Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.08.2010, 17:28   #1
merlo
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Hallo Leute

Ich bekomme seit heute Vormittag alle 2-3 Minuten von Avast die Meldung: BÖSARTIGE WEBSEITE BLOCKIERT

Objekt: newporto.cn/cgi-bin/options.cgi?
Infektion: URL:Mal
Aktion: Blockiert
Prozess: C:\Program Files\Mozilla Firefox\ firefox.exe

Eine Bedrohung wurde gefunden und noch vor der Verbindung zur URL blockiert.


Nach ein paar Stunden änderte sich der Objektname in: newporto.cn/cgi-bin/forms.cgi

Und jetzt wechseln sich die Objeknamen bei der Meldung immer ab.

Ich habe Avast und Malwarebyte durchlaufen lassen, aber nichts gefunden.
Ich bin außerdem auf diesen Thread hier gestoßen : http://www.trojaner-board.de/87486-b...papras-he.html
der mir bis zu einem gewissen Punkt weitergeholfen hat.
Ich habe OTL durchlaufen lassen, aber mit Combofix arbeiten habe ich mich ohne eine gewisse Sicherheit, dass ich nichts beschädige nicht getraut.

Hier die Daten:

Malwarebyte Report :
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.08.2010 16:55:09
mbam-log-2010-08-12 (16-55-09).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144149
Laufzeit: 4 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
OTL:
Code:
ATTFilter
OTL logfile created on: 12.08.2010 17:15:14 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Checker\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 387,65 Gb Free Space | 83,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHECKER
Current User Name: Checker
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Checker\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Checker\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\System32\lpreepad.dll ()
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PnkBstrB) -- C:\Windows\System32\PnkBstrB.exe File not found
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe File not found
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (VWiFiFlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation)
DRV - (s616bus) Sony Ericsson Device 616 driver (WDM) -- C:\Windows\System32\drivers\s616bus.sys (MCCI Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED B8 00 67 81 3F CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.05 22:26:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 18:19:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.05 22:26:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 18:19:54 | 000,000,000 | ---D | M]
 
[2010.08.01 18:10:17 | 000,000,000 | ---D | M] -- C:\Users\Checker\AppData\Roaming\mozilla\Extensions
[2010.08.01 18:10:17 | 000,000,000 | ---D | M] -- C:\Users\Checker\AppData\Roaming\mozilla\Firefox\Profiles\kcf98jt2.Checker\extensions
[2010.08.01 18:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.12 16:09:32 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Checker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ie4uched - (C:\Windows\system32\lpreepad.dll) - C:\Windows\System32\lpreepad.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.12 16:45:44 | 000,000,000 | ---D | C] -- C:\Users\Checker\AppData\Roaming\Malwarebytes
[2010.08.12 16:43:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.12 16:43:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.12 16:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.12 16:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.12 16:09:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.11 18:34:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.11 17:52:33 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.11 17:52:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 17:52:31 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 17:52:29 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 17:52:29 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.11 17:52:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 17:52:27 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 17:52:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 17:52:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 17:52:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 17:52:27 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 17:52:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 17:52:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 17:52:21 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.05 23:19:29 | 000,000,000 | ---D | C] -- C:\Users\Checker\AppData\Roaming\vlc
[2010.08.05 23:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.08.05 22:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\ClipGrab
[2010.08.01 18:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.08.01 18:09:54 | 000,000,000 | ---D | C] -- C:\Users\Checker\AppData\Roaming\Mozilla
[2010.07.15 12:19:05 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.07.15 12:19:04 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.07.15 12:19:04 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.07.15 12:19:02 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.07.15 12:18:58 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.07.15 12:18:48 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.07.15 12:18:48 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.12 17:15:48 | 003,670,016 | -HS- | M] () -- C:\Users\Checker\ntuser.dat
[2010.08.12 16:43:30 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.12 16:37:26 | 000,005,174 | ---- | M] () -- C:\Users\Checker\Documents\cc_20100812_163721.reg
[2010.08.12 16:37:03 | 000,052,210 | ---- | M] () -- C:\Users\Checker\Documents\cc_20100812_163647.reg
[2010.08.12 16:23:42 | 001,531,754 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.12 16:23:42 | 000,663,720 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.12 16:23:42 | 000,633,674 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.12 16:23:42 | 000,135,384 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.12 16:23:42 | 000,111,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.12 16:16:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.12 16:16:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.12 16:16:33 | 2415,259,648 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.12 16:15:36 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 16:15:36 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 16:09:32 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.08.12 13:04:28 | 000,114,104 | ---- | M] () -- C:\Users\Checker\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.12 13:03:50 | 000,430,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.11 20:24:03 | 020,879,597 | -H-- | M] () -- C:\Users\Checker\AppData\Local\IconCache.db
[2010.08.05 22:42:10 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2010.08.05 22:40:14 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010.08.01 18:19:56 | 000,001,909 | ---- | M] () -- C:\Users\Checker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.08.01 18:19:56 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.29 08:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.07.18 20:59:13 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.07.15 12:19:06 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.07.15 12:18:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
 
========== Files Created - No Company Name ==========
 
[2010.08.12 16:43:30 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.12 16:37:23 | 000,005,174 | ---- | C] () -- C:\Users\Checker\Documents\cc_20100812_163721.reg
[2010.08.12 16:36:49 | 000,052,210 | ---- | C] () -- C:\Users\Checker\Documents\cc_20100812_163647.reg
[2010.08.05 22:42:10 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2010.08.05 22:40:13 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.08.01 18:09:51 | 000,001,909 | ---- | C] () -- C:\Users\Checker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.08.01 18:09:51 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.18 20:59:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.15 12:19:06 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.06.21 18:20:17 | 000,046,592 | -H-- | C] () -- C:\Windows\System32\lpreepad.dll
[2010.05.09 12:20:02 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.09 12:20:02 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.10.11 15:30:58 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.10.03 21:38:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll
[2009.09.30 10:47:16 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2009.09.30 10:47:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2009.09.30 10:47:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2009.09.30 10:47:16 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F30723D8
< End of report >
         
und das zweite:

