| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus - Klickgeräusche und MusikWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.07.2010, 13:11
| #1 |
| |  Virus - Klickgeräusche und Musik Hallo, seit kurzem ertönen aus meinem Rechner Klickgeräusche und Musik ohne ersichtlichen Grund. Als Virenschutz benutze ich Sophos. Das hat nichts gefunden. Ich habe dann Malwarebytes Anti-Malware runter geladen, der Scan hat allerdings auch nichts ergeben. Hier nun ein aktueller HijackThis Logfile: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:39:38, on 31.07.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programme\ltmoh\Ltmoh.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Programme\Acer\Notebook Manager\almxptray.exe C:\Programme\Sophos\AutoUpdate\ALsvc.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Launch Manager\QtZgAcer.EXE C:\Programme\Ahead\InCD\InCD.exe C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe C:\Programme\SlySoft\AnyDVD\AnyDVD.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\Sophos\AutoUpdate\ALMon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Heidi Bursen\Eigene Dateien\Downloads\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://global.acer.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AcerNotebookManager] C:\Programme\Acer\Notebook Manager\almxptray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [UVS10 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {5849AB88-93B6-46C4-B518-0704A8435492} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {5849AB88-93B6-46C4-B518-0704A8435492} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (file missing) (HKCU) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Plc - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Programme\Sophos\AutoUpdate\ALsvc.exe O23 - Service: StarMoney 7.0 OnlineUpdate - Star Finanz - Software Entwicklung und Vertriebs GmbH - C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11514 bytes Ich hoffe sehr, dass mir jemand helfen kann. Danke schon mal... |
|
31.07.2010, 16:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus - Klickgeräusche und Musik Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ |
|
31.07.2010, 19:11
| #3 |
| | Virus - Klickgeräusche und Musik Hallo Arne,
__________________vielen, vielen Dank für die Antwort. Ich habe jetzt mal alles gemacht, wie beschrieben. Nachfolgend die Logs für GMER, OSAM und bootkit remover. Bei dem bootkit remover bin ich mir nicht ganz sicher was ich posten soll... Ich poste mal was ich für richtig halte... GMER-Log: GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-07-31 19:57:24 Windows 5.1.2600 Service Pack 3 Running: xq4gfrby.exe; Driver: C:\DOKUME~1\HEIDIB~1\LOKALE~1\Temp\agldipog.sys ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\o2mmb.sys entry point in "init" section [0xF8117EA0] init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7FD8510] .text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xB2311000, 0x328BA, 0xE8000020] .pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xB2355000] .relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xB2371000, 0x8E, 0x42000040] ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[748] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 1004BF70 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[748] USER32.dll!SetWindowRgn + 2BD 7E37E7E5 7 Bytes JMP 1004BE30 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[748] USER32.dll!SetClipboardData + 19D 7E38113B 7 Bytes JMP 1004BF50 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[748] USER32.dll!MessageBoxA + 49 7E3A0833 7 Bytes JMP 1004C040 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[748] USER32.dll!MessageBoxExW + 1F 7E3A0857 7 Bytes JMP 1004C090 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[748] USER32.dll!MessageBoxTimeoutA + CA 7E3B64D0 7 Bytes JMP 1004BFC0 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Programme\Internet Explorer\iexplore.exe[772] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 7E2A524C C:\WINDOWS\system32\SHDOCVW.dll (Bibliothek für Shell-Dokumente und -Steuerelemente/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 mouclass.sys (Mausklassentreiber/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ---- Processes - GMER 1.0.15 ---- Process C:\Programme\Internet Explorer\iexplore.exe (*** hidden *** ) 772 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00028ae08166 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000e9b872250 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00028ae08166 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000e9b872250 (not active ControlSet) Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- EOF - GMER 1.0.15 ---- OSAM-Log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 19:25:15 on 31.07.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.5.11 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Sophos Plc" - C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl "ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.CPL" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.CPL "JAVACPL.CPL" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\JAVACPL.CPL "Mp3cnfg.cpl" - "Kristal Studio" - C:\WINDOWS\system32\Mp3cnfg.