| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.09.2010, 10:52
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.09.2010, 12:17
| #17 |
 | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe Hallo Arne,
__________________hab die OSAM scann results durchgesehen und alle unknown gecheckt bis auf die tdjzasdk.dll sind es alles Trelber fuer Label-Drucker oder progs for RIM Blackberry. OSAM log OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 12:59:24 on 24.09.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Bioscrypt Inc." - F:\WINDOWS\system32\APSHook.dll [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - F:\WINDOWS\system32\OODBS.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "accelerometercp.CPL" - "Hewlett-Packard Corporation" - F:\WINDOWS\system32\accelerometercp.CPL "cttune.cpl" - ? - F:\WINDOWS\system32\cttune.cpl "infocardcpl.cpl" - "Microsoft Corporation" - F:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "Macrovision Corporation" - F:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - F:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvtuicpl.cpl "QuickTime.cpl" - "Apple Computer, Inc." - F:\WINDOWS\system32\QuickTime.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Accelerometer" - "Hewlett-Packard Corporation" - F:\WINDOWS\system32\accelerometercp.cpl "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - F:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "CognizanceWS" - "Cognizance Corporation" - F:\PROGRA~1\HEWLET~1\IAM\Bin\Settings.dll "PTHOST.CPL" - " Hewlett-Packard Development Company, L.P" - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOST.CPL "QlbConfig" - " Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbConfg.cpl "SMAX4CP" - "Analog Devices, Inc." - F:\Program Files\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - F:\Cofi\catchme.sys (File not found) "Cdr4_xp" (Cdr4_xp) - "Sonic Solutions" - F:\WINDOWS\system32\drivers\Cdr4_xp.sys "Cdralw2k" (Cdralw2k) - "Sonic Solutions" - F:\WINDOWS\system32\drivers\Cdralw2k.sys "Changer" (Changer) - ? - F:\WINDOWS\system32\drivers\Changer.sys (File not found) "Conexant Setup API" (UIUSys) - ? - F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS (File not found) "i2omgmt" (i2omgmt) - ? - F:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - F:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - F:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - F:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - F:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - F:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - F:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - F:\WINDOWS\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASENUM.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\ssmdrv.sys "tdjzasdk" (tdjzasdk) - "MHcwcUpSHNOlv4VJ" - F:\WINDOWS\system32\drivers\tdjzasdk.sys (Hidden file | Hidden registry entry, rootkit activity) "WDICA" (WDICA) - ? - F:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - f:\WINDOWS\system32\Rundll32.exe f:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - F:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - F:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? - deskpan.dll (File not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? - (File not found | COM-object registry key not found) {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - F:\Program Files\Microsoft Office\OFFICE11\msohev.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\shlext.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - f:\WINDOWS\system32\dfshim.dll {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - f:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - F:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - F:\Program Files\WinRAR\rarext.dll {ABE00001-0123-ABED-1248-0248ADFA1909} "Zoom Player ShellExt" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {A3256902-51FA-45A0-8A97-FC1143C169D9} "Diagnostics ActiveX WebControl" - "Microsoft Corporation" - F:\WINDOWS\Downloaded Program Files\DiagWAPI.dll / hxxp://support.microsoft.com/mats/DiagWebControl.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} "TeamOn Import Object" - "TeamOn Systems, Inc. " - F:\WINDOWS\Downloaded Program Files\TOImport.dll / https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DF21F1DB-80C6-11D3-9483-B03D0EC10000} "Credential Manager for HP ProtectTools" - "Bioscrypt Inc." - F:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Start Menu\Programs\Startup )----- "desktop.ini" - ? - F:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -----( %UserProfile%\Start Menu\Programs\Startup )----- "desktop.ini" - ? - F:\Documents and Settings\xxxxx\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ISUSPM" - "Macrovision Corporation" - "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CognizanceTS" - "Cognizance Corporation" - rundll32.exe F:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule "IAAnotif" - "Intel Corporation" - F:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "IntelZeroConfig" - "Intel Corporation" - "F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" "nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet /nodetect "PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start "QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Broadcom 802.11 Wireless LAN Adapter Logon Provider" - "Broadcom Corporation" - F:\WINDOWS\System32\BCMLogon.dll "Credential Manager" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "IntelNetProvCredMan" - ? - c:\windows\system32\netprovcredman.dll (File not found) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Argox Language Monitor" - ? - F:\WINDOWS\system32\argomon.dll (File found, but it contains no detailed information) "CutePDF Writer Monitor" - ? - F:\WINDOWS\system32\cpwmon2k.dll (File found, but it contains no detailed information) "Seagull Network Monitor" - "Seagull Scientific, Inc." - F:\WINDOWS\system32\ssnetmon.dll "Seiko SLP Monitor" - "Seiko Instruments USA, Inc." - F:\WINDOWS\system32\SLPMON.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\sched.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMon) - "Intel Corporation" - F:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\jqs.exe "Local Communication Channel" (ASChannel) - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll "Logon Session Broker" (ASBroker) - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "MSSQL$UPSWSDBSERVER" (MSSQL$UPSWSDBSERVER) - "Microsoft Corporation" - F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe "MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - F:\WINDOWS\system32\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Security Platform Management Service" (IFXSpMgtSrv) - "Infineon Technologies AG" - F:\WINDOWS\system32\IFXSPMGT.exe "SLPMONX" (SLPMONX) - "ProdEx Technologies" - F:\WINDOWS\system32\slpservice.exe "SQLAgent$UPSWSDBSERVER" (SQLAgent$UPSWSDBSERVER) - "Microsoft Corporation" - F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE "Trusted Platform Core Service" (IFXTCS) - "Infineon Technologies AG" - F:\WINDOWS\system32\IFXTCS.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WMDM PMSP Service" (WMDM PMSP Service) - "Microsoft Corporation" - F:\WINDOWS\system32\MsPMSPSv.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll "IfxWlxEN" - "Infineon Technologies AG" - F:\WINDOWS\system32\IfxWlxEN.dll "OneCard" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "WgaLogon" - "Microsoft Corporation" - F:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru bootkit remover log .\debug.cpp(238) : Debug log started at 24.09.2010 - 11:06:13 .\boot_cleaner.cpp(527) : Bootkit Remover .\boot_cleaner.cpp(528) : (c) 2009 eSage Lab .\boot_cleaner.cpp(529) : www.esagelab.com .\boot_cleaner.cpp(533) : Program version: 1.2.0.0 .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600) .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe" .\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll" .\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL" .\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll" .\debug.cpp(256) : 0xf7358000 0x0002e000 "ACPI.sys" .\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS" .\debug.cpp(256) : 0xf7347000 0x00011000 "pci.sys" .\debug.cpp(256) : 0xf7487000 0x0000a000 "isapnp.sys" .\debug.cpp(256) : 0xf72bd000 0x0008a000 "tdjzasdk.sys" .\debug.cpp(256) : 0xf789b000 0x00003000 "compbatt.sys" .\debug.cpp(256) : 0xf789f000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys" .\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS" .\debug.cpp(256) : 0xf729f000 0x0001e000 "pcmcia.sys" .\debug.cpp(256) : 0xf7497000 0x0000b000 "MountMgr.sys" .\debug.cpp(256) : 0xf7280000 0x0001f000 "ftdisk.sys" .\debug.cpp(256) : 0xf798b000 0x00002000 "dmload.sys" .\debug.cpp(256) : 0xf725a000 0x00026000 "dmio.sys" .\debug.cpp(256) : 0xf78a3000 0x00003000 "ACPIEC.sys" .\debug.cpp(256) : 0xf7a50000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS" .\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys" .\debug.cpp(256) : 0xf74a7000 0x0000d000 "VolSnap.sys" .\debug.cpp(256) : 0xf7242000 0x00018000 "atapi.sys" .\debug.cpp(256) : 0xf716c000 0x000d6000 "iaStor.sys" .\debug.cpp(256) : 0xf74b7000 0x00009000 "disk.sys" .\debug.cpp(256) : 0xf74c7000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS" .\debug.cpp(256) : 0xf714c000 0x00020000 "fltmgr.sys" .\debug.cpp(256) : 0xf713a000 0x00012000 "sr.sys" .\debug.cpp(256) : 0xf74d7000 0x0000a000 "PxHelp20.sys" .\debug.cpp(256) : 0xf7123000 0x00017000 "KSecDD.sys" .\debug.cpp(256) : 0xf7096000 0x0008d000 "Ntfs.sys" .\debug.cpp(256) : 0xf7069000 0x0002d000 "NDIS.sys" .\debug.cpp(256) : 0xf74e7000 0x00010000 "ohci1394.sys" .\debug.cpp(256) : 0xf74f7000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS" .\debug.cpp(256) : 0xf704f000 0x0001a000 "Mup.sys" .\debug.cpp(256) : 0xf7507000 0x00009000 "hpdskflt.sys" .\debug.cpp(256) : 0xf7587000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys" .\debug.cpp(256) : 0xf7627000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0xf593b000 0x00687000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys" .\debug.cpp(256) : 0xf5927000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS" .\debug.cpp(256) : 0xf58ff000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys" .\debug.cpp(256) : 0xf56dc000 0x00223000 "\SystemRoot\system32\DRIVERS\NETw4x32.sys" .