| |
| |||||||
Log-Analyse und Auswertung: Hijack-Logfile auswertenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.07.2010, 17:01
| #16 |
 |  Hijack-Logfile auswerten Roger that! Alles ausgeführt. Folgende Log-Datei ist entstanden. Ich bin gespannt... Combofix Logfile: Code:
ATTFilter ComboFix 10-07-26.04 - Benutzer01 27.07.2010 17:56:01.1.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\Benutzer01\Desktop\Cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programme\pdfforge Toolbar\SearchSettings.dll
c:\windows\system32\ui
c:\windows\system32\ui\BANNER\LoadingImgOpt.txt
c:\windows\system32\ui\BANNER\TMP\LoadingImgOpt.txt
D:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-27 bis 2010-07-27 ))))))))))))))))))))))))))))))
.
2010-07-26 18:17 . 2010-07-26 18:17 -------- d-----w- c:\programme\CCleaner
2010-07-24 10:45 . 2010-07-24 10:45 -------- d-----w- C:\_OTL
2010-07-23 08:39 . 2010-07-23 08:39 -------- d-----w- c:\dokumente und einstellungen\Benutzer01\Anwendungsdaten\Malwarebytes
2010-07-23 08:39 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-23 08:39 . 2010-07-23 08:39 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-07-23 08:39 . 2010-07-23 08:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-07-23 08:39 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-19 18:36 . 2010-07-19 18:37 -------- d-----w- c:\programme\KoolCal
2010-07-19 18:36 . 2010-07-19 18:36 9662 ----a-r- c:\dokumente und einstellungen\Benutzer01\Anwendungsdaten\Microsoft\Installer\{B7D30344-DC52-4771-B05E-4FA64BC0D7F0}\_AD3A334A3DEF124B162EBD.exe
2010-07-19 18:36 . 2010-07-19 18:36 9662 ----a-r- c:\dokumente und einstellungen\Benutzer01\Anwendungsdaten\Microsoft\Installer\{B7D30344-DC52-4771-B05E-4FA64BC0D7F0}\_A1A6C01B8BA346A1EC2537.exe
2010-07-19 18:36 . 2010-07-19 18:36 9662 ----a-r- c:\dokumente und einstellungen\Benutzer01\Anwendungsdaten\Microsoft\Installer\{B7D30344-DC52-4771-B05E-4FA64BC0D7F0}\_6FEFF9B68218417F98F549.exe
2010-07-19 18:36 . 2010-07-19 18:36 9662 ----a-r- c:\dokumente und einstellungen\Benutzer01\Anwendungsdaten\Microsoft\Installer\{B7D30344-DC52-4771-B05E-4FA64BC0D7F0}\_2AA3D192C826C6F8A256C0.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 15:57 . 2010-01-24 14:47 -------- d-----w- c:\programme\pdfforge Toolbar
2010-07-27 12:44 . 2009-06-16 20:40 -------- d-----w- c:\programme\Mozilla Thunderbird
2010-07-26 18:24 . 2010-02-14 14:59 -------- d-----w- c:\dokumente und einstellungen\Benutzer01\Anwendungsdaten\vlc
2010-07-25 09:26 . 2009-06-30 09:27 -------- d-----w- c:\dokumente und einstellungen\Benutzer01\Anwendungsdaten\Winamp
2010-07-24 12:32 . 2009-06-19 20:12 -------- d-----w- c:\dokumente und einstellungen\Benutzer01\Anwendungsdaten\dvdcss
2010-06-10 07:13 . 2009-06-14 19:59 -------- d-----w- c:\dokumente und einstellungen\Benutzer01\Anwendungsdaten\Skype
2010-06-10 07:13 . 2009-06-14 20:00 -------- d-----w- c:\dokumente und einstellungen\Benutzer01\Anwendungsdaten\skypePM
2010-06-07 08:55 . 2010-05-10 15:45 57344 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-07 08:55 . 2010-05-10 15:42 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX
2010-06-07 08:51 . 2010-06-07 08:51 56765 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-07 08:51 . 2009-11-03 21:30 -------- d-----w- c:\programme\DivX
2010-06-07 08:51 . 2010-06-07 08:51 56997 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\WebPlayer\Uninstaller.exe
2010-06-07 08:51 . 2010-06-07 08:51 53600 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Update\Uninstaller.exe
2010-06-07 08:51 . 2010-06-07 08:51 57715 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Player\Uninstaller.exe
2010-06-07 08:50 . 2010-06-07 08:50 54153 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DFXPlugin\Uninstaller.exe
2010-06-07 08:50 . 2010-06-07 08:50 54128 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Converter\Uninstaller.exe
2010-06-07 08:50 . 2010-06-07 08:50 54644 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TranscodeEngine\Uninstaller.exe
2010-06-07 08:50 . 2010-06-07 08:50 54101 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-07 08:45 . 2010-05-10 15:45 895256 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe