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV07.sys "acernbm" (acernbm) - ? - C:\WINDOWS\system32\drivers\acernbm.sys (File found, but it contains no detailed information) "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\WINDOWS\System32\Drivers\usbaapl.sys "BrPar" (BrPar) - "Brother Industries Ltd." - C:\WINDOWS\System32\drivers\BrPar.sys "BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\WINDOWS\system32\drivers\BVRPMPR5.SYS "cdrbsvsd" (cdrbsvsd) - "B.H.A Corporation" - C:\WINDOWS\system32\drivers\cdrbsvsd.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Dritek HotKey Keyboard Filter Driver" (DKbFltr) - "Dritek System Inc." - C:\WINDOWS\System32\Drivers\DKbFltr.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "InCD File System" (InCDfs) - "Ahead Software AG" - C:\WINDOWS\system32\drivers\InCDfs.sys "InCDPass" (InCDPass) - "Ahead Software AG" - C:\WINDOWS\System32\DRIVERS\InCDPass.sys "InCDrec" (InCDrec) - "Ahead Software AG" - C:\WINDOWS\system32\drivers\InCDrec.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "osadmi" (osadmi) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\osadmi.sys "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys "PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Sony Ericsson Device 0A1 driver (WDM)" (sea1bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1bus.sys "Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS)" (sea1nd5) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1nd5.sys "Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM)" (sea1unic) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1unic.sys "Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM)" (sea1mgmt) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1mgmt.sys "Sony Ericsson Device 0A1 USB WMC Modem Driver" (sea1mdm) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1mdm.sys "Sony Ericsson Device 0A1 USB WMC Modem Filter" (sea1mdfl) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1mdfl.sys "Sony Ericsson Device 0A1 USB WMC OBEX Interface" (sea1obex) - "MCCI" - C:\WINDOWS\System32\DRIVERS\sea1obex.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll "CorelDRAW Shell Extension Component" - ? - (File not found | COM-object registry key not found) {4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - C:\Programme\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CrlShell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {950FF917-7A57-46BC-8017-59D9BF474000} "Shell Extension for CDRW" - "Ahead Software AG" - C:\Programme\Ahead\InCD\incdshx.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson File Manager" - ? - (File not found | COM-object registry key not found) {DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\USIShex.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Klicke hier um das Projekt xp-AntiSpy zu unterstützen" - ? - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (File not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {182EC0BE-5110-49C8-A062-BEB1D02A220B} "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Acrobat Speed Launcher.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "AutoUpdate Monitor.lnk" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Shortcut exists | File exists) "DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI -----( %UserProfile%\Startmenü\Programme\Autostart )----- "DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\Heidi Bursen\Startmenü\Programme\Autostart\DESKTOP.INI -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized "Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AcerNotebookManager" - "Acer" - C:\Programme\Acer\Notebook Manager\almxptray.exe "Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "AnyDVD" - "SlySoft, Inc." - C:\Programme\SlySoft\AnyDVD\AnyDVD.exe "ATIPTA" - "ATI Technologies, Inc." - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe "InCD" - "Ahead Software AG" - C:\Programme\Ahead\InCD\InCD.exe "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "LaunchApp" - "Acer Inc." - Alaunch "LManager" - "Dritek System Inc." - C:\Programme\Launch Manager\QtZgAcer.EXE "LtMoh" - "Agere Systems" - C:\Programme\ltmoh\Ltmoh.exe "MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC (File signed by Microsoft | File found, but it contains no detailed information) "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" "UVS10 Preload" - "Ulead Systems, Inc." - C:\Programme\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Lexmark Network Port" - "Lexmark International, Inc." - C:\WINDOWS\system32\lexlmpm.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\MAGIX\Common\Database\bin\fbserver.exe "InCD Helper" (InCDsrv) - "Ahead Software AG" - C:\Programme\Ahead\InCD\InCDsrv.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LexBce Server" (LexBceS) - "Lexmark International, Inc." - C:\WINDOWS\system32\LEXBCES.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information) "Sophos Anti-Virus" (SAVService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe "Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe "Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALsvc.exe "StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index bootkit remover - ??? .