\debug.cpp(256) : 0xf77e7000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0xf56b8000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0xf77ef000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0xf566c000 0x0004c000 "\SystemRoot\system32\drivers\tifm21.sys" .\debug.cpp(256) : 0xf5658000 0x00014000 "\SystemRoot\system32\DRIVERS\sdbus.sys" .\debug.cpp(256) : 0xf5642000 0x00016000 "\SystemRoot\system32\DRIVERS\gtipci21.sys" .\debug.cpp(256) : 0xf6fb9000 0x00004000 "\SystemRoot\system32\DRIVERS\SMCLIB.SYS" .\debug.cpp(256) : 0xf562e000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys" .\debug.cpp(256) : 0xf7637000 0x00009000 "\SystemRoot\system32\DRIVERS\IFXTPM.SYS" .\debug.cpp(256) : 0xf6530000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0xf77f7000 0x00005000 "\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys" .\debug.cpp(256) : 0xf6520000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS" .\debug.cpp(256) : 0xf55b3000 0x0007b000 "\SystemRoot\system32\DRIVERS\Wdf01000.sys" .\debug.cpp(256) : 0xf780f000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0xf557d000 0x00036000 "\SystemRoot\system32\DRIVERS\SynTP.sys" .\debug.cpp(256) : 0xf79c5000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0xf7817000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0xf6510000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys" .\debug.cpp(256) : 0xf6500000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0xf64f0000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys" .\debug.cpp(256) : 0xf555a000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0xf64e0000 0x0000a000 "\SystemRoot\system32\DRIVERS\Accelerometer.sys" .\debug.cpp(256) : 0xf6fa9000 0x00003000 "\SystemRoot\system32\DRIVERS\cpqbttn.sys" .\debug.cpp(256) : 0xf64d0000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0xf77ff000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0xf6fa5000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0xf6fa1000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys" .\debug.cpp(256) : 0xf7bb3000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys" .\debug.cpp(256) : 0xf79c7000 0x00002000 "\SystemRoot\System32\Drivers\RootMdm.sys" .\debug.cpp(256) : 0xf7807000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS" .\debug.cpp(256) : 0xf64c0000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0xf794f000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0xf4b94000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0xf5fe2000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0xf5fd2000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0xf7867000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0xf4b83000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys" .\debug.cpp(256) : 0xf5fc2000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys" .\debug.cpp(256) : 0xf786f000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys" .\debug.cpp(256) : 0xf7877000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys" .\debug.cpp(256) : 0xf787f000 0x00007000 "\SystemRoot\system32\DRIVERS\RimSerial.sys" .\debug.cpp(256) : 0xf4b53000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys" .\debug.cpp(256) : 0xf7647000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0xf79d1000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0xf4acd000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys" .\debug.cpp(256) : 0xf63d6000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0xf63ca000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys" .\debug.cpp(256) : 0xf7667000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0xb664f000 0x00049000 "\SystemRoot\system32\drivers\ADIHdAud.sys" .\debug.cpp(256) : 0xb662b000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0xb7bc3000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0xb6573000 0x00018000 "\SystemRoot\system32\drivers\AEAudio.sys" .\debug.cpp(256) : 0xb6541000 0x00032000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys" .\debug.cpp(256) : 0xb6444000 0x000fd000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys" .\debug.cpp(256) : 0xb6394000 0x000b0000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys" .\debug.cpp(256) : 0xb7bb3000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0xb5347000 0x00023000 "\SystemRoot\system32\DRIVERS\ATSwpDrv.sys" .\debug.cpp(256) : 0xf7a3b000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0xf7bad000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0xf7a3d000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0xb7eb3000 0x00006000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0xf7a1d000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS" .\debug.cpp(256) : 0xf7a1f000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0xb15ce000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0xb15c6000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0xb1b98000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0xb0376000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys" .\debug.cpp(256) : 0xb031d000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys" .\debug.cpp(256) : 0xb02f5000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0xb02cf000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys" .\debug.cpp(256) : 0xb02ad000 0x00022000 "\SystemRoot\System32\drivers\afd.sys" .\debug.cpp(256) : 0xb137d000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0xb136d000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0xb134d000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys" .\debug.cpp(256) : 0xb15be000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys" .\debug.cpp(256) : 0xb0288000 0x00025000 "\??\F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" .\debug.cpp(256) : 0xb15b6000 0x00006000 "\??\F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS" .\debug.cpp(256) : 0xb025d000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0xb01ed000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0xb133d000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS" .\debug.cpp(256) : 0xb01d1000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys" .\debug.cpp(256) : 0xf7a23000 0x00002000 "\??\F:\Program Files\Avira\AntiVir Desktop\avgio.sys" .\debug.cpp(256) : 0xb130d000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS" .\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0xb0889000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0xb15a6000 0x00005000 "\SystemRoot\System32\watchdog.sys" .\debug.cpp(256) : 0xbd000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys" .\debug.cpp(256) : 0xf7ad4000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys" .\debug.cpp(256) : 0xbd012000 0x0058e000 "\SystemRoot\System32\nv4_disp.dll" .\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL" .\debug.cpp(256) : 0xafe5c000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys" .\debug.cpp(256) : 0xf120d000 0x00005000 "\SystemRoot\system32\DRIVERS\AegisP.sys" .\debug.cpp(256) : 0xb7596000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0xb7592000 0x00003000 "\SystemRoot\system32\DRIVERS\s24trans.sys" .\debug.cpp(256) : 0xafdb7000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys" .\debug.cpp(256) : 0xafd2a000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys" .\debug.cpp(256) : 0xb74c3000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys" .\debug.cpp(256) : 0xb54d0000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS" .\debug.cpp(256) : 0xaf8a8000 0x00003000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys" .\debug.cpp(256) : 0xaf231000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys" .\debug.cpp(256) : 0xf75f7000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys" .\debug.cpp(256) : 0xaf9dc000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys" .\debug.cpp(256) : 0xb0dae000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys" .\debug.cpp(256) : 0xaf02d000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS" .\debug.cpp(256) : 0xf77b7000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS" .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination "\Device\HarddiskVolume3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{953ad796-1f97-4aac-b0c3-24ea46dfc091}" .\debug.cpp(400) : Destination "\Device\0000003b" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination "\Device\Video0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}" .\debug.cpp(400) : Destination "\Device\0000009f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}" .\debug.cpp(400) : Destination "\Device\AegisP_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination "\Device\Ndis" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon" .\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{953ad796-1f97-4aac-b0c3-24ea46dfc091}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination "\Device\Video1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#5&1e8dc1e5&0#{97f76ef0-f883-11d0-af1f-0000f800845c}" .\debug.cpp(400) : Destination "\Device\00000084" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#29012a0c23f99#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000099" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000034" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#HPQ0004#3&b1bfb68&0#{dd2a6682-735e-4e8e-8a59-d9dccf1ebece}" .\debug.cpp(400) : Destination "\Device\00000062" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_309F103C&REV_01#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination "\Device\Video2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip" .\debug.cpp(400) : Destination "\Device\Ip" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:" .\debug.cpp(400) : Destination "\Device\HarddiskVolume4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000004d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_309F103C&REV_01#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination "\Device\Video3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio" .\debug.cpp(400) : Destination "\Device\avgio" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000033" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev" .\debug.cpp(400) : Destination "\Device\IPSEC" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP" .\debug.cpp(400) : Destination "\Device\PxHelperDevice0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination "\Device\Video4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY" .