2010-06-07 08:45 . 2010-05-10 15:45 1062184 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\Resource.dll
2010-05-29 12:15 . 2010-05-29 12:15 -------- d-----w- c:\programme\Playlist Copy
2010-05-10 15:45 . 2010-05-10 15:45 84040 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TransferWizard\Uninstaller.exe
2010-05-10 15:45 . 2010-05-10 15:45 57532 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSASPDecoder\Uninstaller.exe
2010-05-10 15:45 . 2010-05-10 15:45 57054 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-10 15:45 . 2010-05-10 15:45 54166 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-10 15:45 . 2010-05-10 15:45 56458 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-10 15:45 . 2010-05-10 15:45 54174 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAACDecoder\Uninstaller.exe
2010-05-10 15:44 . 2010-05-10 15:44 57409 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ControlPanel\Uninstaller.exe
2010-05-10 15:44 . 2010-05-10 15:44 52963 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-10 15:44 . 2010-05-10 15:44 54073 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Qt4.5\Uninstaller.exe
2010-05-10 15:44 . 2010-05-10 15:44 56969 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ASPEncoder\Uninstaller.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\programme\Vtune\TBPanel.exe" [2008-12-18 2158592]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-11 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-09 13680640]
"nwiz"="nwiz.exe" [2009-01-09 1657376]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-09 86016]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-19 61440]
"EPSON Stylus DX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" [2005-03-07 98304]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2009-04-10 37888]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-08-05 149280]
"SearchSettings"="c:\programme\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-27 110592]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
techsolo TC-N38 Utility.lnk - c:\programme\techsolo\techsolo TC-N38 Utility\RtWLan.exe [2009-5-23 843776]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\QIP\\qip.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Winamp\\winamp.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Dokumente und Einstellungen\\Benutzer01\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programme\\Windows Media Player\\wmplayer.exe"=
"c:\\Spiele\\PES2010\\pes2010.exe"=
"c:\\Dokumente und Einstellungen\\Benutzer01\\Eigene Dateien\\Kitserver2010\\pes2010.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.06.2009 23:25 108289]
R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [08.01.2010 01:51 380928]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [23.05.2009 12:31 38144]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [11.09.2009 12:30 133104]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [16.06.2009 21:58 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [16.06.2009 21:58 3072]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programme\EVEREST Home Edition\kerneld.wnt [18.08.2005 7168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [30.06.2009 17:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [30.06.2009 17:48 8320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.11.2009 22:50 691696]
.
Inhalt des "geplante Tasks" Ordners
2010-07-27 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 10:30]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-09-11 10:30]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-09-11 10:30]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Benutzer01\Anwendungsdaten\Mozilla\Firefox\Profiles\lvzlc36d.default\
FF - prefs.js: browser.startup.homepage - www.spiegel.de
FF - component: c:\programme\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\programme\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\programme\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-27 17:57
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programme\EVEREST Home Edition\kerneld.wnt"
.