Code:
ATTFilter
OTL Extras logfile created on: 12.08.2010 17:15:14 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Checker\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 387,65 Gb Free Space | 83,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHECKER
Current User Name: Checker
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0722CFC8-FB86-B21D-57D2-8CB1E4AFF39E}" = CCC Help Danish
"{0842768F-A173-8B9D-EEDD-DB89B0BC75D9}" = Catalyst Control Center HydraVision Full
"{16AEDA59-36F3-D016-830A-CCAF0B308ECD}" = CCC Help English
"{1B66C6A6-A833-18B6-A644-0D89F6E7CD83}" = ccc-core-static
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FF281F1-4C2F-0D07-BCF0-2CA8E493A671}" = CCC Help Chinese Traditional
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{380EBAEB-DDAF-B6F3-2551-03351C611264}" = CCC Help Italian
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B206713-B5A9-8997-97D3-7D3BAEF0D863}" = CCC Help Thai
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E354FBA-C7CE-402A-BB0D-225230BB1918}" = Logitech G15 Keyboard Software 1.04
"{3EB2B92A-49F5-CE65-37B1-8D3E95178228}" = Catalyst Control Center Graphics Full Existing
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44FF51BA-F614-73F9-BCE5-10D1EA3CCBBF}" = CCC Help Finnish
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{491E59D3-4E72-6276-52CA-D9658C941B01}" = CCC Help Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A381195-A058-D453-EC4C-A27D438A236C}" = CCC Help Czech
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55F1C4F2-7076-32BE-1134-FD7696DAFAFB}" = Catalyst Control Center InstallProxy
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{644FCC7C-63F5-5EE1-258D-30A5FD195891}" = HydraVision
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6EA12203-3A1F-D36E-001A-EEED26D69C08}" = CCC Help Korean
"{6F083009-8E47-004F-8459-FEC59389BC4B}" = CCC Help Portuguese
"{7F77542B-C7D0-9A23-7817-018F2C7AC066}" = CCC Help Norwegian
"{86A4E293-3356-851A-A92B-F7417E33EA6B}" = Catalyst Control Center Graphics Full New
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.0.7
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8D58A2D8-3F73-4239-2BFA-45C33C6994B9}" = CCC Help Dutch
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9EEFDD22-6CBA-8BBC-A46F-A0175CC071D3}" = CCC Help Swedish
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D91AD2-056B-EE87-D196-81F9834551DA}" = CCC Help Polish
"{BBD19BBF-9ABD-F856-5AA1-58A31C3000D3}" = Catalyst Control Center Core Implementation
"{BCD42839-C433-159D-C0E0-00071FAFFF11}" = ATI Catalyst Install Manager
"{C08C8FCE-6EAB-97E4-403C-5ED67C475B53}" = CCC Help Spanish
"{C3D2EE61-7B29-000E-FFB2-9ECACDC142BD}" = CCC Help Japanese
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C70DCDB3-04F7-F325-5BB2-D646C77342A1}" = CCC Help German
"{CA947F32-E30F-79C0-497C-AA923CA87E6E}" = Catalyst Control Center Localization All
"{CCEC07F5-49FC-3CEA-C5DB-5E8311CD9F8C}" = CCC Help French
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2A1367C-2C73-7B44-BCC4-C8CFEA0BA870}" = CCC Help Chinese Standard
"{D2CD6E9B-C783-B1E1-0415-7DA6D54B8869}" = ccc-utility
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3EF3D90-CB56-5A6A-6F51-8A3A308A39A8}" = CCC Help Greek
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D8E339C9-D9DC-94D3-7731-DFEEA6D2277C}" = CCC Help Russian
"{E0112FF2-FB01-1442-9365-EAC63B08729D}" = Catalyst Control Center Graphics Previews Vista
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3EEBF5A-C102-E6CA-9194-2A4A86D74C81}" = CCC Help Hungarian
"{EF18BFA9-45A1-235F-6F6C-F78D3ED37437}" = Catalyst Control Center Graphics Light
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F839F4CD-FA17-CB5D-5422-AB846989EE18}" = Catalyst Control Center Graphics Previews Common
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aonUpdate" = aonUpdate
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Digital Editions" = Adobe Digital Editions
"Eazel-DE Toolbar" = Eazel-DE Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = MOUSE Editor
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MessengerDiscovery 2_is1" = MessengerDiscovery 2.0.48
"MessengerDiscovery_is1" = MessengerDiscovery 2.5.95
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CreepSmash.com" = CreepSmash.com
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2010 09:05:11 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12.08.2010 09:05:12 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12.08.2010 09:05:12 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12.08.2010 09:05:13 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12.08.2010 09:06:16 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12.08.2010 09:06:17 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12.08.2010 09:10:18 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12.08.2010 10:11:29 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12.08.2010 10:14:20 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12.08.2010 10:16:50 | Computer Name = Checker | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
[ Media Center Events ]
Error - 26.01.2010 14:17:32 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 7:17:32 PM - Error connecting to the internet.  7:17:32 PM -     Unable
 to contact server..  
 
Error - 26.01.2010 14:17:42 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 7:17:37 PM - Error connecting to the internet.  7:17:37 PM -     Unable
 to contact server..  
 
Error - 01.02.2010 13:51:14 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 6:51:14 PM - Error connecting to the internet.  6:51:14 PM -     Unable
 to contact server..  
 
Error - 01.02.2010 13:51:22 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 6:51:19 PM - Error connecting to the internet.  6:51:19 PM -     Unable
 to contact server..  
 
Error - 17.02.2010 13:53:51 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 6:53:50 PM - Error connecting to the internet.  6:53:50 PM -     Unable
 to contact server..  
 
Error - 17.02.2010 13:53:59 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 6:53:56 PM - Error connecting to the internet.  6:53:56 PM -     Unable
 to contact server..  
 
Error - 18.02.2010 01:47:00 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 6:46:56 AM - Error connecting to the internet.  6:46:56 AM -     Unable
 to contact server..  
 
Error - 18.02.2010 08:21:55 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 1:21:47 PM - Error connecting to the internet.  1:21:47 PM -     Unable
 to contact server..  
 
Error - 26.02.2010 12:45:09 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 5:45:09 PM - Error connecting to the internet.  5:45:09 PM -     Unable
 to contact server..  
 
Error - 26.02.2010 12:45:18 | Computer Name = HD4890 | Source = MCUpdate | ID = 0
Description = 5:45:15 PM - Error connecting to the internet.  5:45:15 PM -     Unable
 to contact server..  
 
[ System Events ]
Error - 28.02.2010 10:03:26 | Computer Name = HD4890 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 28.02.2010 10:03:26 | Computer Name = HD4890 | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.02.2010 10:16:49 | Computer Name = HD4890 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 28.02.2010 10:16:49 | Computer Name = HD4890 | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.03.2010 12:28:50 | Computer Name = HD4890 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 01.03.2010 12:28:50 | Computer Name = HD4890 | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 02.03.2010 12:35:37 | Computer Name = HD4890 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 02.03.2010 12:35:37 | Computer Name = HD4890 | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 03.03.2010 13:31:47 | Computer Name = HD4890 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 03.03.2010 13:31:47 | Computer Name = HD4890 | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         

So ich hoffe ihr könnt mir mit meinem Problem weiterhelfen, da ich schon langsam am Verzweifeln bin.

Alt 14.08.2010, 19:20   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Mach bitte einen Vollscan mit aktuellem Malwarebytes.
__________________

__________________

Alt 14.08.2010, 19:59   #3
merlo
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Abend

Danke für deine Antwort

Ich habe 2-mal mit Malwarebytes einen Vollscan gemacht und das Programm ist bei beiden Versuchen nach ca 15-20 min abgestürzt.
__________________

Alt 15.08.2010, 00:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O33 - MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\Shell - "" = AutoRun
O33 - MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O36 - AppCertDlls: ie4uched - (C:\Windows\system32\lpreepad.dll) - C:\Windows\System32\lpreepad.dll ()
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F30723D8
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.08.2010, 10:53   #5
merlo
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Ich habe Malwarebyte im abgesicherten Modus durchlaufen lassen und es ist nicht abgestürzt.
Hier die Logs:

Malwarebyte:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4428

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

15.08.2010 10:32:53
mbam-log-2010-08-15 (10-32-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 259948
Laufzeit: 26 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
OTL:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300d739d-ab74-11de-92a9-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{300d739d-ab74-11de-92a9-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300d739d-ab74-11de-92a9-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300d739f-ab74-11de-92a9-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{300d739f-ab74-11de-92a9-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300d739f-ab74-11de-92a9-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41d41c9e-9c4b-11de-86fb-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41d41ca2-9c4b-11de-86fb-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f6e2494-9bb9-11de-a33e-001d92b6f873}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f6e2498-9bb9-11de-a33e-001d92b6f873}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754e0060-b668-11de-8419-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{754e0060-b668-11de-8419-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754e0060-b668-11de-8419-806e6f6e6963}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb875a0-7083-11df-a6d1-de2e48ea14b0}\ not found.
File F:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb876c8-7083-11df-a6d1-de2e48ea14b0}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2433531-e41e-11de-b78a-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2433531-e41e-11de-b78a-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2433531-e41e-11de-b78a-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2433535-e41e-11de-b78a-001d92b6f873}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2433535-e41e-11de-b78a-001d92b6f873}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2433535-e41e-11de-b78a-001d92b6f873}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd165671-9c03-11de-a242-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd165671-9c03-11de-a242-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd165671-9c03-11de-a242-806e6f6e6963}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\ie4uched:C:\Windows\system32\lpreepad.dll deleted successfully.
C:\Windows\System32\lpreepad.dll moved successfully.
ADS C:\ProgramData\Temp:F30723D8 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Checker
->Temp folder emptied: 14650271 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 2618 bytes
 
User: dasd
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 532938 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 14,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08152010_104452

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         


Alt 15.08.2010, 19:23   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?

Alt 15.08.2010, 20:07   #7
merlo
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Hier das Log:

Code:
ATTFilter
ComboFix 10-08-14.06 - Checker 15.08.2010  19:55:45.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3071.2167 [GMT 2:00]
Running from: c:\users\Checker\Desktop\cofi.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\muzapp.exe

.
(((((((((((((((((((((((((   Files Created from 2010-07-15 to 2010-08-15  )))))))))))))))))))))))))))))))
.