\debug.cpp(238) : Debug log started at 31.07.2010 - 17:41:31 .\boot_cleaner.cpp(675) : Bootkit Remover .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab .\boot_cleaner.cpp(677) : esage lab - main .\boot_cleaner.cpp(681) : Program version: 1.1.0.0 .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600) .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x804d7000 0x00217380 "\WINDOWS\system32\ntoskrnl.exe" .\debug.cpp(256) : 0x806ef000 0x00013d00 "\WINDOWS\system32\hal.dll" .\debug.cpp(256) : 0xf8cf7000 0x00002000 "\WINDOWS\system32\KDCOM.DLL" .\debug.cpp(256) : 0xf8c07000 0x00003000 "\WINDOWS\system32\BOOTVID.dll" .\debug.cpp(256) : 0xf87a7000 0x0002f000 "ACPI.sys" .\debug.cpp(256) : 0xf8cf9000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS" .\debug.cpp(256) : 0xf8796000 0x00011000 "pci.sys" .\debug.cpp(256) : 0xf87f7000 0x0000a000 "isapnp.sys" .\debug.cpp(256) : 0xf8807000 0x00010000 "ohci1394.sys" .\debug.cpp(256) : 0xf8817000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS" .\debug.cpp(256) : 0xf8c0b000 0x00003000 "compbatt.sys" .\debug.cpp(256) : 0xf8c0f000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0xf8dbf000 0x00001000 "pciide.sys" .\debug.cpp(256) : 0xf8a77000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS" .\debug.cpp(256) : 0xf8cfb000 0x00002000 "intelide.sys" .\debug.cpp(256) : 0xf8778000 0x0001e000 "pcmcia.sys" .\debug.cpp(256) : 0xf8827000 0x0000b000 "MountMgr.sys" .\debug.cpp(256) : 0xf8759000 0x0001f000 "ftdisk.sys" .\debug.cpp(256) : 0xf8cfd000 0x00002000 "dmload.sys" .\debug.cpp(256) : 0xf8733000 0x00026000 "dmio.sys" .\debug.cpp(256) : 0xf8c13000 0x00003000 "ACPIEC.sys" .\debug.cpp(256) : 0xf8dc0000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS" .\debug.cpp(256) : 0xf8a7f000 0x00005000 "PartMgr.sys" .\debug.cpp(256) : 0xf8837000 0x0000e000 "VolSnap.sys" .\debug.cpp(256) : 0xf871b000 0x00018000 "atapi.sys" .\debug.cpp(256) : 0xf8847000 0x00009000 "disk.sys" .\debug.cpp(256) : 0xf8857000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS" .\debug.cpp(256) : 0xf86fb000 0x00020000 "fltmgr.sys" .\debug.cpp(256) : 0xf86e9000 0x00012000 "sr.sys" .\debug.cpp(256) : 0xf8867000 0x00009000 "PxHelp20.sys" .\debug.cpp(256) : 0xf86c5000 0x00024000 "Fastfat.sys" .\debug.cpp(256) : 0xf86ae000 0x00017000 "KSecDD.sys" .\debug.cpp(256) : 0xf869b000 0x00013000 "WudfPf.sys" .\debug.cpp(256) : 0xf866e000 0x0002d000 "NDIS.sys" .\debug.cpp(256) : 0xf8654000 0x0001a000 "Mup.sys" .\debug.cpp(256) : 0xf8877000 0x0000b000 "agp440.sys" .\debug.cpp(256) : 0xf8c8f000 0x00004000 "\SystemRoot\System32\Drivers\cdrbsvsd.SYS" .\debug.cpp(256) : 0xf8897000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys" .\debug.cpp(256) : 0xf8a9f000 0x00008000 "\SystemRoot\system32\drivers\Afc.sys" .\debug.cpp(256) : 0xf8aa7000 0x00005000 "\SystemRoot\System32\Drivers\AnyDVD.sys" .\debug.cpp(256) : 0xf8c93000 0x00003000 "\SystemRoot\system32\drivers\pfc.sys" .\debug.cpp(256) : 0xf88a7000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0xf88b7000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys" .\debug.cpp(256) : 0xf85d8000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0xf8cff000 0x00002000 "\SystemRoot\system32\DRIVERS\NTIDrvr.sys" .\debug.cpp(256) : 0xf8aaf000 0x00007000 "\SystemRoot\System32\DRIVERS\InCDPass.sys" .\debug.cpp(256) : 0xf8ab7000 0x00006000 "\SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys" .\debug.cpp(256) : 0xf88c7000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0xf8498000 0x000be000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys" .\debug.cpp(256) : 0xf8484000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS" .\debug.cpp(256) : 0xf8abf000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0xf8460000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0xf8ac7000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0xf8444000 0x0001c000 "\SystemRoot\system32\DRIVERS\b57xp32.sys" .\debug.cpp(256) : 0xf8134000 0x00310000 "\SystemRoot\system32\DRIVERS\w29n51.sys" .\debug.cpp(256) : 0xf8d01000 0x00002000 "\SystemRoot\system32\drivers\MbxStby.sys" .\debug.cpp(256) : 0xf8105000 0x0002f000 "\SystemRoot\system32\drivers\o2mmb.sys" .\debug.cpp(256) : 0xf88d7000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys" .\debug.cpp(256) : 0xf88e7000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0xf8acf000 0x00005000 "\SystemRoot\System32\Drivers\DKbFltr.sys" .\debug.cpp(256) : 0xf8ad7000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0xf809b000 0x00042000 "\SystemRoot\system32\DRIVERS\SynTP.sys" .\debug.cpp(256) : 0xf8d03000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0xf8adf000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0xf8087000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys" .\debug.cpp(256) : 0xf88f7000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys" .\debug.cpp(256) : 0xf8cab000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys" .\debug.cpp(256) : 0xf8ae7000 0x00007000 "\SystemRoot\system32\DRIVERS\nscirda.sys" .\debug.cpp(256) : 0xf8caf000 0x00003000 "\SystemRoot\system32\DRIVERS\irenum.sys" .\debug.cpp(256) : 0xf8005000 0x00082000 "\SystemRoot\system32\drivers\ALCXWDM.SYS" .