\debug.cpp(400) : Destination "\Device\NDProxy" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr" .\debug.cpp(400) : Destination "\Device\RdpDrDvMgr" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination "\Device\00000031" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d53dfcd&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&13a91e62&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1" .\debug.cpp(400) : Destination "\Device\ParallelVdm0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04b4&Pid_6560#5&d18036f&0&7#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-6" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ0_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000005a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination "\Device\CompositeBattery" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CC21C58B-1D58-4387-80E2-ABD0813FF1C8}" .\debug.cpp(400) : Destination "\Device\{CC21C58B-1D58-4387-80E2-ABD0813FF1C8}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHTS721010G9SA00_________________________MCZOC10Q#4&21eb004c&1&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination "\Device\00000049" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&b98aba7&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+8" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_103C309F&REV_0900#4&4b994d5&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}" .\debug.cpp(400) : Destination "\Device\000000a0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000009f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1" .\debug.cpp(400) : Destination "\Device\Serial0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04a9&Pid_1088#21a185#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}" .\debug.cpp(400) : Destination "\Device\USBPDO-8" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination "\Device\WMIDataDevice" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt" .\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000009f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________HN03____#304b363648363345333920372020202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}" .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#5&1e8dc1e5&0#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\000000b5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination "\Device\NamedPipe" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3" .\debug.cpp(400) : Destination "\Device\Winachsf0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000009f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}" .\debug.cpp(400) : Destination "\Device\{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ1_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000005b" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM4" .\debug.cpp(400) : Destination "\??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT" .\debug.cpp(400) : Destination "\Device\IPNAT" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination "\Device\Mup" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&28738126&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\00000080" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched" .\debug.cpp(400) : Destination "\Device\PSched" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_STORAGE_DEVICE&Rev_9407#000000009407&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\000000bd" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:" .\debug.cpp(400) : Destination "\Device\CdRom0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0619&Pid_0104#SLP200#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}" .\debug.cpp(400) : Destination "\Device\USBPDO-7" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM5" .\debug.cpp(400) : Destination "\??\Root#PORTS#0001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination "\Device\Tcp" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#IFX0102#4&28738126&0#{c3fa81c6-2299-48f4-bd45-915e62b4db92}" .\debug.cpp(400) : Destination "\Device\00000079" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination "\Device\USBFDO-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05e3&Pid_0715#000000009407#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination "\Device\USBPDO-9" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination "\Device\USBFDO-1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2fd112f1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination "\Device\VideoPdo1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803D&SUBSYS_309F103C&REV_00#4&2ec23395&0&34F0#{50dd5230-ba8a-11d1-bf5d-0000f805f530}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000039" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f3e24f80-0dde-11df-bd8d-806d6172696f}" .\debug.cpp(400) : Destination "\Device\CdRom0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a4752e3-55ef-11bd-890b-806d6172696f}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination "\Device\USBFDO-2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination "\DosDevices\LPT1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer" .\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04a9&Pid_1088#21a185#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination "\Device\USBPDO-8" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination "\Device\CdRom0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3" .\debug.cpp(400) : Destination "\Device\USBFDO-3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803B&SUBSYS_309F103C&REV_00#4&2ec23395&0&32F0#{2c9f2281-eb3c-11d6-80af-0001020c74d4}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination "\Device\FsWrap" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio" .\debug.cpp(400) : Destination "\Device\sysaudio" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000036" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000038" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1" .\debug.cpp(400) : Destination "\Device\Harddisk1\DR7" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature2E2E2E2EOffset1B5E4A000Length4E200A000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature2E2E2E2EOffset697E5BE00Length1B5E42200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ2_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000005c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{497A4ECC-B9EC-412D-A21C-39B82050F518}" .\debug.cpp(400) : Destination "\Device\{497A4ECC-B9EC-412D-A21C-39B82050F518}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1a3ab2ba&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4" .\debug.cpp(400) : Destination "\Device\USBFDO-4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803D&SUBSYS_309F103C&REV_00#4&2ec23395&0&34F0#{6d2b71e2-8e3d-11d4-8980-005004fce90d}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{03E4CC9C-9686-C7EF-80B2-66DFC94A5ED0}" .\debug.cpp(400) : Destination "\Device\{03E4CC9C-9686-C7EF-80B2-66DFC94A5ED0}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature2E2E2E2EOffset7E00Length1B5E42200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\00000061" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{779B5372-5274-4BF3-9BFF-99B0E9EA7B52}" .\debug.cpp(400) : Destination "\Device\{779B5372-5274-4BF3-9BFF-99B0E9EA7B52}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_309F103C&REV_01#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&28738126&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\00000080" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_309F103C&REV_01#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination "\GLOBAL??" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS.SYS" .\debug.cpp(400) : Destination "\Device\S24Trans.sys" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination "\Device\0000004a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_08ff&Pid_2580#5&5f89f3b&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination "\Device\USBPDO-5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0" .\debug.cpp(400) : Destination "\Device\Pcmcia0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0" .\debug.cpp(400) : Destination "\Device\PxHelperDevice0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0" .\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________HN03____#304b363648363345333920372020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a4752e6-55ef-11bd-890b-806d6172696f}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D4E66A3B-00E1-41EF-93F5-56A8785F3286}" .\debug.cpp(400) : Destination "\Device\{D4E66A3B-00E1-41EF-93F5-56A8785F3286}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394" .\debug.cpp(400) : Destination "\Device\ARP1394" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\s24trans_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}" .\debug.cpp(400) : Destination "\Device\s24trans_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination "\Device\0000009e" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DsdaFilter" .\debug.cpp(400) : Destination "\Device\DsdaFilter" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ3_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000005d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN011D#4&28738126&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\00000081" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000004c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig" .\debug.cpp(400) : Destination "\Device\DmControl\DmConfig" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32" .\debug.cpp(400) : Destination "\Device\PxHelperDevice0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP" .\debug.cpp(400) : Destination "\Device\000000a0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl" .\debug.cpp(400) : Destination "\Device\ssmctl" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000032" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination "\Device\MountPointManager" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\K:" .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+8" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\00000004" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803A&SUBSYS_309F103C&REV_00#4&2ec23395&0&31F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{56907941-3afe-11d4-ae2c-00a0cc242d2c}" .