2010-08-15 17:54 . 2010-08-15 17:54	--------	d-----w-	C:\32788R22FWJFW
2010-08-14 17:30 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-14 17:30 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-14 17:30 . 2010-08-14 17:30	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-12 19:14 . 2010-03-09 10:12	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-08-12 19:14 . 2010-03-09 10:12	162640	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-08-12 19:14 . 2010-03-09 10:09	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-08-12 19:14 . 2010-03-09 10:08	19024	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-08-12 19:14 . 2010-03-09 10:08	51792	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2010-08-12 19:14 . 2010-03-09 10:24	38848	----a-w-	c:\windows\system32\avastSS.scr
2010-08-12 19:14 . 2010-03-09 10:24	153184	----a-w-	c:\windows\system32\aswBoot.exe
2010-08-12 14:45 . 2010-08-12 14:45	--------	d-----w-	c:\users\Checker\AppData\Roaming\Malwarebytes
2010-08-12 14:43 . 2010-08-12 14:43	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-12 14:09 . 2010-08-12 14:09	--------	d-----w-	C:\_OTL
2010-08-05 21:19 . 2010-08-05 21:20	--------	d-----w-	c:\users\Checker\AppData\Roaming\vlc
2010-08-05 21:19 . 2010-08-05 21:19	--------	d-----w-	c:\program files\VideoLAN
2010-08-05 20:42 . 2010-08-05 20:42	--------	d-----w-	c:\program files\ClipGrab
2010-08-05 20:40 . 2010-08-05 20:40	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2010-07-18 18:59 . 2010-07-18 18:59	0	----a-w-	c:\windows\nsreg.dat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 08:53 . 2009-09-07 15:07	663720	----a-w-	c:\windows\system32\perfh007.dat
2010-08-15 08:53 . 2009-09-07 15:07	135384	----a-w-	c:\windows\system32\perfc007.dat
2010-08-12 13:54 . 2009-09-26 06:57	--------	d-----w-	c:\program files\ChessBase
2010-08-12 11:04 . 2009-09-07 14:27	114104	----a-w-	c:\users\Checker\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 18:26 . 2009-09-07 14:50	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-05 20:43 . 2010-02-20 15:51	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-08-01 14:06 . 2009-09-15 17:23	--------	d-----w-	c:\users\Checker\AppData\Roaming\MessengerDiscovery 2
2010-07-29 06:30 . 2010-08-11 15:52	197632	----a-w-	c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 15:52	82944	----a-w-	c:\windows\system32\iccvid.dll
2010-07-15 10:18 . 2010-02-14 14:42	--------	d-----w-	c:\programdata\Alwil Software
2010-07-15 10:18 . 2010-02-14 20:51	--------	d-----w-	c:\program files\OpenOffice.org 3
2010-06-30 06:25 . 2010-08-11 15:52	978432	----a-w-	c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-11 15:52	310784	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 15:52	307200	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 15:52	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-06-21 17:16 . 2009-10-07 16:52	--------	d-----w-	c:\users\Checker\AppData\Roaming\Dev-Cpp
2010-06-21 16:58 . 2010-06-21 16:49	--------	d-----w-	c:\users\Checker\AppData\Roaming\Orbit
2010-06-21 16:49 . 2010-06-21 16:49	--------	d-----w-	c:\users\Checker\AppData\Roaming\GrabPro
2010-06-20 08:49 . 2010-06-20 08:47	--------	d-----w-	c:\program files\Motherboard Monitor 5
2010-06-19 18:00 . 2010-02-14 20:51	1	----a-w-	c:\users\Checker\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-19 13:53 . 2010-06-19 13:53	--------	d-----w-	c:\users\Checker\AppData\Roaming\Bump Technologies, Inc
2010-06-19 06:33 . 2010-08-11 15:52	3955080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 15:52	3899784	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 15:52	37376	----a-w-	c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 15:52	2326016	----a-w-	c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-11 15:52	224256	----a-w-	c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-11 15:52	1286016	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-06-08 18:28 . 2010-06-08 18:23	2167292	----a-w-	c:\users\Checker\AppData\Roaming\MessengerDiscovery 2\1917497706\Update.exe
2010-06-08 06:02 . 2010-08-11 15:52	1233920	----a-w-	c:\windows\system32\msxml3.dll
2010-06-06 12:10 . 2009-10-11 13:30	138056	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 12:10 . 2009-10-11 13:30	138056	----a-w-	c:\users\Checker\AppData\Roaming\PnkBstrK.sys
2010-06-06 12:10 . 2009-10-11 13:30	138056	----a-w-	c:\users\Checker\AppData\Roaming\PnkBstrK.sys
2010-06-06 12:10 . 2010-06-05 17:02	2434856	----a-w-	c:\windows\system32\pbsvc_bc2.exe
2010-06-06 12:10 . 2009-10-11 13:30	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
2010-06-05 07:31 . 2010-06-05 07:31	113440	----a-w-	c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2010-05-27 07:24 . 2010-06-11 13:09	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 13:09	293888	----a-w-	c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 18:32	221568	------w-	c:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}"= "c:\program files\Eazel-DE\tbEaze.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]
2009-07-02 08:18	2215960	----a-w-	c:\program files\Eazel-DE\tbEaze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}"= "c:\program files\Eazel-DE\tbEaze.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}"= "c:\program files\Eazel-DE\tbEaze.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-07-23 162912]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 774168]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 1132056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]

c:\users\Checker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2009-10-28 08:51	3402552	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
2008-08-07 12:10	2854912	----a-w-	c:\program files\MOUSE Editor\MouseEditor.exe

R1 ntiomin;ntiomin; [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-21 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-21 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-21 121856]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-21 98560]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
S1 aswSP;aswSP; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-10-26 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-09 217088]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-10-26 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-10-09 36640]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Checker\AppData\Roaming\Mozilla\Firefox\Profiles\kcf98jt2.Checker\
FF - prefs.js: browser.startup.homepage - google.at
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-15  20:04:10
ComboFix-quarantined-files.txt  2010-08-15 18:04

Pre-Run: 416.823.873.536 bytes free
Post-Run: 416.723.861.504 bytes free

- - End Of File - - B5360379BFFC9D63C5766AFCC24748D8
         

Alt 15.08.2010, 20:34   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.08.2010, 22:27   #9
merlo
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Bei Osam kam Part 7 bei der Anleitung nicht: Danach clicke wieder "Next" -> "Next" -> Next".
Hier die Logs:

GMER:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-15 22:03:32
Windows 6.1.7600 
Running: n3vpuipv.exe; Driver: C:\Users\Checker\AppData\Local\Temp\uwldqpog.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)         83038AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)         83038104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)         830383F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)         83020FB4
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)         830381DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)         83038958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)         830386F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)         83038F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)         830391A8