\debug.cpp(256) : 0xf7fe1000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0xf8907000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0xf7f81000 0x00060000 "\SystemRoot\system32\drivers\ALCXSENS.SYS" .\debug.cpp(256) : 0xf7e5c000 0x00125000 "\SystemRoot\system32\DRIVERS\AGRSM.sys" .\debug.cpp(256) : 0xf8aef000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS" .\debug.cpp(256) : 0xf8cbf000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0xf85b2000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys" .\debug.cpp(256) : 0xf8af7000 0x00005000 "\SystemRoot\system32\DRIVERS\rasirda.sys" .\debug.cpp(256) : 0xf8aff000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0xf8917000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0xf8cc7000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0xf7e45000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0xf8927000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0xf8937000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0xf7d94000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys" .\debug.cpp(256) : 0xf8947000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys" .\debug.cpp(256) : 0xf8b07000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys" .\debug.cpp(256) : 0xf8b0f000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys" .\debug.cpp(256) : 0xf7d3c000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys" .\debug.cpp(256) : 0xf8957000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0xf8d05000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0xf7cde000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys" .\debug.cpp(256) : 0xf8cdb000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0xf8977000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0xf89a7000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0xb27e9000 0x00017000 "\SystemRoot\system32\DRIVERS\ozscr.sys" .\debug.cpp(256) : 0xf860b000 0x00004000 "\SystemRoot\system32\DRIVERS\SMCLIB.SYS" .\debug.cpp(256) : 0xf8603000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys" .\debug.cpp(256) : 0xf89c7000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0xf8b1f000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0xf85ff000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys" .\debug.cpp(256) : 0xf89d7000 0x0000a000 "\SystemRoot\system32\DRIVERS\savonaccessfilter.sys" .\debug.cpp(256) : 0xb272d000 0x0001c000 "\SystemRoot\system32\DRIVERS\savonaccesscontrol.sys" .\debug.cpp(256) : 0xf8d09000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0xf8580000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0xf8d0b000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0xf8b3f000 0x00006000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0xf8d0d000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS" .\debug.cpp(256) : 0xf8d0f000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0xf8d11000 0x00002000 "\SystemRoot\System32\Drivers\InCDrec.SYS" .\debug.cpp(256) : 0xb26ce000 0x00017000 "\SystemRoot\System32\Drivers\InCDfs.SYS" .\debug.cpp(256) : 0xf8b47000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0xf8b4f000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0xf80f5000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0xb26bb000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys" .\debug.cpp(256) : 0xb2662000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys" .\debug.cpp(256) : 0xb263a000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0xb2618000 0x00022000 "\SystemRoot\System32\drivers\afd.sys" .\debug.cpp(256) : 0xf89e7000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0xb25ed000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0xf8575000 0x00001000 "\SystemRoot\System32\Drivers\PQNTDrv.SYS" .\debug.cpp(256) : 0xb257d000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0xf89f7000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS" .\debug.cpp(256) : 0xb2557000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys" .\debug.cpp(256) : 0xf8a07000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0xf8a17000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys" .\debug.cpp(256) : 0xb24a2000 0x0008d000 "\SystemRoot\System32\Drivers\Ntfs.SYS" .\debug.cpp(256) : 0xf8a37000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS" .\debug.cpp(256) : 0xb248a000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys" .\debug.cpp(256) : 0xf8d13000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS" .\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0xf7cd2000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0xf8b57000 0x00005000 "\SystemRoot\System32\watchdog.sys" .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys" .\debug.cpp(256) : 0xf8e3d000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys" .\debug.cpp(256) : 0xbf012000 0x00063000 "\SystemRoot\System32\ati2dvag.dll" .\debug.cpp(256) : 0xbf075000 0x00121000 "\SystemRoot\System32\ati3duag.dll" .\debug.cpp(256) : 0xbf196000 0x00091000 "\SystemRoot\System32\ativvaxx.dll" .\debug.cpp(256) : 0xb2310000 0x00062000 "\??\C:\WINDOWS\system32\drivers\ACEDRV07.sys" .\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL" .