Zeit der Fertigstellung: 2010-07-27 17:58:42
ComboFix-quarantined-files.txt 2010-07-27 15:58
Vor Suchlauf: 7 Verzeichnis(se), 61.959.131.136 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 61.924.065.280 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 35EE316BD4A463AE38DFD8F8CB179CEA
|
|
29.07.2010, 13:09
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Hijack-Logfile auswerten Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ |
|
03.08.2010, 09:36
| #18 |
| | Hijack-Logfile auswerten GMER-Logfile:
__________________GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-03 10:37:05
Windows 5.1.2600 Service Pack 2
Running: 1y3qn1k0.exe; Driver: C:\DOKUME~1\BENUTZ~1\LOKALE~1\Temp\fgadifob.sys
---- System - GMER 1.0.15 ----
SSDT BA791C2E ZwCreateKey
SSDT BA791C24 ZwCreateThread
SSDT BA791C33 ZwDeleteKey
SSDT BA791C3D ZwDeleteValueKey
SSDT sphz.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT sphz.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT BA791C42 ZwLoadKey
SSDT sphz.sys ZwOpenKey [0xB9EB50C0]
SSDT BA791C10 ZwOpenProcess
SSDT BA791C15 ZwOpenThread
SSDT sphz.sys ZwQueryKey [0xB9ECE20A]
SSDT sphz.sys ZwQueryValueKey [0xB9ECE08A]
SSDT BA791C4C ZwReplaceKey
SSDT BA791C47 ZwRestoreKey
SSDT BA791C38 ZwSetValueKey
SSDT BA791C1F ZwTerminateProcess
INT 0x63 ? 8A206F00
INT 0x73 ? 8A45AF00
INT 0x83 ? 8A45AF00
---- Kernel code sections - GMER 1.0.15 ----
? sphz.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B8CF562C 5 Bytes JMP 8A2064E0
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB85A9360, 0x35363F, 0xE8000020]
.text a6xkrjw4.SYS B855C386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a6xkrjw4.SYS B855C3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a6xkrjw4.SYS B855C3C4 3 Bytes [00, 80, 02]
.text a6xkrjw4.SYS B855C3C9 1 Byte [30]
.text a6xkrjw4.SYS B855C3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] sphz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] sphz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] sphz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] sphz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] sphz.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] sphz.sys
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!KfRaiseIrql] 0001C083
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\a6xkrjw4.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A4561F8
Device \Driver\usbohci \Device\USBPDO-0 8A2D7500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4581F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A4581F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A4581F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A4581F8
Device \Driver\usbehci \Device\USBPDO-1 8A2B41F8
Device \Driver\PCI_PNP2970 \Device\00000048 sphz.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4C91F8
Device \Driver\Cdrom \Device\CdRom0 8A2A4500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4C91F8
Device \Driver\Cdrom \Device\CdRom1 8A2A4500
Device \Driver\atapi \Device\Ide\IdePort0 8A4C81F8
Device \Driver\atapi \Device\Ide\IdePort1 8A4C81F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A24D1F8
Device \Driver\NetBT \Device\NetbiosSmb 8A24D1F8
Device \Driver\sptd \Device\3033761720 sphz.sys
Device \Driver\usbohci \Device\USBFDO-0 8A2D7500
Device \Driver\usbehci \Device\USBFDO-1 8A2B41F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88FA11F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88FA11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{09C7FE1B-23A4-400A-90C1-BEA7942E7C40} 8A24D1F8
Device \Driver\Ftdisk \Device\FtControl 8A4C91F8
Device \Driver\a6xkrjw4 \Device\Scsi\a6xkrjw41 8A1AA1F8
Device \Driver\a6xkrjw4 \Device\Scsi\a6xkrjw41Port4Path0Target0Lun0 8A1AA1F8
Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path0Target0Lun0 8A4571F8
Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path1Target1Lun0 8A4571F8
Device \Driver\nvgts \Device\Scsi\nvgts1 8A4571F8
Device \Driver\nvgts \Device\Scsi\nvgts2 8A4571F8
Device \FileSystem\Cdfs \Cdfs 8A041500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0x3C 0xFF 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD8 0xB1 0x0F 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB4 0xD5 0x0A 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0x3C 0xFF 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD8 0xB1 0x0F 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB4 0xD5 0x0A 0xE6 ...