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)            ZwCreateProcessEx [0x911274FE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)            ZwCreateSection [0x91127322]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)            ZwLoadDriver [0x9112745C]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)            NtCreateSection
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)            ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                  8308A8E9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                           830AA3D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            ntoskrnl.exe!ZwLoadDriver                                                                        831F6124 7 Bytes  JMP 91127460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                               83236E0D 5 Bytes  JMP 911234BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntoskrnl.exe!RtlCompareUnicodeStrings + 50C                                                      8325E1CA 5 Bytes  JMP 911249D8 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntoskrnl.exe!NtCreateSection                                                                     832A7F2B 7 Bytes  JMP 91127326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                   83326812 7 Bytes  JMP 91127502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x9303B000, 0x2D5378, 0xE8000020]
.text           peauth.sys                                                                                       94AF4C9D 28 Bytes  [D5, B5, 7F, E0, 80, 15, C4, ...]
.text           peauth.sys                                                                                       94AF4CC1 28 Bytes  [D5, B5, 7F, E0, 80, 15, C4, ...]
PAGE            peauth.sys                                                                                       94AFAB9B 72 Bytes  [C9, 15, 0C, 42, D8, 73, BE, ...]
PAGE            peauth.sys                                                                                       94AFABEC 111 Bytes  [19, F8, 9B, C6, 7A, 7A, F1, ...]
PAGE            peauth.sys                                                                                       94AFB02C 102 Bytes  [56, E3, 5D, E3, C7, D4, 54, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                              A0827000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                              A0827123 629 Bytes  [25, 82, A0, FE, 05, 34, 25, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                              A0827399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                              A08273FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                              A08274AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                              
?               C:\Users\Checker\AppData\Local\Temp\catchme.sys                                                  Das System kann die angegebene Datei nicht finden. !
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                       Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Checker\AppData\Local\Temp\mbr.sys                                                      Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                          aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                          aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\ACPI_HAL \Device\0000008b                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fcf407307                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fcf407307@0022981bdb66         0xAE 0x70 0x87 0x72 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                 ???k?s???k?????k??????????????????????<??k?????g????ROOT\RDP_MOU?????????????????????????????????????????4???????u???????i???????e???????{???????z???|????:??????????k????4?????????????cdrom.inf????????k???????????????j???D??s5???????????v????????m38????????o???k??????????????????????????????Port_#0002.Hub_#0001?0??.NT?????????o????????????f??????02???????????c?????s-0???????????4???????????  ??k??? ?????re ???????u??????????????t???LegacyDriver????????????????? ???e??????ib???  ??k???????????????????????????????????????i??????,%???e?k?k?k?????k??? ???????~???????~???????k??????????????????????????????????????vwifibus?????i?i?j?s?i??ms_ndiswanipv6???????????i???????e??????*6to4mp???????????????N??k??????????????*6to4mp??v???????????????????????z???????????4????????????X??k???2????????N??k???q????D???????N??????-?????????nF0???????k??????????????????????????????????1c????X??????u???????s???????????????????????????k??? ???????h?j?k?k?k???k??????????????????????????????usbccgp??????g?j?j?j?k???j?????????????????
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                ????????????????????????USB\VID_05FE&PID_0011&REV_0000?USB\VID_05FE&PID_0011????system32\DRIVERS\asyncmac.sys???????????????????????ta????????4?????????p?????????????????????????R??????B?????n93??STORAGE\VolumeSnapshot????????N??????5?????n9A???????i??????????????????????????????tunnel???????????????????????????i???????????e??????????4.40.2.0?????u??????????????????GEN_SCSIADAPTER??y???????h??????#????????????5?????e??????P??????????????d???????d??????????????????????????ef??4-3-2007?????????????????????B??????C9?????~???~?????~???????????????????????h???????.??? r????????????5??????N??????l????D.76???????????????????????????-?D67??????? ??HID\VID_09DA&PID_8090&REV_0606&MI_01&Col02?HID\VID_09DA&PID_8090&MI_01&Col02?HID_DEVICE_SYSTEM_CONTROL?HID_DEVICE_UP:0001_U:0080?HID_DEVICE?????{dae20dad-a20b-11de-ab39-806e6f6e6963}??????{745a17a0-74d3-11d0-b6fe-00a0c90f57da}\0025??&??@hidserv.inf,%mfgname%;Microsoft????{dae20dad-a20b-11de-ab39-806e6f6e6963}???????????????????????????e???e???????????9?????s13??? 0??????8?
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                               ???n?|???????k??????????6.1.7600.16385??6.???k?????k?&???????????????????k?k?????????????n??or???? ??k??????????ms_l2tpminiport??1???k?k?????????k??????????Microsoft????k?k?k??STORAGE\Volume??????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??????*6to4mp??f???????k???a??pv???????????????2???????k???????????????2???k?k?????????????2???????????k??????????6.1.7600.16385??6.???k?k?????????????2????????(??k???o?? (??WAN Miniport (IPv6)??????k?k0F???????????????????????k??????????netrasa.inf??????k?kBa???????????2???2???????k??????????Ndi-Mp-Ipv6??????k??? ???????k?????k?????j?????????????????????C???????????????????s????? ???????k???????????j??????????Z????????????i?j?k?k?k?k?k?k?k?k?k???????0?????k?&??@netrasa.inf,%mp-bh-dispname%;WAN Miniport (Network Monitor)????? h??k???2?????2?2??8&8a4564c&0??7???????????????k???3??????????Nd???????????2???2???????k???????????????2???k?krs??????????????????????????????????? ???????k?????k?????j???????????????????????E?????????????????s????? ???????k???????????j?
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                            ???j?{???????v???j???k?k????{b09d5628-9ee1-11de-8820-806e6f6e6963}?D16??? ???l??????????????{4d36e965-e325-11ce-bfc1-08002be10318}\0000???????l??????:?gro???????u??? ???????k?????j?????j????????????&??????????????????????????????????j??? ???????j???????????j??????????\????????????????k???????????A?????s4F???????&?????j?&???????j???|???e???????????0???2???j??????????????????WUDFRd?war????N?????????????????? b??????????????????k??NDIS?E???k??LegacyDriver?g??? "??k?????????????????????????????s?????????????????k?????}?????????????k?????????????????????s?????????k??????s???????????????????????PEAUTH?l p???????????f?j?k?k?k?k?k?????????????k?&???????????.????????????X??k????????????N????????????????n?????????;??????s???NativeWifiP??????????z???k??{4d36e96a-e325-11ce-bfc1-08002be10318}?5?????????0??????s???? ???????????????? ???????"???&??????????????1??{00000000-0000-0000-ffff-ffffffffffff}?ryM????h??????0?g?0??usbvideo????????????????????????Ne???l?l?/???j?j?j?j?????????i?j?k?k?????????????????k??1394ohci???????
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                           ????????????????????????????????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}???????l?l?l?l?l?k?l?l?l??????????????????????????????????@netrasa.inf,%msft%;Microsoft????????????????e??text?????????????B??????????????????????????????Microsoft????????????u?????s?u???{??????s???? ???????????????????k????????"???x??????????????k?l?l?l?l?k?l???l???????????????d??? ???????????????????????????B???????d???????????????????????????????????2?????????????n\????????????????????????????????k???.??????????????????USB\Class_03&SubClass_01&Prot_02?USB\Class_03&SubClass_01?USB\Class_03??Sm??USB\VID_09DA&PID_8090&REV_0606&MI_01?USB\VID_09DA&PID_8090&MI_01?????????????????9???9??????????????co??Microsoft?????N??????d??????????{4d36e972-e325-11ce-bfc1-08002be10318}???i??????????? ???i?????????era???????????8???????v??????????????????HID_Inst????USB\Class_03&SubClass_01&Prot_01?USB\Class_03&SubClass_01?USB\Class_03??e\???????????.???????.???????????4??????????EF???????????}??De???????????p??6_???????????1?????s1.????*????
Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                          ???t?|???t?t?t?t?t?t?t????????????????????N??????~????????????X??????u???t??????????*6to4mp?-1???????????????|??? ???????o??????????????????????P????????????????????????????t??????????Bluetooth????????????????????\??????li???????d?????????????????t???t???????????????u?|??? ???????o???????????t?,????????D????????V?????????????????????????????????g?????????????e??an??? ???????o?????t?????t??????????N???????m????????????0???????????????4??ee???????????c???f???????B??????s????????????????????????????????????????????????????????????????????|???????????f???????f????$??t???F???????7???7??????????????????????????????? ???????????????????????????????????????????????????t??????????????6-21-2006???????p???? ???????t???????????t????????,?4??? ???????????Base?????t???t????????????????4??t??????????????????Vendor 8Product       16?????t??????????????????????????? ???????o?????t?????t????????$?b???????C?????$??t?????????e????@comres.dll,-2797?????@??t????????h?????%SystemRoot%\System32\msdtc.exe???????$??t?????????n????@co
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fcf407307 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fcf407307@0022981bdb66             0xAE 0x70 0x87 0x72 ...
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                     ???eP???? ???????f?????d???????????????????????????1????{4d36e97d-e325-11ce-bfc1-08002be10318}\0011?????????????????????????*6to4mp?????{4d36e97d-e325-11ce-bfc1-08002be10318}??????{4d36e97d-e325-11ce-bfc1-08002be10318}??????{00000000-0000-0000-ffff-ffffffffffff}?vic???????????????????????????h???0?????????n10???????s???i?|?|???f??????????????????????????? ???????e??????????????????????????????????? ???????e?????d???????1??L????????? ???????? ?????e?????????f?????????????f???f????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000??????$???f??????????????????????????{4d36e978-e325-11ce-bfc1-08
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                    ???i?????????{???k???|??????????????t???system32\DRIVERS\HDAudBus.sys?DAudBus.sys????????k????????????????????????????????????????????????????8??i????????h???????8??s????????h???????8??s????????????<??i????????h???????6??i?????????e??????$??o??????p???????m?????????????f??i?????????e????????????????t????????????????????i???|??NdisWan?????RpcSs??r?????????k??????p????????????????????????{???????????t?g32???????p??????p???Microsoft UAA Bus Driver for High Definition Audio??????system32\DRIVERS\hidusb.sys?\hidusb.sys???????V??i?????????e???????????????? ??????g????@%SystemRoot%\system32\drivers\http.sys,-1????????4??i????????h?????????????????????????????????????????????????????????????t????????{???????????:???????????????????V??00??Microsoft HID Class Driver???????????????????????????u????????????????????????????????????????P??i????????h?????\SystemRoot\system32\DRIVERS\HpSAMD.sys?A5???????i??????p???SCSI Miniport?????P??i???????????d??hpsamd.inf_x86_neutral_f4d0397ad0d9b1cc??????i?i?i?i?i?i?i?????????????g???
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                   ???s?s?????????????g?????????s???????e??*6to4mp??z???????s???0???2??@%SystemRoot%\system32\drivers\fvevol.sys,-100?????????s?s????T??????????????d???????????????????:???0??????????????????????t???????|N??@%SystemRoot%\system32\drivers\fltmgr.sys,-10000????????????????????????????????????t???????????????????????????? ???????o?????s?????s????????$???y????x??????P??s?????????e????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??s????????h?????%systemroot%\system32\fxssvc.exe????????????????t??????s?????s????????????????????????????????P??s?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????s???+????????@??s???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??s??????????????NT AUTHORITY\NetworkService???????,??s???+???????+???????????????????????????s??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s?????????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                ???g?s?????g????HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000?HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380????HdAudAddService???????N??g?????????D?????????|??????s???? ???????h?????????????-??????????????????????s?????? ???????h???????????????????????????????????g?g????????? ???????h?????????????1??L????????? ??????????????g???g???g????????? ???????g?????g???????1????????????&???????????????????????? ???????g?????g???????1????????????????????? ???????g???????????g?1????????T????????????????????:???:????T??g??????????Audio Device on High Definition Audio Bus??????g????? ???????g?????????????1????????????&????????????????????F??????????????? ???????g?????h???????1????????????????????? ???????g???????????g?1?????????????????????????????????????????g??????????hdaudio.inf:Microsoft.ntx86:HdAudModel:6.1.7600.16385::hdaudio\func_01???????g?g?g???????g??????????????IRQ:HAL??????g?g?g???????????6???????g?g????? ???????f?????g?????????????????????????0?????????????????????????????????????????????????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                               ???i?d???????2??????????????ms??Network???????N??i????????h??????????????0????????????6??i????????h???????\??i?????????n?????????????r??tO??@%systemroot%\system32\drivers\luafv.sys,-100????????????????????????????i??????????rdbss????????????i??????p???FSFilter Virtualization?????Extended base????????i??????????system32\drivers\modem.sys???????????????????p??\SystemRoot\system32\drivers\luafv.sys??????Network????????????????g???????????????g????@%systemroot%\system32\drivers\luafv.sys,-101???mrxsmb????????????????????????P??i?????????e?????v???i???????????????????????i??????p?????????????????????\??i?????????e?????????i???????????????i?????????e????????????????t?????????????????????????????????????R???????????????????P??i?????????e???????????????g?????????|???????|????8??i????????h????????????????g ?????????????????????<??s????????h???????????????????????X??p?????????e?????????????????????????????????????????/???????????i??????????????????????t????????d???????????????????????|?|?|???????2??????????????e??????
Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                              ???s?s????T??????????????d???????????????????:???0??????????????????????t???????|N??@%SystemRoot%\system32\drivers\fltmgr.sys,-10000????????????????????????????????????t???????????????????????????? ???????o?????s?????s????????$???y????x??????P??s?????????e????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??s????????h?????%systemroot%\system32\fxssvc.exe????????????????t??????s?????s????????????????????????????????P??s?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????s???+????????@??s???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??s??????????????NT AUTHORITY\NetworkService???????,??s???+???????+???????????????????????????s??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s???????????r?????????????????????????????????p?????????????(??????P??????????????????? ???????????????????????????? ???????o?????