\debug.cpp(256) : 0xb1fda000 0x00016000 "\SystemRoot\system32\DRIVERS\irda.sys" .\debug.cpp(256) : 0xb2104000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0xb1c7d000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys" .\debug.cpp(256) : 0xb2178000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys" .\debug.cpp(256) : 0xb1a6a000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys" .\debug.cpp(256) : 0xf8b67000 0x00005000 "\SystemRoot\System32\drivers\BrPar.sys" .\debug.cpp(256) : 0xf8d2b000 0x00002000 "\SystemRoot\system32\drivers\acernbm.sys" .\debug.cpp(256) : 0xb1c13000 0x00003000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys" .\debug.cpp(256) : 0xf8ecb000 0x00001000 "\SystemRoot\system32\drivers\osadmi.sys" .\debug.cpp(256) : 0xb1793000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys" .\debug.cpp(256) : 0xb12ca000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys" .\debug.cpp(256) : 0xb0ca9000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys" .\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\System32\ntdll.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDRBSVSD" .\debug.cpp(400) : Destination="\Device\CDRBSVSD" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination="\Device\Video0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#NSC6001#0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000069" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\InCDfs" .\debug.cpp(400) : Destination="\DosDevices\BsUDF" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice" .\debug.cpp(400) : Destination="\Device\WUDFLpcDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination="\Device\Ndis" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon" .\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2FFF353C-2CE8-437E-96D2-07FD85673A89}" .\debug.cpp(400) : Destination="\Device\{2FFF353C-2CE8-437E-96D2-07FD85673A89}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000034" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination="\Device\Video1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip" .\debug.cpp(400) : Destination="\Device\Ip" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04b4&Pid_6560#5&178eff08&0&6#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination="\Device\Video2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Agere Systems AC'97 Modem" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000045" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000033" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination="\Device\Video3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c047#6&26c65fbf&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000088" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev" .\debug.cpp(400) : Destination="\Device\IPSEC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination="\Device\Video4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement" .\debug.cpp(400) : Destination="\Device\ProcessManagement" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ-831S________________1.50____#5&fcf2c4e&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_00511025&REV_03#3&61aaa01&0&FD#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY" .\debug.cpp(400) : Destination="\Device\NDProxy" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr" .\debug.cpp(400) : Destination="\Device\RdpDrDvMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&30b8c15c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination="\Device\CompositeBattery" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACERNBM" .\debug.cpp(400) : Destination="\Device\ACERNBM" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CX2IOCTL" .\debug.cpp(400) : Destination="\Device\CX2IOCTL" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1" .\debug.cpp(400) : Destination="\Device\Serial0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c047#5&408075d&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination="\Device\WMIDataDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination="\Device\NamedPipe" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4afa8312-bc29-11d9-a33b-806d6172696f}" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3" .\debug.cpp(400) : Destination="\Device\AgereModem5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice" .\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C7&SUBSYS_00511025&REV_03#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT" .\debug.cpp(400) : Destination="\Device\IPNAT" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_00511025&REV_03#3&61aaa01&0&FD#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched" .\debug.cpp(400) : Destination="\Device\PSched" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c047#6&26c65fbf&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000088" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination="\Device\Mup" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination="\Device\Tcp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\osadmi" .\debug.cpp(400) : Destination="\Device\osadmi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCD_PSEUDO_DEVICE" .