---- EOF - GMER 1.0.15 ----
Die anderen folgen noch... |
|
03.08.2010, 14:34
| #19 |
| | Hijack-Logfile auswerten OSAN Logfile OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 15:35:39 on 03.08.2010 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.0.15 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acaedpya" (acaedpya) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\acaedpya.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "AEGIS Protocol (IEEE 802.1x) v3.4.5.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\BENUTZ~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "epmntdrv" (epmntdrv) - ? - C:\WINDOWS\system32\epmntdrv.sys (File found, but it contains no detailed information) "EuGdiDrv" (EuGdiDrv) - ? - C:\WINDOWS\system32\EuGdiDrv.sys (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Lavalys EVEREST Kernel Driver" (EverestDriver) - ? - C:\Programme\EVEREST Home Edition\kerneld.wnt (File found, but it contains no detailed information) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "nVidia WDM A/V Crossbar" (NVXBAR) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\NVxbar.sys "nVidia WDM Video Capture (universal)" (nvcap) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvcap.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Realtek EAPPkt Protocol" (EAPPkt) - "Realtek" - C:\WINDOWS\System32\DRIVERS\EAPPkt.sys "Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\WINDOWS\System32\DRIVERS\secdrv.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\TBPanel.sys "techsolo TC-N38 Wireless LAN Network Adapter Driver" (rtl8185) - "Realtek Semiconductor Corporation " - C:\WINDOWS\System32\DRIVERS\rtl8185.sys "VIMICRO USB PC Camera (ZC0301PLH)" (ZSMC303) - "Vimicro Corporation" - C:\WINDOWS\System32\Drivers\usbVM303.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internetverknüpfung" - ? - C:\WINDOWS\system32\ieframe.dll (File not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\System32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "PartyPoker.com" - ? - C:\Programme\PartyPoker\PartyPoker\RunApp.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists) "techsolo TC-N38 Utility.lnk" - "Realtek Semiconductor Corp." - C:\Programme\techsolo\techsolo TC-N38 Utility\RtWLan.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Benutzer01\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "PC Suite Tray" - "Nokia" - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray "swg" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "TBPanel" - ? - C:\Programme\Vtune\TBPanel.exe /A -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "BigDog303" - "Vimicro" - C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) "DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "NBKeyScan" - "Nero AG" - "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" "WinampAgent" - ? - C:\Programme\Winamp\winampa.exe (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\System32\IoctlSvc.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
|
03.08.2010, 14:38
| #20 |
| | Hijack-Logfile auswerten bOOTKIT .\debug.cpp(238) : Debug log started at 03.08.2010 - 13:39:32 .\boot_cleaner.cpp(675) : Bootkit Remover .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab .\boot_cleaner.cpp(677) : esage lab - main .\boot_cleaner.cpp(681) : Program version: 1.1.0.0 .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600) .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x804d7000 0x0020c000 "\WINDOWS\system32\ntkrnlpa.exe" .\debug.cpp(256) : 0x806e3000 0x00020d00 "\WINDOWS\system32\hal.dll" .\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL" .\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll" .\debug.cpp(256) : 0xb9eb4000 0x000f3000 "spwv.sys" .\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\System32\Drivers\WMILIB.SYS" .\debug.cpp(256) : 0xb9e9c000 0x00018000 "\WINDOWS\System32\Drivers\SCSIPORT.SYS" .\debug.cpp(256) : 0xb9e6d000 0x0002f000 "ACPI.sys" .\debug.cpp(256) : 0xb9e5c000 0x00011000 "pci.sys" .\debug.cpp(256) : 0xba0a8000 0x00009000 "isapnp.sys" .\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys" .\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS" .\debug.cpp(256) : 0xba0b8000 0x0000b000 "MountMgr.sys" .\debug.cpp(256) : 0xb9e3d000 0x0001f000 "ftdisk.sys" .\debug.cpp(256) : 0xba5ac000 0x00002000 "dmload.sys" .\debug.cpp(256) : 0xb9e17000 0x00026000 "dmio.sys" .\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys" .\debug.cpp(256) : 0xba0c8000 0x0000e000 "VolSnap.sys" .\debug.cpp(256) : 0xb9dff000 0x00018000 "atapi.sys" .\debug.cpp(256) : 0xb9dda000 0x00025000 "nvgts.sys" .\debug.cpp(256) : 0xba0d8000 0x00009000 "disk.sys" .\debug.cpp(256) : 0xba0e8000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS" .\debug.cpp(256) : 0xb9dbb000 0x0001f000 "fltmgr.sys" .\debug.cpp(256) : 0xb9da9000 0x00012000 "sr.sys" .\debug.cpp(256) : 0xba0f8000 0x0000a000 "PxHelp20.sys" .\debug.cpp(256) : 0xb9d92000 0x00017000 "KSecDD.sys" .\debug.cpp(256) : 0xb9d05000 0x0008d000 "Ntfs.sys" .\debug.cpp(256) : 0xb9cd8000 0x0002d000 "NDIS.sys" .\debug.cpp(256) : 0xb9cbd000 0x0001b000 "Mup.sys" .\debug.cpp(256) : 0xb951a000 0x0000a000 "\SystemRoot\System32\DRIVERS\processr.sys" .\debug.cpp(256) : 0xb8674000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys" .\debug.cpp(256) : 0xba2f8000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0xba408000 0x00007000 "\SystemRoot\System32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0xba410000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0xb8663000 0x00011000 "\SystemRoot\System32\DRIVERS\serial.sys" .