---- EOF - GMER 1.0.15 ----
         
OSAM:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:14:48 on 15.08.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"lgLcdCpl" - "Logitech Inc." - C:\Program Files\Common Files\Logitech\LCD Manager\LgLcdCpl.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "ALWIL Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "ALWIL Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSP" (aswSP) - "ALWIL Software" - C:\Windows\system32\drivers\aswSP.sys
"ATI Service for HD Audio Codec" (AtiHdmiService) - "ATI Research Inc." - C:\Windows\System32\drivers\AtiHdmi.sys
"avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\Users\Checker\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\Windows\System32\drivers\dgderdrv.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"GMSIPCI" (GMSIPCI) - ? - D:\INSTALL\GMSIPCI.SYS  (File not found)
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys  (File not found)
"ntiomin" (ntiomin) - ? - C:\Windows\system32\drivers\ntiomin.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Eazel-DE Toolbar" - "Conduit Ltd." - C:\Program Files\Eazel-DE\tbEaze.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} "Eazel-DE Toolbar" - "Conduit Ltd." - C:\Program Files\Eazel-DE\tbEaze.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} "Eazel-DE Toolbar" - "Conduit Ltd." - C:\Program Files\Eazel-DE\tbEaze.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} "Eazel-DE Toolbar" - "Conduit Ltd." - C:\Program Files\Eazel-DE\tbEaze.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Checker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avast5" - "ALWIL Software" - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Launch LCDMon" - "Logitech Inc." - "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
"Launch LGDCore" - "Logitech Inc." - "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"YouCam Mirror Tray icon" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - ? - C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe  (File not found)
"avast! Antivirus" (avast! Antivirus) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"avast! Mail Scanner" (avast! Mail Scanner) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"avast! Web Scanner" (avast! Web Scanner) - "ALWIL Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Device Error Recovery Service" (dgdersvc) - "Devguru Co., Ltd." - C:\Windows\system32\dgdersvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe  (File not found)
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Alt 15.08.2010, 22:29   #10
merlo
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



