4&196e0bad&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Asusgio"
.\debug.cpp(400) : Destination="\Device\Asusgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_12D1&PID_14AC&MI_00#6&6b6054a&0&0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination="\Device\00000071"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_15"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_HUAWEI&PROD_TF_CARD_STORAGE&REV_#7&9A8D84C&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination="\Device\00000085"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_16"
.\debug.cpp(400) : Destination="\Device\{E0354D49-36E8-45A5-98D9-8049B73D5A7F}_16"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003d"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;

HelpMeSoon · 26.08.2010, 18:25

Mir sagen diese ganzen Logs allerdings nichts. Hoffe nur das das auch was bringt

cosinus · 26.08.2010, 19:42

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

HelpMeSoon · 28.08.2010, 15:01

Hallo,

es schien alles zu Funktionieren, nur ist es komisch, das ich seit der letzten Installation deiner Vorgeschlagenen Programme weder bei Yahoo noch bei windows mail meine mails abrufen kann.

Vieleicht sollte ich doch nochmal meine Festplatte mit eraser Formatieren und alles noch einmal installieren. Was denkst du ist der beste Weg.

26.08.2010, 19:42	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojan.Win32.Generic!BT nach neuinstallation immer noch auf dem PC Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Trojan.Win32.Generic!BT nach neuinstallation immer noch auf dem PC

Log-Analyse und Auswertung: Trojan.Win32.Generic!BT nach neuinstallation immer noch auf dem PC