\debug.cpp(256) : 0xba5a4000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys" .\debug.cpp(256) : 0xba418000 0x00005000 "\SystemRoot\System32\DRIVERS\usbohci.sys" .\debug.cpp(256) : 0xb8640000 0x00023000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0xba420000 0x00007000 "\SystemRoot\System32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0xb861b000 0x00025000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys" .\debug.cpp(256) : 0xba308000 0x0000a000 "\SystemRoot\system32\DRIVERS\nvnetbus.sys" .\debug.cpp(256) : 0xb8532000 0x000e9000 "\SystemRoot\system32\DRIVERS\NVNRM.SYS" .\debug.cpp(256) : 0xba318000 0x0000d000 "\SystemRoot\System32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0xba128000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys" .\debug.cpp(256) : 0xb850f000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys" .\debug.cpp(256) : 0xb7f0c000 0x00603000 "\SystemRoot\System32\DRIVERS\nv4_mini.sys" .\debug.cpp(256) : 0xb7ef8000 0x00014000 "\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS" .\debug.cpp(256) : 0xb7ebf000 0x00039000 "\SystemRoot\System32\Drivers\acaedpya.SYS" .\debug.cpp(256) : 0xba7bb000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys" .\debug.cpp(256) : 0xba198000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0xb9c81000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0xb7d90000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0xba1a8000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0xba1b8000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0xba4a0000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0xb7d7f000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys" .\debug.cpp(256) : 0xba1c8000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys" .\debug.cpp(256) : 0xaf462000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys" .\debug.cpp(256) : 0xaf45a000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys" .\debug.cpp(256) : 0xac6ea000 0x00031000 "\SystemRoot\System32\DRIVERS\rdpdr.sys" .\debug.cpp(256) : 0xadc94000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0xba662000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0xac6b6000 0x00034000 "\SystemRoot\System32\DRIVERS\update.sys" .\debug.cpp(256) : 0xb3a55000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0xac8a1000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0xb6aa8000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0xba5f6000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0xba168000 0x0000e000 "\SystemRoot\system32\DRIVERS\NVENETFD.sys" .\debug.cpp(256) : 0xa4980000 0x00463000 "\SystemRoot\system32\drivers\RtkHDAud.sys" .\debug.cpp(256) : 0xa495e000 0x00022000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0xb5c70000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0xba5ae000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0xa5a96000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0xba5b0000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0xba498000 0x00006000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0xba5b2000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS" .\debug.cpp(256) : 0xba5b4000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0xba400000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0xba348000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0xa558d000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0xa48f9000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys" .\debug.cpp(256) : 0xa48a1000 0x00058000 "\SystemRoot\System32\DRIVERS\tcpip.sys" .\debug.cpp(256) : 0xa4879000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0xa4858000 0x00021000 "\SystemRoot\System32\DRIVERS\ipnat.sys" .\debug.cpp(256) : 0xa4836000 0x00022000 "\SystemRoot\System32\drivers\afd.sys" .\debug.cpp(256) : 0xba298000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0xba1d8000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0xac8c1000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys" .\debug.cpp(256) : 0xa480b000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0xa479c000 0x0006f000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0xb959a000 0x00009000 "\SystemRoot\System32\Drivers\Fips.SYS" .\debug.cpp(256) : 0xa4780000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys" .\debug.cpp(256) : 0xba5ba000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys" .\debug.cpp(256) : 0xba598000 0x00003000 "\SystemRoot\System32\DRIVERS\hidusb.sys" .\debug.cpp(256) : 0xb950a000 0x00009000 "\SystemRoot\System32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0xba4b0000 0x00007000 "\SystemRoot\System32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0xba388000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys" .\debug.cpp(256) : 0xba248000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS" .\debug.cpp(256) : 0xb86ac000 0x00003000 "\SystemRoot\System32\DRIVERS\mouhid.sys" .\debug.cpp(256) : 0xb86a8000 0x00004000 "\SystemRoot\System32\Drivers\dump_diskdump.sys" .\debug.cpp(256) : 0xa472d000 0x00025000 "\SystemRoot\System32\Drivers\dump_nvgts.sys" .\debug.cpp(256) : 0xbf800000 0x001c2000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0xb3cae000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0xba468000 0x00005000 "\SystemRoot\System32\watchdog.sys" .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys" .