bootkit remover:
Code:
ATTFilter
.\debug.cpp(238) : Debug log started at 15.08.2010 - 20:18:59
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x83009000 0x00400000 "\SystemRoot\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x83409000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80ba3000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8bc20000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8bc98000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8bca9000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x8bcb1000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x8bcf3000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8bd9e000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8be0f000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8be1d000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x8be65000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0x8be6e000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x8be76000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x8bea0000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x8beab000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x8bebc000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x8becc000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8bf17000 0x00007000 "\SystemRoot\system32\DRIVERS\pciide.sys"
.\debug.cpp(256) : 0x8bf1e000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8bf2c000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8bf42000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x8bf4b000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x8bf6e000 0x00025000 "\SystemRoot\system32\DRIVERS\nvstor.sys"
.\debug.cpp(256) : 0x8bf93000 0x00047000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x8bfda000 0x0001d000 "\SystemRoot\system32\DRIVERS\nvstor32.sys"
.\debug.cpp(256) : 0x8bff7000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x8bc00000 0x0000a000 "\SystemRoot\system32\DRIVERS\msahci.sys"
.\debug.cpp(256) : 0x8c00f000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8c043000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8c054000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8c183000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8c1ae000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8c1c1000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x8c21e000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8c22c000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8c235000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8c2ec000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8c32a000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8c43d000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8c586000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8c5b7000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x8c5c0000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x8c5ff000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8c607000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8c634000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8c644000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8c64c000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8c67e000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8c68f000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8c6f9000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8c718000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8c71f000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8c726000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8c732000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8c753000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8c760000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8c768000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8c770000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x8c778000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8c783000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8c791000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8c7a8000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8c7b3000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
.\debug.cpp(256) : 0x8c34f000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8c7bd000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"
.\debug.cpp(256) : 0x8c7c2000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8c7f4000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x8c400000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8c41f000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x8c3a9000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8c3b7000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x8c3d1000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x8c3e4000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x92401000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x92442000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x9244c000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x92456000 0x00005000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys"
.\debug.cpp(256) : 0x9245b000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x92467000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x924cb000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x924e3000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x924f1000 0x00027000 "\SystemRoot\System32\Drivers\aswSP.SYS"
.\debug.cpp(256) : 0x92518000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x92539000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x93032000 0x00515000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x93547000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x935fe000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x93637000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x93656000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x93660000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x9366a000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x936b5000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x936c4000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x936ca000 0x0002c000 "\SystemRoot\system32\DRIVERS\1394ohci.sys"
.\debug.cpp(256) : 0x936f6000 0x000fb000 "\SystemRoot\system32\DRIVERS\nvmfdx32.sys"
.\debug.cpp(256) : 0x937f1000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x93000000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x93012000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x9254b000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x92556000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x92578000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x92590000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x925a7000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x925be000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x925c8000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x925d5000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x925e2000 0x0000b000 "\SystemRoot\system32\DRIVERS\VClone.sys"
.\debug.cpp(256) : 0x925ed000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0x9302a000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x92613000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x92647000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x92655000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x92699000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x926aa000 0x0001c000 "\SystemRoot\system32\drivers\AtiHdmi.sys"
.\debug.cpp(256) : 0x926c6000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x926f5000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x9270e000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x95d70000 0x0024a000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x9275e000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x92768000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x92775000 0x0000a000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"
.\debug.cpp(256) : 0x9277f000 0x0001d000 "\SystemRoot\System32\Drivers\dump_nvstor32.sys"
.\debug.cpp(256) : 0x9279c000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x927ad000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x927b8000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x927cb000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x9302c000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x927d2000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x927dd000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x8c6b4000 0x00024000 "\SystemRoot\System32\Drivers\usbvideo.sys"
.\debug.cpp(256) : 0x8c6d8000 0x00014000 "\SystemRoot\system32\drivers\usbaudio.sys"
.\debug.cpp(256) : 0x927f4000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x95fd0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x8c6ec000 0x0000c000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x91816000 0x000a9000 "\SystemRoot\system32\DRIVERS\netr28u.sys"
.\debug.cpp(256) : 0x918bf000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x95c00000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x918c9000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x918e4000 0x00017000 "\??\C:\Windows\system32\drivers\aswMonFlt.sys"
.\debug.cpp(256) : 0x918fb000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
.\debug.cpp(256) : 0x918fe000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x91918000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x91928000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x9196e000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x9197e000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x91991000 0x00009000 "\SystemRoot\system32\DRIVERS\vwifimp.sys"
.\debug.cpp(256) : 0x9199a000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x91a1f000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x91a38000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x91a4a000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x91a6d000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x91aa8000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x91adb000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x91b72000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x91b7c000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x91b9d000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x91baa000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xa203b000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa208c000 0x0006a000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0xa20f6000 0x00003000 "\SystemRoot\System32\drivers\dgderdrv.sys"
.\debug.cpp(256) : 0xa20f9000 0x00009000 "\??\C:\Windows\system32\FsUsbExDisk.SYS"
.\debug.cpp(256) : 0x77510000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x47af0000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77750000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00500000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x77720000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x77700000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x768c0000 0x00c49000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x77650000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x767c0000 0x000f4000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x766f0000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x76620000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x76590000 0x00083000 "\Windows\System32\clbcatq.dll"
.\debug.cpp(256) : 0x76580000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x76380000 0x001f9000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x762f0000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x762a0000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x76290000 0x00006000 "\Windows\System32\nsi.dll"
.\debug.cpp(256) : 0x76280000 0x00005000 "\Windows\System32\psapi.dll"
.\debug.cpp(256) : 0x76240000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x760a0000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x75fc0000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(256) : 0x75f40000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x75ea0000 0x000a0000 "\Windows\System32\advapi32.dll"
.\debug.cpp(256) : 0x75e90000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x75e60000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x75e00000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x75db0000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x75d50000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x75cb0000 0x0009d000 "\Windows\System32\usp10.dll"
.\debug.cpp(256) : 0x75b70000 0x00135000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x75a10000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x75960000 0x000a1000 "\Windows\System32\rpcrt4.dll"
.\debug.cpp(256) : 0x75930000 0x00027000 "\Windows\System32\cfgmgr32.dll"
.\debug.cpp(256) : 0x758a0000 0x00084000 "\Windows\System32\comctl32.dll"
.\debug.cpp(256) : 0x75850000 0x0004a000 "\Windows\System32\KernelBase.dll"
.\debug.cpp(256) : 0x75820000 0x0002d000 "\Windows\System32\wintrust.dll"
.\debug.cpp(256) : 0x75800000 0x00012000 "\Windows\System32\devobj.dll"
.\debug.cpp(256) : 0x756e0000 0x0011c000 "\Windows\System32\crypt32.dll"
.\debug.cpp(256) : 0x756d0000 0x0000c000 "\Windows\System32\msasn1.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :              Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) :              Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000a1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000007e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F22E3676-C3D9-4F5F-9448-CE68E5AC31B9}"
.\debug.cpp(400) :              Destination="\Device\NDMP58"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{15A8A551-45F7-4BDD-9C2A-BFFF9A69F52D}"
.\debug.cpp(400) :              Destination="\Device\NDMP17"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :              Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) :              Destination="\Device\AgileVPN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
.\debug.cpp(400) :              Destination="\Device\aswSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1737&PID_0078#5&2f211ca2&0&4#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\000000a1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000a1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :              Destination="\Device\00000086"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000007f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0055#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0049#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000032"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{17360253-ABEE-47B5-99FD-172F0DC081A9}"
.\debug.cpp(400) :              Destination="\Device\NDMP32"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0010#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000000b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :              Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
.\debug.cpp(400) :              Destination="\Device\aswSP_Pot2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9460&SUBSYS_22811787&REV_00#6&f1a4052&0&00000018#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0054#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0048#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000031"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6E9E7229-F8E5-4ABB-99BE-7C32383A21FC}"
.\debug.cpp(400) :              Destination="\Device\NDMP45"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6DBB1572-8D4C-4D8E-8F6F-AE3B73BF09AB}"
.\debug.cpp(400) :              Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :              Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AOC2436#7&1cc65386&0&UID257#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) :              Destination="\Device\000000aa"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :              Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0269&SUBSYS_73801462&REV_A3#3&267a616a&0&A0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0032"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) :              Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{bd16566a-9c03-11de-a242-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) :              Destination="\Device\RaidPort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) :              Destination="\Device\ProcessManagement"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :              Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Pentium(R)_Dual-Core__CPU______E5200__@_2.50GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SCSIADAPTER#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000085"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) :              Destination="\Device\NDMP65"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7AA75853-16BD-4B43-AB08-CC32E470473E}"
.\debug.cpp(400) :              Destination="\Device\NDMP53"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0051#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0045#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000002e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0038#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000027"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#6&2d40158d&0&02#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\000000b3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) :              Destination="\Device\Video5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_A147#5&2f211ca2&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000086"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0269&SUBSYS_73801462&REV_A3#3&267a616a&0&A0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0032"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0053#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CD4AF054-2B64-48DF-81F4-98094D1EC0F8}"
.\debug.cpp(400) :              Destination="\Device\NDMP50"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0047#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000030"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2ca29051&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde0Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C221&MI_00#8&15d37ad7&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000ae"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C221#6&d1d0be2&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_A147&MI_00#6&20ff1770&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000a8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026D&SUBSYS_73801462&REV_A3#3&267a616a&0&58#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0025"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{20A18528-1B1C-46AA-986D-1E6540722D6A}"
.\debug.cpp(400) :              Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{082B5A48-5B4E-4010-ADBA-D6356892858D}"
.\debug.cpp(400) :              Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) :              Destination="\Device\RaidPort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :              Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) :              Destination="\Device\TeredoTun"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) :              Destination="\Device\SPDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) :              Destination="\Device\000000a3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :              Destination="\Device\000000a1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) :              Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0053#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{53A93108-4362-490F-BADE-1A5CB040608E}"
.\debug.cpp(400) :              Destination="\Device\NDMP49"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0047#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000030"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{15565554-A714-46D6-972D-239798D3AED9}"
.\debug.cpp(400) :              Destination="\Device\NDMP26"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{007B49BC-9B9F-4281-B4A7-1F39B0BDCB14}"
.\debug.cpp(400) :              Destination="\Device\NDMP24"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{bd16566a-9c03-11de-a242-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) :              Destination="\Device\PEAuth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1737&PID_0078#5&2f211ca2&0&4#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AOC2436#7&1cc65386&0&UID257#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) :              Destination="\Device\000000aa"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0055#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0052#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000035"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0049#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000032"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0046#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000002f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0039#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000028"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0032#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0026#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000001b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0019#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000014"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A9462A69-9807-463F-BACB-F089D1741401}"
.\debug.cpp(400) :              Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :              Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) :              Destination="\Device\vwififlt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3350826a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{775F7CAF-6944-458C-970E-E63EAFE355A0}"
.\debug.cpp(400) :              Destination="\Device\NDMP60"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B96E9924-5B92-4E79-A97F-E3CA5F2DB388}"
.\debug.cpp(400) :              Destination="\Device\NDMP54"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{272B9683-0CF6-4B08-8A7A-0C93EE55E948}"
.\debug.cpp(400) :              Destination="\Device\NDMP39"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0012#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000000d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C3E004A7-85C1-418A-B838-EAC9DCD6DCF5}"
.\debug.cpp(400) :              Destination="\Device\NDMP15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0998F1C7-F1A0-46F8-8780-A086AAFC745C}"
.\debug.cpp(400) :              Destination="\Device\NDMP8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&27dc142e&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde1Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\000000b6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_380D1462&REV_C0#4&5505873&0&4880#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0035"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000086"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0058#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :              Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :              Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) :              Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0267&SUBSYS_73801462&REV_A1#3&267a616a&0&78#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0029"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi6:"
.\debug.cpp(400) :              Destination="\Device\Scsi\VClone1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :              Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
.\debug.cpp(400) :              Destination="\Device\ASWTDI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :              Destination="\Device\000000a3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) :              Destination="\Device\NDMP71"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9413117A-E12A-447A-8621-ED660CD626C3}"