\debug.cpp(400) : Destination "\Device\0000009f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination "\Device\WANARP" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________HN03____#304b363648363345333920372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a4752e5-55ef-11bd-890b-806d6172696f}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ4_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000005e" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace" .\debug.cpp(400) : Destination "\Device\DmControl\DmTrace" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&216ac67a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#6&2057da98&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}" .\debug.cpp(400) : Destination "\Device\Parallel0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&b98aba7&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+8" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a4752e4-55ef-11bd-890b-806d6172696f}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\00000003" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination "\Device\NdisWanIp" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SASKUTIL" .\debug.cpp(400) : Destination "\Device\SASKUTIL" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0619&Pid_0104#SLP200#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination "\Device\USBPDO-7" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6779F181-E1F6-4C29-BA46-133B38F573C6}" .\debug.cpp(400) : Destination "\Device\{6779F181-E1F6-4C29-BA46-133B38F573C6}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\0000003b" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination "\Device\Ide\IdePort0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP" .\debug.cpp(400) : Destination "\Device\AegisP" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{9a4e7718-010f-11df-8c3a-001302611560}" .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+8" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0" .\debug.cpp(400) : Destination "\Device\1394BUS0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FLUSB-0" .\debug.cpp(400) : Destination "\Device\FLUSB-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ5_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000005f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1" .\debug.cpp(400) : Destination "\Device\ParTechInc0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A9521895-284F-4CEC-8C06-5337869E27E4}" .\debug.cpp(400) : Destination "\Device\{A9521895-284F-4CEC-8C06-5337869E27E4}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_08ff&Pid_2580#5&5f89f3b&0&2#{f880c068-aa80-4447-86b2-cf597fa31ed9}" .\debug.cpp(400) : Destination "\Device\USBPDO-5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}" .\debug.cpp(400) : Destination "\Device\s24trans_{3E182EFF-DF5B-4E24-BB6F-F0B309133D0E}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000035" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader" .\debug.cpp(400) : Destination "\Device\DmLoader" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2" .\debug.cpp(400) : Destination "\Device\ParTechInc1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0" .\debug.cpp(400) : Destination "\Device\MICH_AZ0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST" .\debug.cpp(400) : Destination "\Device\IPMULTICAST" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24Trans.sys" .\debug.cpp(400) : Destination "\Device\S24Trans.sys" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination "\Device\Ide\IdePort1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1" .\debug.cpp(400) : Destination "\Device\NamedPipe\Spooler\LPT1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination "\Device\NdisWan" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI" .\debug.cpp(400) : Destination "\Device\NdisTapi" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5043852E-55CB-4687-8A13-85F35A9AEA67}" .\debug.cpp(400) : Destination "\Device\{5043852E-55CB-4687-8A13-85F35A9AEA67}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3" .\debug.cpp(400) : Destination "\Device\ParTechInc2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination "\Device\00000045" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#5&1e8dc1e5&0#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination "\Device\000000b5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow" .\debug.cpp(400) : Destination "\Device\LanmanRedirector" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination "\Device\FtControl" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_029B&SUBSYS_309F103C&REV_A1#4&31b7bfb9&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV" .\debug.cpp(400) : Destination "\Device\SASDIFSV" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination "\Device\HarddiskVolume1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{a8bdfc47-9b46-4bc3-97ea-7d092a5c1b72}" .\debug.cpp(400) : Destination "\Device\0000009f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_309F103C&REV_01#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination "\DosDevices\COM1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A87C2E0F-9A46-46b8-8EC4-E33355FBE1F7}#KeyboardFilter#5&70b590b&0&01#{3569dbe5-fa4f-4e7e-96ec-540202073739}" .\debug.cpp(400) : Destination "\Device\0000009a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination "\Device\MailSlot" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02#4&4878531&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:" .\debug.cpp(400) : Destination "\Device\Ide\iaStor0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standard Modem" .\debug.cpp(400) : Destination "\Device\00000031" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{34699dc2-f125-4490-ae54-e7db91946f9e}" .\debug.cpp(400) : Destination "\Device\0000003b" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination "\Device\Null" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\0000003e" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination "\Device\Ndisuio" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination "" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col01#3&563a312&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination "\Device\0000009d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature2E2E2E2EOffset84DCA5E00LengthEFC4AC200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{34699dc2-f125-4490-ae54-e7db91946f9e}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_103C309F&REV_0900#4&4b994d5&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination "\Device\000000a0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\0000003d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\0000009e" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1" .\debug.cpp(400) : Destination "\Device\Parallel0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP" .\debug.cpp(400) : Destination "\Device\SynTP" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo" .\debug.cpp(400) : Destination "\Device\DmControl\DmInfo" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C309F&REV_1002#4&4b994d5&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination "\Device\0000009f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb" .\debug.cpp(400) : Destination "\Device\avipbb" .\debug.cpp(409) : -- .\debug.cpp(453) : ********************************************** .\boot_cleaner.cpp(565) : System volume is \\.\F: .\boot_cleaner.cpp(600) : \\.\F: -> \\.\PhysicalDrive0 at offset 0x00000001`b5e4a000 .\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd .\boot_cleaner.cpp(1060) : .\boot_cleaner.cpp(1061) : Size Device Name MBR Status .\boot_cleaner.cpp(1062) : -------------------------------------------- .\boot_cleaner.cpp(1106) : 93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) .\boot_cleaner.cpp(1112) : .\boot_cleaner.cpp(1151) : Done; |
|
24.09.2010, 12:30
| #18 |
| | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe so... mitlerweile hat sich GMER mit AVIRA verhakt, XP musste per hard reset down und bootet nicht mehr . bei F8 in safe mode bleibt er bei isapnp.sys haengen.
__________________Ich habe noch ein 2000er auf C. Was sagt der Profi: Datenrettung und ab dafuer ??? Danke Luko |
|
24.09.2010, 13:39
| #20 |
| | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe zu spaet geschaltet: hatte GMER angklickt zum verschieben und da ging es gleich los. Dachte dann: nicht so schlimm , zum scan dann Sicherheit und WLAN aus schalten. Das war definitiv die falsche Reihenfolge . Was meinst Du, Arne, bekomme ich das wieder hin, oder 3 Tage opfern und XP plaetten??? oder gleich die ganze Platte frisch machen (mit s0kill , das sind 5-6 Tage ) Zeit habe ich wirklich nicht viel, vor allem nicht uebrig dafuer ... Luko |
|
24.09.2010, 14:08
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe Kopier mal diese isapnp.sys => File-Upload.net - isapnp.sys Über Dein laufendes Windows 2000 in den system32/drivers Ordner von XP.
__________________ --> Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe |
|
24.09.2010, 15:24
| #22 |
| | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe Hallo Arne XP ist wieder im Rennen... SATA controller aus und es lief wieder . Lass uns bitte bei der Entwanzung weitermachen .. Danke sehr Luko |
|
25.09.2010, 13:21
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe Wieso hast Du den SATA-Controller aktiviert??  Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2010, 20:16
| #24 |
| | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe HAllo Arne, mit osam entfernt. OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:07:25 on 25.09.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Opera Software Opera Internet Browser 10.62 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Bioscrypt Inc." - F:\WINDOWS\system32\APSHook.dll [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - F:\WINDOWS\system32\OODBS.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "accelerometercp.CPL" - "Hewlett-Packard Corporation" - F:\WINDOWS\system32\accelerometercp.CPL "cttune.cpl" - ? - F:\WINDOWS\system32\cttune.cpl "infocardcpl.cpl" - "Microsoft Corporation" - F:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "Macrovision Corporation" - F:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - F:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvtuicpl.cpl "QuickTime.cpl" - "Apple Computer, Inc." - F:\WINDOWS\system32\QuickTime.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Accelerometer" - "Hewlett-Packard Corporation" - F:\WINDOWS\system32\accelerometercp.cpl "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - F:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "CognizanceWS" - "Cognizance Corporation" - F:\PROGRA~1\HEWLET~1\IAM\Bin\Settings.dll "PTHOST.CPL" - " Hewlett-Packard Development Company, L.P" - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOST.CPL "QlbConfig" - " Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbConfg.cpl "SMAX4CP" - "Analog Devices, Inc." - F:\Program Files\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - F:\Cofi\catchme.sys (File not found) "Cdr4_xp" (Cdr4_xp) - "Sonic Solutions" - F:\WINDOWS\system32\drivers\Cdr4_xp.sys "Cdralw2k" (Cdralw2k) - "Sonic Solutions" - F:\WINDOWS\system32\drivers\Cdralw2k.sys "Changer" (Changer) - ? - F:\WINDOWS\system32\drivers\Changer.sys (File not found) "Conexant Setup API" (UIUSys) - ? - F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS (File not found) "i2omgmt" (i2omgmt) - ? - F:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - F:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - F:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - F:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - F:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - F:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - F:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - F:\WINDOWS\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASENUM.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - F:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - f:\WINDOWS\system32\Rundll32.exe f:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - F:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - F:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? - deskpan.dll (File not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? - (File not found | COM-object registry key not found) {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - F:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - F:\Program Files\Microsoft Office\OFFICE11\msohev.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - F:\WINDOWS\system32\nvshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\shlext.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - f:\WINDOWS\system32\dfshim.dll {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - f:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - F:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - F:\Program Files\WinRAR\rarext.dll {ABE00001-0123-ABED-1248-0248ADFA1909} "Zoom Player ShellExt" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {A3256902-51FA-45A0-8A97-FC1143C169D9} "Diagnostics ActiveX WebControl" - "Microsoft Corporation" - F:\WINDOWS\Downloaded Program Files\DiagWAPI.dll / hxxp://support.microsoft.com/mats/DiagWebControl.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} "TeamOn Import Object" - "TeamOn Systems, Inc. " - F:\WINDOWS\Downloaded Program Files\TOImport.dll / https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DF21F1DB-80C6-11D3-9483-B03D0EC10000} "Credential Manager for HP ProtectTools" - "Bioscrypt Inc." - F:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Start Menu\Programs\Startup )----- "desktop.ini" - ? - F:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -----( %UserProfile%\Start Menu\Programs\Startup )----- "desktop.ini" - ? - F:\Documents and Settings\Luko\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ISUSPM" - "Macrovision Corporation" - "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CognizanceTS" - "Cognizance Corporation" - rundll32.exe F:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule "IAAnotif" - "Intel Corporation" - F:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "IntelZeroConfig" - "Intel Corporation" - "F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" "nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet /nodetect "PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start "QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Broadcom 802.11 Wireless LAN Adapter Logon Provider" - "Broadcom Corporation" - F:\WINDOWS\System32\BCMLogon.dll "Credential Manager" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "IntelNetProvCredMan" - ? - c:\windows\system32\netprovcredman.dll (File not found) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Argox Language Monitor" - ? - F:\WINDOWS\system32\argomon.dll (File found, but it contains no detailed information) "CutePDF Writer Monitor" - ? - F:\WINDOWS\system32\cpwmon2k.dll (File found, but it contains no detailed information) "Seagull Network Monitor" - "Seagull Scientific, Inc." - F:\WINDOWS\system32\ssnetmon.dll "Seiko SLP Monitor" - "Seiko Instruments USA, Inc." - F:\WINDOWS\system32\SLPMON.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - F:\Program Files\Avira\AntiVir Desktop\sched.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - F:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMon) - "Intel Corporation" - F:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - F:\Program Files\Java\jre6\bin\jqs.exe "Local Communication Channel" (ASChannel) - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll "Logon Session Broker" (ASBroker) - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "MSSQL$UPSWSDBSERVER" (MSSQL$UPSWSDBSERVER) - "Microsoft Corporation" - F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe "MSSQLServerADHelper" (MSSQLServerADHelper) - "Microsoft Corporation" - F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - F:\WINDOWS\system32\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Security Platform Management Service" (IFXSpMgtSrv) - "Infineon Technologies AG" - F:\WINDOWS\system32\IFXSPMGT.exe "SLPMONX" (SLPMONX) - "ProdEx Technologies" - F:\WINDOWS\system32\slpservice.exe "SQLAgent$UPSWSDBSERVER" (SQLAgent$UPSWSDBSERVER) - "Microsoft Corporation" - F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE "Trusted Platform Core Service" (IFXTCS) - "Infineon Technologies AG" - F:\WINDOWS\system32\IFXTCS.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WMDM PMSP Service" (WMDM PMSP Service) - "Microsoft Corporation" - F:\WINDOWS\system32\MsPMSPSv.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll "IfxWlxEN" - "Infineon Technologies AG" - F:\WINDOWS\system32\IfxWlxEN.dll "OneCard" - "Cognizance Corporation" - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "WgaLogon" - "Microsoft Corporation" - F:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== DAnke . LG Andreas |
|
25.09.2010, 20:34
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2010, 20:38
| #26 |
| | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe HAllo Arne auch diese Eklaerung will ich Dir atuerlich nicht schuldig bleiben : Wieso ich einen SATA controller brauche? Weil im NW9440 einen SATA Platte drin ist . HP Bios option fuer Geraete > nativer SAT modus an /aus. Bei XP geht es mit SATA on Bei win 2K hab ich den Treiber einfach nicht richtig eingebunden bekommen. SATA on :bootet 2k nur bis zum bluesceen abbruch sata off : bootet 2 K tadellos. Der fuer win2K passende controller erscheint auch bei 2000 ordentlich in der hardware, aber .... ???? Es geht nicht .. zumindest nicht mit SATA LG Andreas |
|
25.09.2010, 21:19
| #27 |
| | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe GetanOTL Logfile: Code:
ATTFilter OTL logfile created on: 25.09.2010 22:11:27 - Run 3 OTL by OldTimer - Version 3.2.14.1 Folder = F:\Documents and Settings\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free 7,00 Gb Paging File | 7,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): E:\pagefile.sys 4092 4092 [binary data] %SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files Drive C: | 6,84 Gb Total Space | 4,44 Gb Free Space | 64,97% Space Free | Partition Type: NTFS Drive D: | 6,84 Gb Total Space | 3,49 Gb Free Space | 50,97% Space Free | Partition Type: NTFS Drive E: | 59,94 Gb Total Space | 13,35 Gb Free Space | 22,28% Space Free | Partition Type: NTFS Drive F: | 19,53 Gb Total Space | 5,55 Gb Free Space | 28,42% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 3,79 Gb Total Space | 0,07 Gb Free Space | 1,95% Space Free | Partition Type: FAT32 Computer Name: xxxx Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - F:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools) PRC - F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - F:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - F:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - F:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation) PRC - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.) PRC - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - F:\Program Files\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe (Microsoft Corporation) PRC - F:\WINDOWS\system32\oodag.exe (O&O Software GmbH) PRC - F:\WINDOWS\system32\slpmonx.exe (Seiko Instruments USA, Inc.) PRC - F:\WINDOWS\system32\slpservice.exe (ProdEx Technologies) ========== Modules (SafeList) ========== MOD - F:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools) MOD - F:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation) MOD - F:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - F:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.) MOD - F:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll (Cognizance Corporation) ========== Win32 Services (SafeList) ========== SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found SRV - (HidServ) -- F:\WINDOWS\System32\hidserv.dll File not found SRV - (AntiVirService) -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (EvtEng) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (S24EventMonitor) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (ASBroker) -- F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) SRV - (IviRegMgr) -- F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (ASChannel) -- F:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation) SRV - (IAANTMon) Intel(R) -- F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (MSSQL$UPSWSDBSERVER) -- F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$UPSWSDBSERVER) -- F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE (Microsoft Corporation) SRV - (O&O Defrag) -- F:\WINDOWS\system32\oodag.exe (O&O Software GmbH) SRV - (SLPMONX) -- F:\WINDOWS\system32\slpservice.exe (ProdEx Technologies) ========== Driver Services (SafeList) ========== DRV - (UIUSys) -- F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found DRV - (catchme) -- F:\Cofi\catchme.sys File not found DRV - (avgntflt) -- F:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (SASENUM) -- F:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- F:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ssmdrv) -- F:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Cdralw2k) -- F:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (Cdr4_xp) -- F:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (avipbb) -- F:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- F:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (HDAudBus) -- F:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (SynTP) -- F:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NETw4x32) Intel(R) -- F:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (ADIHdAudAddService) -- F:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- F:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (s24trans) -- F:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (nv) -- F:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (HpqKbFiltr) -- F:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (tifm21) -- F:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (GTIPCI21) -- F:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments) DRV - (HBtnKey) -- F:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (HSF_DPV) -- F:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- F:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- F:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (b57w2k) -- F:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (Accelerometer) -- F:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (hpdskflt) -- F:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (IFXTPM) -- F:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG) DRV - (iaStor) -- F:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (SampleScanner) -- F:\WINDOWS\system32\drivers\ArtecGT.sys ( ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1 FF - prefs.js..extensions.enabledItems: {CA98C7ED-AC2C-42F4-B531-6CDEB5DB2AAE}:1.9.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.01.18 21:49:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.08.23 16:12:43 | 000,000,000 | ---D | M] [2010.01.15 20:59:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla\Extensions [2010.09.21 18:04:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions [2010.08.28 12:54:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.25 21:26:09 | 000,000,000 | ---D | M] (Flash and Video Download) -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2010.08.28 12:54:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\YoutubeDownloader@PeterOlayev.com [2010.09.21 18:04:46 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions [2008.07.28 12:07:36 | 000,069,632 | ---- | M] (UPS) -- F:\Program Files\Mozilla Firefox\plugins\NPEltr32.dll [2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- F:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2009.11.03 04:14:39 | 000,001,392 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.11.03 04:14:39 | 000,002,344 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2009.11.03 04:14:39 | 000,006,805 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.11.03 04:14:39 | 000,001,178 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.11.03 04:14:39 | 000,000,801 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.23 22:09:27 | 000,000,027 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - F:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [avgnt] F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CognizanceTS] F:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [IAAnotif] F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PTHOSTTR] F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKCU..\Run: [ISUSPM] F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} hxxp://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O20 - AppInit_DLLs: (F:\WINDOWS\system32\APSHook.dll) - F:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (F:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll) - F:\Program Files\Hewlett-Packard\IAM\Bin\OCGina.dll (Cognizance Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - F:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG) O20 - Winlogon\Notify\OneCard: DllName - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\HP Cityscape Wide.bmp O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\HP Cityscape Wide.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.11 13:07:50 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - F:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - F:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found MsConfig - StartUpFolder: F:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanPanel.lnk - F:\Program Files\Medion\ScanPanel\ScnPanel.exe - () MsConfig - StartUpFolder: F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk - F:\Program Files\MICROSOFT SQL SERVER\80\TOOLS\BINN\sqlmangr.exe - (Microsoft Corporation) MsConfig - StartUpFolder: F:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk - F:\Program Files\UPS\WSTD\WSTDMessaging.exe - () MsConfig - StartUpFolder: F:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk - F:\Program Files\UPS\WSTD\wstdPldReminder.exe - (UPS) MsConfig - StartUpReg: AccelerometerSysTrayApplet - hkey= - key= - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - F:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) MsConfig - StartUpReg: IntelWireless - hkey= - key= - F:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) MsConfig - StartUpReg: NA1Messenger - hkey= - key= - F:\Program Files\UPS\WSTD\UPSNA1Msgr.exe () MsConfig - StartUpReg: Seagull Drivers - hkey= - key= - F:\WINDOWS\ssdal_nc.exe () MsConfig - StartUpReg: SoundMAX - hkey= - key= - F:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - F:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - F:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - f:\WINDOWS\system32\Rundll32.exe f:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - F:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - F:\WINDOWS\inf\unregmp2.exe /HideWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "F:\WINDOWS\system32\rundll32.exe" "F:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3filter - F:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.iac2 - F:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - F:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - F:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - F:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - F:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - F:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - F:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - F:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - F:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - F:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17465003472846848) ========== Files/Folders - Created Within 90 Days ========== [2010.09.25 21:00:36 | 000,000,000 | RH-D | C] -- F:\Documents and Settings\***\Recent [2010.09.25 20:51:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\***\Application Data\Online Solutions [2010.09.23 23:57:04 | 000,000,000 | -HSD | C] -- F:\RECYCLER [2010.09.23 23:27:32 | 000,000,000 | ---D | C] -- F:\Cofi16072C [2010.09.23 21:46:05 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe [2010.09.23 21:46:05 | 000,161,792 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe [2010.09.23 21:46:05 | 000,136,704 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe [2010.09.23 21:46:05 | 000,031,232 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe [2010.09.23 21:46:01 | 000,000,000 | ---D | C] -- F:\Cofi [2010.09.23 21:45:41 | 000,000,000 | ---D | C] -- F:\Qoobox [2010.09.23 19:54:17 | 000,000,000 | ---D | C] -- F:\_OTL [2010.09.23 12:06:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTL.exe [2010.09.22 18:02:49 | 000,045,056 | ---- | C] (ULTIMA ELECTRONICS CORP.) -- F:\WINDOWS\System32\RemovePlus.exe [2010.09.22 18:02:33 | 000,000,000 | ---D | C] -- F:\Program Files\Medion [2010.09.22 15:40:42 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT [2010.09.22 15:37:14 | 000,000,000 | ---D | C] -- F:\Program Files\ERUNT [2010.09.22 14:27:47 | 000,000,000 | ---D | C] -- F:\Program Files\Sophos [2010.09.21 21:43:53 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro [2010.09.21 19:18:41 | 000,000,000 | ---D | C] -- F:\Program Files\Safer Networking [2010.09.15 16:02:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\***\Application Data\Google [2010.09.15 16:01:46 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Google [2010.09.15 15:57:42 | 000,000,000 | ---D | C] -- F:\Program Files\Google [2010.03.29 20:57:15 | 000,018,120 | ---- | C] ( ) -- F:\WINDOWS\System32\drivers\ArtecGT.sys ========== Files - Modified Within 90 Days ========== [2010.09.25 21:06:22 | 000,535,230 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI [2010.09.25 21:06:22 | 000,450,520 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat [2010.09.25 21:06:22 | 000,075,330 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat [2010.09.25 21:01:52 | 000,077,918 | ---- | M] () -- F:\WINDOWS\System32\nvModes.001 [2010.09.25 21:01:46 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl [2010.09.25 21:01:32 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT [2010.09.25 21:01:30 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat [2010.09.25 21:01:25 | 000,126,003 | ---- | M] () -- F:\WINDOWS\System32\OODBS.lor [2010.09.25 21:00:43 | 005,767,168 | -H-- | M] () -- F:\Documents and Settings\***\NTUSER.DAT [2010.09.25 21:00:39 | 000,000,531 | ---- | M] () -- F:\WINDOWS\win.ini [2010.09.25 20:51:59 | 000,564,800 | ---- | M] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys [2010.09.25 20:51:53 | 005,805,264 | -H-- | M] () -- F:\Documents and Settings\***\Local Settings\Application Data\IconCache.db [2010.09.25 20:42:55 | 000,000,619 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to osam.exe.lnk [2010.09.25 20:40:54 | 000,077,918 | ---- | M] () -- F:\WINDOWS\System32\nvModes.dat [2010.09.24 16:20:16 | 000,000,178 | -HS- | M] () -- F:\Documents and Settings\***\ntuser.ini [2010.09.23 23:55:24 | 000,001,202 | ---- | M] () -- F:\WINDOWS\ScnPanel.ini [2010.09.23 23:30:20 | 000,000,227 | ---- | M] () -- F:\WINDOWS\system.ini [2010.09.23 22:09:27 | 000,000,027 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts [2010.09.23 21:39:24 | 003,851,266 | R--- | M] () -- F:\Documents and Settings\***\Desktop\Cofi.exe [2010.09.23 20:01:31 | 000,214,801 | ---- | M] () -- F:\_OTL.zip [2010.09.23 12:05:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTL.exe [2010.09.22 18:56:59 | 000,011,463 | ---- | M] () -- F:\WINDOWS\Dusb3ar.ini [2010.09.22 18:56:59 | 000,002,662 | ---- | M] () -- F:\WINDOWS\Ausba3.INI [2010.09.22 18:10:08 | 000,000,589 | ---- | M] () -- F:\Documents and Settings\***\Desktop\My.lnk [2010.09.22 18:03:21 | 000,030,720 | ---- | M] () -- F:\WINDOWS\EWhiteu12.dat [2010.09.22 18:03:21 | 000,000,004 | ---- | M] () -- F:\WINDOWS\AErroru3.dat [2010.09.22 18:03:19 | 000,030,720 | ---- | M] () -- F:\WINDOWS\EDarku12.dat [2010.09.22 18:03:16 | 000,000,006 | ---- | M] () -- F:\WINDOWS\EExpou.dat [2010.09.22 18:03:16 | 000,000,003 | ---- | M] () -- F:\WINDOWS\EOffsetu.dat [2010.09.22 18:03:16 | 000,000,003 | ---- | M] () -- F:\WINDOWS\EGain6.dat [2010.09.22 14:58:29 | 000,000,681 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to Cleanup.exe.lnk [2010.09.22 12:21:41 | 000,000,873 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to Kawapreise.xls.lnk [2010.09.21 21:43:53 | 000,001,740 | ---- | M] () -- F:\Documents and Settings\***\Desktop\HijackThis.lnk [2010.09.21 18:51:32 | 000,020,992 | ---- | M] () -- F:\Documents and Settings\***\My Documents\Wunschzettel.doc [2010.09.20 20:43:13 | 000,002,181 | ---- | M] () -- F:\Documents and Settings\***\Desktop\REFLEX Modellflugsimulator.lnk [2010.09.20 11:40:03 | 000,112,128 | ---- | M] () -- F:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.16 16:19:22 | 000,000,616 | ---- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2010.09.15 15:57:51 | 000,001,768 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk [2010.09.14 21:55:10 | 000,028,622 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Re_ Vent Window Four Winns Liberator 211 SE 1986.eml [2010.09.14 12:37:00 | 000,083,841 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Expedia Reisebestätigung - Köln (2) - 5 Okt 2010 - (Reiseplan-Nr. 1759836991).eml [2010.09.14 08:45:36 | 002,125,423 | ---- | M] () -- F:\Documents and Settings\***\Desktop\plesk8.pdf [2010.09.12 12:02:33 | 000,000,724 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Bank***.lnk [2010.09.10 16:48:11 | 000,000,275 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to *** LVM.xls.lnk [2010.09.10 16:48:03 | 000,000,278 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to CARB-SWAP.xls.lnk [2010.08.29 13:26:34 | 000,951,440 | ---- | M] () -- F:\Documents and Settings\***\My Documents\small-block.pdf [2010.08.19 11:58:17 | 002,930,676 | ---- | M] () -- F:\Documents and Settings\***\My Documents\Spondon.rar [2010.08.17 11:16:11 | 000,298,194 | ---- | M] () -- F:\Documents and Settings\***\My Documents\Trinken_ist_wie_Yoga.pdf [2010.08.14 11:56:34 | 000,107,008 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 19:47:14 | 000,000,256 | ---- | M] () -- F:\WINDOWS\System32\pool.bin [2010.08.12 19:45:16 | 006,326,721 | ---- | M] () -- F:\Documents and Settings\***\My Documents\Backup-(2010-08-12).ipd [2010.08.10 22:23:49 | 000,009,931 | ---- | M] () -- F:\Documents and Settings\***\Desktop\KontenD.pdf [2010.07.08 17:24:52 | 000,011,494 | ---- | M] () -- F:\Documents and Settings\***\Desktop\news0710.php [2010.07.01 22:52:55 | 000,000,338 | ---- | M] () -- F:\Documents and Settings\***\Desktop\AUDIO.lnk ========== Files Created - No Company Name ========== [2010.09.25 20:42:55 | 000,000,619 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to osam.exe.lnk [2010.09.23 21:46:05 | 000,256,512 | ---- | C] () -- F:\WINDOWS\PEV.exe [2010.09.23 21:46:05 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe [2010.09.23 21:46:05 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe [2010.09.23 21:46:05 | 000,077,312 | ---- | C] () -- F:\WINDOWS\MBR.exe [2010.09.23 21:46:05 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe [2010.09.23 21:42:44 | 003,851,266 | R--- | C] () -- F:\Documents and Settings\***\Desktop\Cofi.exe [2010.09.23 20:01:31 | 000,214,801 | ---- | C] () -- F:\_OTL.zip [2010.09.22 18:10:08 | 000,000,589 | ---- | C] () -- F:\Documents and Settings\***\Desktop\My.lnk [2010.09.22 18:02:49 | 000,001,202 | ---- | C] () -- F:\WINDOWS\ScnPanel.ini [2010.09.22 18:02:49 | 000,000,766 | ---- | C] () -- F:\WINDOWS\Uninstall.ico [2010.09.22 18:02:29 | 000,001,704 | ---- | C] () -- F:\WINDOWS\ePlus.ini [2010.09.22 14:58:29 | 000,000,681 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to Cleanup.exe.lnk [2010.09.21 22:44:20 | 000,083,841 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Expedia Reisebestätigung - Köln (2) - 5 Okt 2010 - (Reiseplan-Nr. 1759836991).eml [2010.09.21 21:43:53 | 000,001,740 | ---- | C] () -- F:\Documents and Settings\***\Desktop\HijackThis.lnk [2010.09.21 18:51:32 | 000,020,992 | ---- | C] () -- F:\Documents and Settings\***\My Documents\Wunschzettel.doc [2010.09.21 12:32:23 | 000,564,800 | ---- | C] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys [2010.09.15 15:57:51 | 000,001,768 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk [2010.09.14 21:55:10 | 000,028,622 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Re_ Vent Window Four Winns Liberator 211 SE 1986.eml [2010.09.14 08:45:36 | 002,125,423 | ---- | C] () -- F:\Documents and Settings\***\Desktop\plesk8.pdf [2010.09.12 12:02:33 | 000,000,724 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Bank***.lnk [2010.09.10 16:48:11 | 000,000,275 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to *** LVM.xls.lnk [2010.09.10 16:48:03 | 000,000,278 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to CARB-SWAP.xls.lnk [2010.08.29 13:26:34 | 000,951,440 | ---- | C] () -- F:\Documents and Settings\***\My Documents\small-block.pdf [2010.08.25 17:41:25 | 000,000,873 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to Kawapreise.xls.lnk [2010.08.19 11:58:16 | 002,930,676 | ---- | C] () -- F:\Documents and Settings\***\My Documents\Spondon.rar [2010.08.17 11:16:11 | 000,298,194 | ---- | C] () -- F:\Documents and Settings\***\My Documents\Trinken_ist_wie_Yoga.pdf [2010.08.12 19:45:16 | 006,326,721 | ---- | C] () -- F:\Documents and Settings\***\My Documents\Backup-(2010-08-12).ipd [2010.08.10 22:23:48 | 000,009,931 | ---- | C] () -- F:\Documents and Settings\***\Desktop\KontenD.pdf [2010.07.08 17:25:17 | 000,011,494 | ---- | C] () -- F:\Documents and Settings\***\Desktop\news0710.php [2010.07.01 22:52:54 | 000,000,338 | ---- | C] () -- F:\Documents and Settings\***\Desktop\AUDIO.lnk [2010.05.17 20:23:17 | 000,000,241 | ---- | C] () -- F:\WINDOWS\wstdUPSWSHIP.INI [2010.03.29 20:57:18 | 000,200,704 | ---- | C] () -- F:\WINDOWS\Ausba3.dll [2010.03.29 20:57:18 | 000,011,463 | ---- | C] () -- F:\WINDOWS\Dusb3ar.ini [2010.03.29 20:57:18 | 000,002,662 | ---- | C] () -- F:\WINDOWS\Ausba3.INI [2010.03.08 17:44:17 | 000,024,576 | R--- | C] () -- F:\WINDOWS\System32\Arsetup.dll [2010.03.08 17:44:17 | 000,000,282 | R--- | C] () -- F:\WINDOWS\System32\Arsetup.ini [2010.02.08 17:06:36 | 000,000,040 | ---- | C] () -- F:\WINDOWS\ed3_programmer.ini [2010.02.07 15:49:56 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\FnF4.txt [2010.01.15 22:52:06 | 000,112,128 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.15 21:27:03 | 000,085,504 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll [2010.01.15 21:27:03 | 000,000,547 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll.manifest [2010.01.15 21:21:52 | 000,001,298 | ---- | C] () -- F:\WINDOWS\MultiTimer.ini [2010.01.15 20:07:58 | 000,000,166 | ---- | C] () -- F:\WINDOWS\hbcikrnl.ini [2010.01.14 18:12:22 | 000,006,656 | ---- | C] () -- F:\WINDOWS\System32\CNMVS5n.DLL [2010.01.14 17:59:08 | 000,001,406 | ---- | C] () -- F:\WINDOWS\ODBC.INI [2010.01.12 19:58:00 | 000,036,864 | ---- | C] () -- F:\WINDOWS\System32\SlpApi42.dll [2010.01.12 19:54:30 | 000,087,552 | ---- | C] () -- F:\WINDOWS\System32\cpwmon2k.dll [2010.01.12 15:23:20 | 000,204,800 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeW7.dll [2010.01.12 15:23:20 | 000,200,704 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeA6.dll [2010.01.12 15:23:20 | 000,192,512 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeP6.dll [2010.01.12 15:23:20 | 000,192,512 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeM6.dll [2010.01.12 15:23:20 | 000,188,416 | ---- | C] () -- F:\WINDOWS\System32\IVIresizePX.dll [2010.01.12 15:23:19 | 000,020,480 | ---- | C] () -- F:\WINDOWS\System32\IVIresize.dll [2007.08.09 03:18:00 | 001,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll [2007.08.09 03:18:00 | 001,474,560 | ---- | C] () -- F:\WINDOWS\System32\nview.dll [2007.08.09 03:18:00 | 001,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll [2007.08.09 03:18:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll [2007.03.16 14:13:44 | 000,012,547 | ---- | C] () -- F:\WINDOWS\System32\argomon.dll [2003.04.08 13:41:20 | 000,180,224 | ---- | C] () -- F:\WINDOWS\System32\nssckbi.dll [2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- F:\WINDOWS\System32\UNACEV2.DLL [1998.05.07 03:10:00 | 000,069,632 | R--- | C] () -- F:\WINDOWS\System32\ODMA32.dll [1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\QSwitch.txt [1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\DSwitch.txt [1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\AtStart.txt [1980.01.04 02:00:13 | 000,039,859 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\FASTWiz.log ========== LOP Check ========== [2010.01.16 14:42:07 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ACD Systems [2010.01.13 23:35:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Infineon [2010.01.14 15:22:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\LightScribe [2010.03.29 20:45:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Research In Motion [2010.01.16 15:49:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\ACD Systems [2010.05.08 17:38:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\FreeFLVConverter [2010.04.04 17:48:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\ImgBurn [2010.01.13 23:35:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Infineon [2010.02.06 13:40:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\InterVideo [2010.09.25 20:53:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Online Solutions [2010.01.15 18:59:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Opera [2010.03.29 20:46:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Research In Motion ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2010.01.16 14:42:07 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ACD Systems [2010.01.16 20:02:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Adobe [1980.01.04 02:23:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Avira [2010.09.15 16:01:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Google [2010.01.13 23:35:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Infineon [2010.01.12 15:23:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\InstallShield [2010.01.13 22:33:34 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Intel [2010.01.14 15:22:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\LightScribe [2010.04.14 15:02:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.05.08 17:37:57 | 000,000,000 | --SD | M] -- F:\Documents and Settings\All Users\Application Data\Microsoft [1980.01.04 01:50:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\NVIDIA Corporation [2010.05.01 14:53:20 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\nView_Profiles [2010.02.06 14:27:51 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\QuickTime [2010.03.29 20:45:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Research In Motion [1980.01.04 02:26:07 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2010.01.15 12:11:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2010.06.10 09:31:02 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- F:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe < %APPDATA%\*. > [2010.01.16 15:49:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\ACD Systems [2010.01.16 14:47:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Adobe [2010.01.18 16:44:34 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\AdobeAUM [2010.01.16 20:03:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\AdobeUM [2010.01.16 19:25:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Ahead [2010.05.08 17:38:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\FreeFLVConverter [2010.09.15 16:02:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Google [2010.03.08 13:16:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Help [2010.01.12 16:54:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\hpqLog [1980.01.04 01:45:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Identities [2010.04.04 17:48:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\ImgBurn [2010.01.13 23:35:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Infineon [2010.03.20 17:32:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\InstallShield [2010.01.13 22:34:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Intel [2010.02.06 13:40:41 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\InterVideo [2010.01.15 19:20:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Macromedia [2010.04.14 15:02:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Malwarebytes [2010.01.30 20:25:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Media Player Classic [2010.01.18 21:16:19 | 000,000,000 | --SD | M] -- F:\Documents and Settings\***\Application Data\Microsoft [2010.01.15 20:59:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla [2010.09.25 20:53:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Online Solutions [2010.01.15 18:59:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Opera [2010.03.29 20:46:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Research In Motion [2010.01.30 22:20:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Roxio [2010.01.20 16:28:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Sun [1980.01.04 02:25:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\SUPERAntiSpyware.com [2010.01.18 19:38:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Winamp [2010.01.15 21:21:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\WinRAR < %APPDATA%\*.exe /s > [2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\DesktopMgr.exe [2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.20 17:33:23 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.20 17:33:23 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe [2010.03.20 17:33:23 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe [2010.03.20 17:33:23 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe [2010.01.12 19:49:55 | 000,025,214 | R--- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{53480370-6CA2-47EC-BC05-02B4B9271C31}\ARPPRODUCTICON.exe [2010.01.12 19:49:55 | 000,025,214 | R--- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{53480370-6CA2-47EC-BC05-02B4B9271C31}\oodcnt_ds.53480300_6789_44B8_908F_AD7D7990104B.exe [2010.01.12 19:49:55 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{53480370-6CA2-47EC-BC05-02B4B9271C31}\oodcnt_exe.53480300_6789_44B8_908F_AD7D7990104B.exe [2010.01.12 21:33:27 | 000,057,344 | R--- | M] (Macrovision Corporation) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{7F362F06-A9A3-440F-8B19-6A01A72723C4}\ARPPRODUCTICON.exe [1980.01.04 02:26:03 | 000,018,944 | R--- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe [1980.01.04 02:26:03 | 000,065,024 | R--- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe [2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\DesktopMgr.exe [2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe [2010.03.18 13:15:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- F:\Documents and Settings\***\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.01.15 22:27:59 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.01.15 22:27:59 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.01.15 22:27:59 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.01.15 22:27:59 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- F:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- F:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys [2005.10.12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- F:\WINDOWS\OemDir\iaStor.sys [2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- F:\WINDOWS\system32\drivers\iaStor.sys [2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- F:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys [2005.10.12 13:08:52 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- F:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll [2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- F:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- F:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- F:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004.08.04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- F:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- F:\WINDOWS\ERDNT\cache\user32.dll [2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- F:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- F:\WINDOWS\system32\user32.dll [2004.08.04 14:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- F:\WINDOWS\$NtServicePackUninstall$\user32.dll < MD5 for: USERINIT.EXE > [2004.08.04 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- F:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- F:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- F:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- F:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- F:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- F:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- F:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- F:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- F:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- F:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [1980.01.04 02:15:24 | 000,094,208 | ---- | M] () -- F:\WINDOWS\system32\config\default.sav [1980.01.04 02:15:24 | 000,659,456 | ---- | M] () -- F:\WINDOWS\system32\config\software.sav [1980.01.04 02:15:23 | 000,917,504 | ---- | M] () -- F:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Danke sehr Andreas |
|
26.09.2010, 10:34
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exeZitat:
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
DRV - (UIUSys) -- F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
[2010.09.21 12:32:23 | 000,564,800 | ---- | C] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.09.2010, 12:11
| #29 |
| | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe Hallo Arne, 2000 ist für ein KHK FiBu Programm , was mindestens genauso alt aber bezahlt ist. Nur läuft es nicht auf PCs mit über 1GB RAM. Sowas weiß man naturlich erst nachher. Ein 2.tes System ist für mich schon Pflicht, aber mir fehlt es an Know How. Ansich wollte ich ein daily XP Backup, um im Notfall von der USB HDD zu booten, aber auch da, nur Probleme. Linux hatte ich mal kurz auf der alten Partition, kam aber auch nicht richtig damit zurecht. Win-verblödet eben ! Hier das Log von OTL. P.S. Was weiß man eigentlich über meine Schädlinge ? (wer warum woher wieso) google brachte mir wenig bis fast nichts . All processes killed ========== OTL ========== Service UIUSys stopped successfully! Service UIUSys deleted successfully! File F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found not found. File F:\WINDOWS\System32\drivers\tdjzasdk.sys not found. ========== COMMANDS ========== F:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: **** ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 621529 bytes ->Flash cache emptied: 517 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,00 mb OTL by OldTimer - Version 3.2.14.1 log created on 09262010_122634 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
26.09.2010, 12:20
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exeZitat:
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe |
| adobe, antivir, antivir guard, avira, bho, desktop, diagnostics, excel, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, launch, monitor, object, plug-in, registry, rootkit, rundll, scan, security, software, start menu, superantispyware, system, trojan.hiloti, trojaner, usb, windows, windows xp |
Textbox.
.
Linear-Darstellung