\debug.cpp(256) : 0xba78a000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys" .\debug.cpp(256) : 0xa418f000 0x00020000 "\SystemRoot\system32\DRIVERS\nvcap.sys" .\debug.cpp(256) : 0xb7cb6000 0x0000c000 "\SystemRoot\system32\DRIVERS\STREAM.SYS" .\debug.cpp(256) : 0xac69a000 0x00004000 "\SystemRoot\system32\DRIVERS\NVxbar.sys" .\debug.cpp(256) : 0xbf012000 0x005e3000 "\SystemRoot\System32\nv4_disp.dll" .\debug.cpp(256) : 0xa3d7b000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys" .\debug.cpp(256) : 0xb3c52000 0x00005000 "\SystemRoot\System32\DRIVERS\AegisP.sys" .\debug.cpp(256) : 0xba238000 0x0000a000 "\SystemRoot\System32\DRIVERS\EAPPkt.sys" .\debug.cpp(256) : 0xb3a3d000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0xa3c86000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys" .\debug.cpp(256) : 0xba640000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS" .\debug.cpp(256) : 0xba630000 0x00002000 "\SystemRoot\System32\Drivers\TBPanel.SYS" .\debug.cpp(256) : 0xa3b94000 0x00052000 "\SystemRoot\System32\DRIVERS\srv.sys" .\debug.cpp(256) : 0xa3c26000 0x00003000 "\SystemRoot\System32\DRIVERS\secdrv.sys" .\debug.cpp(256) : 0xa37e7000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys" .\debug.cpp(256) : 0xa390c000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys" .\debug.cpp(256) : 0xa34d7000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys" .\debug.cpp(256) : 0xa253f000 0x00023000 "\SystemRoot\System32\Drivers\Fastfat.SYS" .\debug.cpp(256) : 0xa2515000 0x0002a000 "\SystemRoot\system32\drivers\kmixer.sys" .\debug.cpp(256) : 0x7c910000 0x000b7000 "\WINDOWS\system32\ntdll.dll" .\debug.cpp(256) : 0x10000000 0x00246000 "\Programme\DAEMON Tools Lite\Engine.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination="\Device\Ndis" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:" .\debug.cpp(400) : Destination="\Device\Scsi\nvgts2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination="\Device\Video0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination="\Device\Video1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000033" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon" .\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_RWVOTOT&Prod_N4XYRWP&Rev_1.03#5&36e5972&0&000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Scsi\acaedpya1Port4Path0Target0Lun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip" .\debug.cpp(400) : Destination="\Device\Ip" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination="\Device\Video2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03EF&SUBSYS_03EF1849&REV_A2#3&267a616a&0&38#{c4f6eed3-1c5e-4f43-a768-83ecba42fcc1}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a7683d14-5ab1-11de-b1d9-806d6172696f}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureC5FDC5FDOffset7E00Length1A1B4A0200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev" .\debug.cpp(400) : Destination="\Device\IPSEC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_12bd&Pid_e002&MI_01#7&28f5ede1&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000079" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio" .\debug.cpp(400) : Destination="\Device\avgio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination="\Device\Video3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000032" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{09C7FE1B-23A4-400A-90C1-BEA7942E7C40}" .\debug.cpp(400) : Destination="\Device\AegisP_{09C7FE1B-23A4-400A-90C1-BEA7942E7C40}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:" .\debug.cpp(400) : Destination="\Device\Scsi\acaedpya1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination="\Device\Video4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1" .\debug.cpp(400) : Destination="\Device\ParallelVdm0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_107#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000042" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr" .\debug.cpp(400) : Destination="\Device\RdpDrDvMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination="\Device\WMIDataDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1" .\debug.cpp(400) : Destination="\Device\Serial0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1a3e09be-1e45-494b-9174-d7385b45bbf5}#NVNET_DEV03ef#4&1e6aa3f3&1&00#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000006e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt" .\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination="\Device\NamedPipe" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#nvcap#5&29f6dc15&0&ca000002&02&00#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\VideoPdo1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{327bb0aa-4775-11de-b792-806d6172696f}" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:" .\debug.cpp(400) : Destination="\Device\CdRom1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched" .\debug.cpp(400) : Destination="\Device\PSched" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination="\Device\Mup" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT" .\debug.cpp(400) : Destination="\Device\IPNAT" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03F1&SUBSYS_03F11849&REV_A3#3&267a616a&0&10#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FE95B3DC-2D4E-4F3D-AEF3-4EDAACDF8120}" .