\debug.cpp(400) : Destination="\Device\INCD_PSEUDO_DEVICE" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination="\Device\USBFDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C2&SUBSYS_00511025&REV_03#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination="\Device\USBFDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1653&SUBSYS_00511025&REV_03#4&16793a72&0&10F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0014" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination="\Device\VideoPdo1" .\debug.cpp(369) : Device "\GLOBAL??\BsUDF" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureDEE8DEE8Offset80F095E00LengthA92C02400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination="\Device\USBFDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000037" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination="\DosDevices\LPT1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCMCIA#O2Micro-SmartCardBus_Reader-2E10#1#{50dd5230-ba8a-11d1-bf5d-0000f805f530}" .\debug.cpp(400) : Destination="\Device\PcCard0-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000038" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3" .\debug.cpp(400) : Destination="\Device\USBFDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000036" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination="\Device\FsWrap" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio" .\debug.cpp(400) : Destination="\Device\sysaudio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c94c2660-3257-11de-a7c5-806d6172696f}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4afa8310-bc29-11d9-a33b-806d6172696f}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SAVOnAccess" .\debug.cpp(400) : Destination="\Device\SAVOnAccessControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000004d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#3d3e47c09f00#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000006a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination="\GLOBAL??" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\00000048" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Paspi0" .\debug.cpp(400) : Destination="\Device\Paspi0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0" .\debug.cpp(400) : Destination="\Device\Pcmcia0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1f4ce3ab&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000004b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia1" .\debug.cpp(400) : Destination="\Device\Pcmcia1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D71D8557-202B-40C9-87F2-4D9C4169124E}" .\debug.cpp(400) : Destination="\Device\{D71D8557-202B-40C9-87F2-4D9C4169124E}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4220&SUBSYS_27018086&REV_05#4&16793a72&0&20F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia2" .\debug.cpp(400) : Destination="\Device\Pcmcia2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BRLPT1" .\debug.cpp(400) : Destination="\Device\BrPar0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FFD4C8B7-52FC-4D40-96A5-042BFCABC3E1}" .\debug.cpp(400) : Destination="\Device\{FFD4C8B7-52FC-4D40-96A5-042BFCABC3E1}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E806326D-BD1E-4B16-B204-FAF1A570A735}" .\debug.cpp(400) : Destination="\Device\{E806326D-BD1E-4B16-B204-FAF1A570A735}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394" .\debug.cpp(400) : Destination="\Device\ARP1394" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\InCDfsComm" .\debug.cpp(400) : Destination="\Device\InCDfsComm" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C6&SUBSYS_00511025&REV_03#3&61aaa01&0&FE#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&32d50c2&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000063" .\debug.cpp(369) : Device "\GLOBAL??\CONAN" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_13#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4E50&SUBSYS_00511025&REV_00#4&1ab4b779&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&38abc481&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8EE0C52E-6C07-4D04-9BDA-266D0A8EBD09}" .\debug.cpp(400) : Destination="\Device\{8EE0C52E-6C07-4D04-9BDA-266D0A8EBD09}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination="\Device\MountPointManager" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8026&SUBSYS_00511025&REV_00#4&16793a72&0&38F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig" .\debug.cpp(400) : Destination="\Device\DmControl\DmConfig" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000032" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#6&1087c98d&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}" .\debug.cpp(400) : Destination="\Device\Parallel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&32d50c2&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000064" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination="\Device\WANARP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace" .\debug.cpp(400) : Destination="\Device\DmControl\DmTrace" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DDD25580-B2E8-4BE0-B4F6-5619F0FBAA4B}" .\debug.cpp(400) : Destination="\Device\{DDD25580-B2E8-4BE0-B4F6-5619F0FBAA4B}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{156B2696-13AB-4D2A-968E-4B2C48817BDC}" .