.\debug.cpp(400) :              Destination="\Device\NDMP28"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0023#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0016#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :              Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FsUsbExDisk"
.\debug.cpp(400) :              Destination="\Device\FsUsbExDisk"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C222&Col01#7&c87ec2a&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\000000b1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :              Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0054#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0050#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000033"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0048#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000031"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0044#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000002d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0037#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000026"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A8D100D9-9A69-4EAF-A333-49C127C10914}"
.\debug.cpp(400) :              Destination="\Device\NDMP36"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0030#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000001f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0024#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BEBB11BE-6D00-4550-B267-4D255D26903F}"
.\debug.cpp(400) :              Destination="\Device\NDMP25"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0017#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) :              Destination="\Device\00000088"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :              Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C221&MI_00#8&15d37ad7&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\000000ae"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F27DD3BD-6289-4F9F-8A0E-B153DF04F66A}"
.\debug.cpp(400) :              Destination="\Device\NDMP73"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000086"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000086"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0056#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C13894C5-B6C4-4DD0-8EEC-7B3E2DEBC13C}"
.\debug.cpp(400) :              Destination="\Device\NDMP23"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9A9008F3-5855-45F4-AEA7-4C2E74E15F90}"
.\debug.cpp(400) :              Destination="\Device\NDMP19"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{24E738E9-8055-448C-A0F6-D2FFE250F3CF}"
.\debug.cpp(400) :              Destination="\Device\NDMP16"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0011#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000000c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :              Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000090"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\00000087"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C221&MI_01&Col01#8&39aab899&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000af"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\dgderdrv"
.\debug.cpp(400) :              Destination="\Device\dgderdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) :              Destination="\Device\IPSECDOSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_05FE&PID_0011#6&1998a304&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\000000a5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000086"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026E&SUBSYS_73801462&REV_A3#3&267a616a&0&59#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0026"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :              Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000089"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :              Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{06B5D5E2-A5DE-4CE6-8E9B-4C32275BC700}"
.\debug.cpp(400) :              Destination="\Device\NDMP64"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0051#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0045#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0038#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000027"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C61B5B2A-B80F-482E-81C0-18A1C83D4920}"
.\debug.cpp(400) :              Destination="\Device\NDMP18"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000008f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) :              Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000081"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\00000096"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0059#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{132E67E6-5520-433D-9D4E-3BAD2CEF087A}"
.\debug.cpp(400) :              Destination="\Device\NDMP29"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0011#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000000c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B5A21D3D-F894-4484-91FC-C7E07508FE7A}"
.\debug.cpp(400) :              Destination="\Device\NDMP6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5FC7276E-CED1-4E7E-B0F4-BF9313825867}"
.\debug.cpp(400) :              Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) :              Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C222#6&d1d0be2&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\000000a3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0040#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000029"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0033#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EC549976-EF1D-4291-ADD7-E81F5BAD4851}"
.\debug.cpp(400) :              Destination="\Device\NDMP30"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0027#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000001c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bd16566d-9c03-11de-a242-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C222&Col02#7&c87ec2a&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000b2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C221&MI_01&Col02#8&39aab899&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000b0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F24763B3-11EB-45F5-AB64-1C917B1E6BF9}"
.\debug.cpp(400) :              Destination="\Device\NDMP59"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0056#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0042#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0040#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000029"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0035#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000024"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0033#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0029#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000001e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0027#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000001c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5BF1B8E8-014B-4827-BB83-30CF9FAA309F}"
.\debug.cpp(400) :              Destination="\Device\NDMP22"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aeb876c8-7083-11df-a6d1-de2e48ea14b0}"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\000000b6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_A147&MI_00#6&20ff1770&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000a8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_05FE&PID_0011#5&36872450&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E169385C-A32F-4165-9666-24A38C06F833}"
.\debug.cpp(400) :              Destination="\Device\NDMP55"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0042#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000002b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0035#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000024"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AA35FD99-3BA3-497B-ADD0-ABDB27C90F54}"
.\debug.cpp(400) :              Destination="\Device\NDMP35"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0029#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000001e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bd16566e-9c03-11de-a242-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000a3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{51250B99-9753-4A40-8614-E985AA29D3BF}"
.\debug.cpp(400) :              Destination="\Device\NDMP75"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) :              Destination="\Device\nativewifip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) :              Destination="\Device\NDMP72"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000007f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000096"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0057#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0052#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000035"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0046#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0039#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000028"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3BBDB426-6738-4C29-A0CF-FD8A2C25D13F}"
.\debug.cpp(400) :              Destination="\Device\NDMP21"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0266&SUBSYS_73801462&REV_A1#3&267a616a&0&70#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0028"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000a3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000081"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0058#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2627D11A-ADF4-4740-9DAD-F81E092FE36F}"
.\debug.cpp(400) :              Destination="\Device\NDMP37"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0010#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000000b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :              Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{22AB14DD-0486-4BAF-91BC-4656F20A87CE}"
.\debug.cpp(400) :              Destination="\Device\NDMP40"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_05FE&PID_0011#6&1998a304&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000a5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9460&SUBSYS_22811787&REV_00#6&f1a4052&0&00000018#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FD983443-D603-4576-9E2C-6E20415DCBC4}"
.\debug.cpp(400) :              Destination="\Device\NDMP61"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9DE3CFB1-90B3-47A3-9137-0EE722DD395D}"
.\debug.cpp(400) :              Destination="\Device\NDMP48"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0031#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0025#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000001a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0022#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0018#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0015#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FDB02492-42F9-444A-9BF0-7F9DEEA96625}"
.\debug.cpp(400) :              Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0009#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000000a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :              Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) :              Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) :              Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMonFltProxy"
.\debug.cpp(400) :              Destination="\Device\aswMonFltProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
.\debug.cpp(400) :              Destination="\Device\USNTracker"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) :              Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) :              Destination="\Device\NDMP66"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6327947D-2708-4224-BBDE-C6A3DDA7E680}"
.\debug.cpp(400) :              Destination="\Device\NDMP34"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0021#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0014#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000000f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0008#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bd165671-9c03-11de-a242-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C222&Col01#7&c87ec2a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\000000b1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) :              Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) :              Destination="\Device\WwanProt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{dba43692-ad00-48aa-b1a7-ffa99a04ee17}"
.\debug.cpp(400) :              Destination="\Device\000000a1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000086"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :              Destination="\Device\NDMP68"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0021#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000000f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{74E58A8E-2A9D-4FA2-A12F-9A6C15458750}"
.\debug.cpp(400) :              Destination="\Device\NDMP14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0008#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :              Destination="\Device\000000a3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO"
.\debug.cpp(400) :              Destination="\Device\ElbyCDIO"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CEE16913-7550-42B1-969D-158D3C0F126F}"
.\debug.cpp(400) :              Destination="\Device\NDMP57"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0043#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000002c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0036#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000025"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0023#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0016#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) :              Destination="\Device\WANARPV6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\000000b4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1737&PID_0078#5&2f211ca2&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_A147&MI_02#6&20ff1770&0&0002#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000a9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D94A6501-1F19-45F3-9BAF-546B8A5D2472}"
.\debug.cpp(400) :              Destination="\Device\NDMP38"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0032#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0030#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000001f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9F4A320F-7792-4D60-89E0-20F8BFFAE5C6}"
.\debug.cpp(400) :              Destination="\Device\NDMP31"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0026#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000001b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0024#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0019#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000014"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0017#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2B689579-912D-42C0-97F6-F2DA86B6254E}"
.\debug.cpp(400) :              Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) :              Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C223#5&36872450&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000086"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{00195E13-CE28-4148-93AF-4877AF17E0E3}"
.\debug.cpp(400) :              Destination="\Device\NDMP51"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5C191F49-459F-4887-AF12-655E1311230A}"
.\debug.cpp(400) :              Destination="\Device\NDMP42"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_TSSTcorp&Prod_DVD-ROM_SH-D163B#4&1818301d&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\0000009c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\VClone1Port6Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_TSSTcorp&Prod_DVD-ROM_SH-D163B#4&1818301d&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\0000009c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :              Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) :              Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Pentium(R)_Dual-Core__CPU______E5200__@_2.50GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\0000008b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) :              Destination="\Device\NDMP67"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7BE26E56-6CDA-44B4-B649-AD7E35C6AC8A}"
.\debug.cpp(400) :              Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) :              Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#6&2d40158d&0&02#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\000000b3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0059#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{093711DB-0864-49BB-8B64-876B25A0DB59}"
.\debug.cpp(400) :              Destination="\Device\NDMP56"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{271FED14-0E23-41DC-9946-12C62ED91896}"
.\debug.cpp(400) :              Destination="\Device\NDMP43"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7CD95D36-35B3-4FD3-86F8-16F258E49E40}"
.\debug.cpp(400) :              Destination="\Device\NDMP41"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0012#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000000d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{15728B78-0BD5-42CD-9BD3-8B6549F5379A}"
.\debug.cpp(400) :              Destination="\Device\NDMP7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\VClone1Port6Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1737&PID_0078#5&2f211ca2&0&4#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627380&REV_1000#4&652f933&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000a3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1de139f7&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0057#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0050#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000033"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0301C0AD-8EFA-483B-A549-C9D8D320F7C3}"
.\debug.cpp(400) :              Destination="\Device\NDMP52"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0044#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{88A9DD40-5BC1-48EB-AD55-DFD831B9E624}"
.\debug.cpp(400) :              Destination="\Device\NDMP44"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0041#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000002a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0037#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000026"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0034#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000023"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0028#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000001d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
.\debug.cpp(400) :              Destination="\Device\aswSP_Avar"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
.\debug.cpp(400) :              Destination="\Device\ASWRDR"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#7&d874627&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000a1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_A147&MI_02#6&20ff1770&0&0002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\000000a9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) :              Destination="\Device\NDMP70"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) :              Destination="\Device\NDMP69"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8459C3B7-7334-4051-9C00-1D390C089C88}"
.\debug.cpp(400) :              Destination="\Device\NDMP33"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0020#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0013#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000000e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0007#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :              Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :              Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2ca29051&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde0Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :              Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) :              Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :              Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000084"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0043#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0036#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000025"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C9C8609C-9A48-4D40-AEF0-9D0423BAB153}"
.\debug.cpp(400) :              Destination="\Device\NDMP27"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0022#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0015#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0009#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000000a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4B65D5B1-8B5F-4470-A826-988E433E6B5D}"
.\debug.cpp(400) :              Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :              Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) :              Destination="\Device\00000088"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_Hitachi&Prod_HDP725050GLA#4&1818301d&0&010100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\0000009d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) :              Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CD8B1565-5AC1-4F28-A985-164BC52E5DBD}"
.\debug.cpp(400) :              Destination="\Device\NDMP74"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{50B4070F-B7B6-4D0E-AA44-9DBDB01CADDB}"
.\debug.cpp(400) :              Destination="\Device\NDMP46"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0020#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D9F98570-93C2-4867-A616-68904A7877BE}"
.\debug.cpp(400) :              Destination="\Device\NDMP20"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0013#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000000e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0007#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000007e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E041724E-FA4C-435D-991E-1EFD9297B827}"
.\debug.cpp(400) :              Destination="\Device\NDMP63"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1EB3B095-9CE7-4C1E-82A0-AD76F53FEC5A}"
.\debug.cpp(400) :              Destination="\Device\NDMP47"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0041#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0034#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000023"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0031#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0028#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000001d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0025#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000001a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0018#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1545CC03-5036-4D9A-B6E3-8E852EBDE597}"
.\debug.cpp(400) :              Destination="\Device\NDMP3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&27dc142e&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde1Channel1"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
.\boot_cleaner.cpp(424) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
.\boot_cleaner.cpp(1151) : 
.\boot_cleaner.cpp(1152) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1153) :  --------------------------------------------
.\boot_cleaner.cpp(1197) :    465 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) : 
.\boot_cleaner.cpp(1242) : Done;
         