\debug.cpp(400) : Destination="\Device\{FE95B3DC-2D4E-4F3D-AEF3-4EDAACDF8120}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination="\Device\USBFDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination="\Device\Tcp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#nvcap#5&29f6dc15&0&ca000002&02&00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\VideoPdo1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#nvcap#5&29f6dc15&0&ca000002&02&00#{6994ad05-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\VideoPdo1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination="\Device\VideoPdo0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination="\Device\USBFDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000038" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_18493662&REV_1001#4&738a0f6&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_18493662&REV_1001#4&738a0f6&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination="\DosDevices\LPT1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000036" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio" .\debug.cpp(400) : Destination="\Device\sysaudio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c046#5&73cd85c&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination="\Device\FsWrap" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000035" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{09C7FE1B-23A4-400A-90C1-BEA7942E7C40}" .\debug.cpp(400) : Destination="\Device\{09C7FE1B-23A4-400A-90C1-BEA7942E7C40}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_TSSTcorp&Prod_DVD-ROM_SH-D163B&Rev_SB02#4&3223cd61&0&110#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Scsi\nvgts1Port2Path1Target1Lun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#nvcap#5&29f6dc15&0&ca000002&02&00#{a799a801-a46d-11d0-a18c-00a02401dcd4}" .\debug.cpp(400) : Destination="\Device\VideoPdo1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1" .\debug.cpp(400) : Destination="\Device\CdRom1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Eappkt" .\debug.cpp(400) : Destination="\Device\Eappkt" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination="\GLOBAL??" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{75C37F58-412E-4DE6-ADE4-C85F64B4A3E7}" .\debug.cpp(400) : Destination="\Device\{75C37F58-412E-4DE6-ADE4-C85F64B4A3E7}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0640&SUBSYS_00000000&REV_A1#4&52edc45&0&0048#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{78999D4E-9383-49CE-A8AA-AFB90663A169}" .\debug.cpp(400) : Destination="\Device\{78999D4E-9383-49CE-A8AA-AFB90663A169}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000046" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000045" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\00000064" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv" .\debug.cpp(400) : Destination="\Device\Secdrv" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Cardex" .\debug.cpp(400) : Destination="\Device\Cardex" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPA000#4&5d18f2df&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000048" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_18493662&REV_1001#4&738a0f6&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&27c9dcc1&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000062" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03F2&SUBSYS_03F21849&REV_A3#3&267a616a&0&11#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\00000064" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&a2f7048&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureC5FDC5FDOffset1A1B4AFE00Length5A554D8400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{58501319-F999-432B-9709-120201E899AA}" .\debug.cpp(400) : Destination="\Device\{58501319-F999-432B-9709-120201E899AA}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination="\Device\MountPointManager" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl" .\debug.cpp(400) : Destination="\Device\ssmctl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000031" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig" .\debug.cpp(400) : Destination="\Device\DmControl\DmConfig" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination="\Device\WANARP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{752920FB-E046-4D38-A549-A15BFFFD2AA1}" .\debug.cpp(400) : Destination="\Device\{752920FB-E046-4D38-A549-A15BFFFD2AA1}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace" .\debug.cpp(400) : Destination="\Device\DmControl\DmTrace" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a7683d13-5ab1-11de-b1d9-806d6172696f}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{82095BA7-4E6D-4581-A919-F93A8019E9B4}" .\debug.cpp(400) : Destination="\Device\{82095BA7-4E6D-4581-A919-F93A8019E9B4}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination="\Device\NdisWanIp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP" .\debug.cpp(400) : Destination="\Device\AegisP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_18493662&REV_1001#4&738a0f6&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_18493662&REV_1001#4&738a0f6&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_Hitachi&Prod_HDP725050GLA&Rev_GM4O#4&3223cd61&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Scsi\nvgts1Port2Path0Target0Lun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#nvxbar#5&29f6dc15&0&ca000003&02&00#{a799a801-a46d-11d0-a18c-00a02401dcd4}" .\debug.cpp(400) : Destination="\Device\VideoPdo0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_12bd&Pid_e002#5&73cd85c&0&7#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_TSSTcorp&Prod_DVD-ROM_SH-D163B&Rev_SB02#4&3223cd61&0&110#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Scsi\nvgts1Port2Path1Target1Lun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000034" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1" .\debug.cpp(400) : Destination="\Device\ParTechInc0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd" .\debug.cpp(400) : Destination="\Device\AscKmd" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST" .\debug.cpp(400) : Destination="\Device\IPMULTICAST" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1" .\debug.cpp(400) : Destination="\Device\Parallel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination="\Device\NdisWan" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_107#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000041" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2" .\debug.cpp(400) : Destination="\Device\ParTechInc1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03F6&SUBSYS_03F61849&REV_A2#3&267a616a&0&40#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader" .\debug.cpp(400) : Destination="\Device\DmLoader" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow" .\debug.cpp(400) : Destination="\Device\LanmanRedirector" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4c2de5d6-dad7-11de-b881-001966ba5a57}" .\debug.cpp(400) : Destination="\Device\CdRom1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_12bd&Pid_e002&MI_00#7&1132619c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000078" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c046#6&353492d5&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000073" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&27c9dcc1&0#{97f76ef0-f883-11d0-af1f-0000f800845c}" .\debug.cpp(400) : Destination="\Device\0000005e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3" .\debug.cpp(400) : Destination="\Device\ParTechInc2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&348df4f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination="\Device\FtControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination="\Device\MailSlot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination="\DosDevices\COM1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_RWVOTOT&Prod_N4XYRWP&Rev_1.03#5&36e5972&0&000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Scsi\acaedpya1Port4Path0Target0Lun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination="\Device\Ndisuio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:" .\debug.cpp(400) : Destination="\Device\Scsi\nvgts1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination="\Device\Null" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03F6&SUBSYS_03F61849&REV_A2#3&267a616a&0&41#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination="" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000003a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&28d3b80d&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}" .\debug.cpp(400) : Destination="\Device\Parallel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb" .\debug.cpp(400) : Destination="\Device\avipbb" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c046#6&353492d5&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000073" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo" .\debug.cpp(400) : Destination="\Device\DmControl\DmInfo" .\debug.cpp(451) : ********************************************** .\boot_cleaner.cpp(1077) : System volume is \\.\C: .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 .\boot_cleaner.cpp(424) : Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf .\boot_cleaner.cpp(1151) : .\boot_cleaner.cpp(1152) : Size Device Name MBR Status .\boot_cleaner.cpp(1153) : -------------------------------------------- .\boot_cleaner.cpp(1197) : 465 GB \\.\PhysicalDrive0 Unknown boot code .\boot_cleaner.cpp(1203) : .\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks. .\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector: .\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file] .\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command: .\boot_cleaner.cpp(1217) : remover.exe fix <device_name> .\boot_cleaner.cpp(1220) : .\boot_cleaner.cpp(1242) : Done; |
|
05.08.2010, 14:40
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hijack-Logfile auswerten Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren! Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok. Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen: Code:
ATTFilter remover.exe fix \\.\PhysicalDrive0
__________________ --> Hijack-Logfile auswerten |
|
07.08.2010, 18:10
| #22 |
| | Hijack-Logfile auswerten OK, wurde erledigt! HAbe seit geraumer Zeit auch keine neuen Meldungen erhalten. Scheint also gewirkt zu haben, oder!?! |
|
07.08.2010, 18:22
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hijack-Logfile auswerten Dann bitte zur Kontrolle die remover.exe per Doppelklick ausführen und die Ausgabe posten.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Hijack-Logfile auswerten |
| 0 bytes, adobe, antivir, antivir guard, auswerten, avira, bho, desktop, einstellungen, excel, festplatte, firefox, google, hijackthis, hkus\s-1-5-18, internet, internet explorer, mozilla, nt.dll, pdfforge toolbar, plug-in, prozesse, registry, rundll, software, spigot, system, trojaner, trojaner meldung, verweise, virus gefunden, warnung, windows, windows xp |
Linear-Darstellung