Alt 15.08.2010, 22:42   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.08.2010, 00:44   #12
merlo
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Malwarebyte ist widermal in der 16. Minute abgestürzt.
Ich habe es dann im abgesicherten Modus durchlaufen lassen.
Hier die Logs:

Malwarebyte:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4428

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

15.08.2010 23:35:08
mbam-log-2010-08-15 (23-35-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 259104
Laufzeit: 25 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
SASW:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/16/2010 at 00:38 AM

Application Version : 4.41.1000

Core Rules Database Version : 5360
Trace Rules Database Version: 3172

Scan type       : Complete Scan
Total Scan Time : 00:54:10

Memory items scanned      : 809
Memory threats detected   : 0
Registry items scanned    : 9994
Registry threats detected : 0
File items scanned        : 122219
File threats detected     : 2

Adware.Tracking Cookie
	C:\Users\Checker\AppData\Roaming\Microsoft\Windows\Cookies\checker@atdmt[3].txt
	C:\Users\Checker\AppData\Roaming\Microsoft\Windows\Cookies\checker@doubleclick[2].txt
         

Alt 16.08.2010, 08:52   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.08.2010, 11:38   #14
merlo
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Nein, die Meldung von Avast taucht nicht mehr auf.
War das ganze nur eine Fehlermeldung von Avast oder wurde der Virus entfernt?

Alt 16.08.2010, 11:41   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Standard

Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?



Gut, dann wären wir durch - bitte die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?
adobe, alternate, antivirus, avast!, bho, bonjour, browser, combofix, components, conduit, corp./icp, defender, error, excel, fehler, firefox, flash player, fontcache, format, helper, install.exe, jucheck.exe, langs, langsam, launch, location, logfile, media center, microsoft office word, mozilla, nvstor.sys, object, office 2007, oldtimer, problem, programdata, registry, required, rundll, saver, searchplugins, security, security update, senden, shell32.dll, sicherheit, software, start menu, taskhost.exe, vlc media player, webcheck



Ähnliche Themen: Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?


  1. Avast meldet alle 15 minuten URL:Mal Infektion
    Plagegeister aller Art und deren Bekämpfung - 28.06.2014 (9)
  2. Internetabbrüche alle 5-6 Minuten ( regelmäßig)
    Alles rund um Windows - 18.12.2013 (5)
  3. Win 8 friert für 5-20 Sekunden ein (ca alle 10 Minuten)
    Alles rund um Windows - 22.08.2013 (0)
  4. fehlermeldungs sound alle paar minuten
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (5)
  5. CPU-Auslastung steigt alle 5 Minuten auf 100%
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (33)
  6. Internet geht ca alle 10 minuten aus
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (19)
  7. CPU-Auslastung alle 10 Minuten auf fast 100%
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (26)
  8. avast - bösartige website, Objekt: "newporto.cn/cgi-bin/options.cgi?"
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (1)
  9. Internet bricht alle ca5 minuten ab
    Netzwerk und Hardware - 08.06.2010 (0)
  10. Pc Stürzt alle 10 Minuten ab
    Plagegeister aller Art und deren Bekämpfung - 06.06.2010 (1)
  11. Computer stürzt alle 10-14 Minuten ab
    Plagegeister aller Art und deren Bekämpfung - 17.02.2010 (5)
  12. unbekannte Druckaufträge alle 2 Minuten
    Plagegeister aller Art und deren Bekämpfung - 31.03.2009 (3)
  13. internet reist alle 5 Minuten ab
    Netzwerk und Hardware - 13.02.2009 (16)
  14. PC lagt alle 2-10 Minuten bei Spielen
    Log-Analyse und Auswertung - 08.09.2008 (1)
  15. CPU 100% alle 3 Minuten
    Log-Analyse und Auswertung - 31.07.2008 (6)
  16. Alle 20 Minuten Startet der PC neu
    Mülltonne - 20.05.2007 (3)
  17. XP macht ca alle 160 Minuten ungewollten Neustart
    Alles rund um Windows - 28.01.2006 (2)

Zum Thema Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? - Hallo Leute Ich bekomme seit heute Vormittag alle 2-3 Minuten von Avast die Meldung: BÖSARTIGE WEBSEITE BLOCKIERT Objekt: newporto.cn/cgi-bin/options.cgi? Infektion: URL:Mal Aktion: Blockiert Prozess: C:\Program Files\Mozilla Firefox\ firefox.exe Eine Bedrohung - Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi?...
Archiv
Du betrachtest: Avast alle 2 Minuten - newporto.cn/cgi-bin/options.cgi? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.