\debug.cpp(400) : Destination="\Device\{156B2696-13AB-4D2A-968E-4B2C48817BDC}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination="\Device\NdisWanIp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6D90E119-9752-4028-A07B-66AB2972322D}" .\debug.cpp(400) : Destination="\Device\{6D90E119-9752-4028-A07B-66AB2972322D}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Dritek_KB_Filter" .\debug.cpp(400) : Destination="\Device\Dritek_KB_Filter" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO" .\debug.cpp(400) : Destination="\Device\ElbyCDIO" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ-831S________________1.50____#5&fcf2c4e&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0" .\debug.cpp(400) : Destination="\Device\1394BUS0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{47E4A8A5-8D6C-4230-A17C-F22ED039E2AB}" .\debug.cpp(400) : Destination="\Device\{47E4A8A5-8D6C-4230-A17C-F22ED039E2AB}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1217&DEV_7110&SUBSYS_00511025&REV_00#4&16793a72&0&32F0#{894a7461-a033-11d2-821e-444553540000}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_00511025&REV_03#3&61aaa01&0&FD#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1" .\debug.cpp(400) : Destination="\Device\ParTechInc0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9F88E4B7-F9B2-465D-9F3A-8FDD43ABE7E5}" .\debug.cpp(400) : Destination="\Device\{9F88E4B7-F9B2-465D-9F3A-8FDD43ABE7E5}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000035" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#0#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\00000068" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskIC25N080ATMR04-0________________________MO4OAD4A#5&2288dcf3&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader" .\debug.cpp(400) : Destination="\Device\DmLoader" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NTIDrvr" .\debug.cpp(400) : Destination="\Device\NTIDrvr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2" .\debug.cpp(400) : Destination="\Device\ParTechInc1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1" .\debug.cpp(400) : Destination="\Device\Parallel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST" .\debug.cpp(400) : Destination="\Device\IPMULTICAST" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination="\Device\NdisWan" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI" .\debug.cpp(400) : Destination="\Device\NdisTapi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureDEE8DEE8OffsetBBC57E00Length753436200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow" .\debug.cpp(400) : Destination="\Device\LanmanRedirector" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCDPASS_REAL_DEVICE00000000" .\debug.cpp(400) : Destination="\Device\INCDPASS_REAL_DEVICE00000000" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3" .\debug.cpp(400) : Destination="\Device\ParTechInc2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{081F5FF4-B570-4BC2-B503-12F8AFA88D2D}" .\debug.cpp(400) : Destination="\Device\{081F5FF4-B570-4BC2-B503-12F8AFA88D2D}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination="\Device\FtControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C6&SUBSYS_00511025&REV_03#3&61aaa01&0&FE#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_IRDAMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000031" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3EA702F1-6836-4351-861B-D1283B61D6BD}" .\debug.cpp(400) : Destination="\Device\{3EA702F1-6836-4351-861B-D1283B61D6BD}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#3#{97f76ef0-f883-11d0-af1f-0000f800845c}" .\debug.cpp(400) : Destination="\Device\00000067" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_00511025&REV_03#3&61aaa01&0&FD#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination="\Device\MailSlot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C4&SUBSYS_00511025&REV_03#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PQNTDRV" .\debug.cpp(400) : Destination="\Device\PQNTDRV" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination="\DosDevices\COM1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACEDRV07" .\debug.cpp(400) : Destination="\Device\ACEDRV07" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ-831S________________1.50____#5&fcf2c4e&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Aaspi0" .\debug.cpp(400) : Destination="\Device\Aaspi0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#0#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\00000068" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000003d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination="\Device\Null" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AGRSM_xface" .\debug.cpp(400) : Destination="\Device\AGRSM_xface" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination="" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination="\Device\Ndisuio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24CD&SUBSYS_00511025&REV_03#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP" .\debug.cpp(400) : Destination="\Device\SynTP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo" .\debug.cpp(400) : Destination="\Device\DmControl\DmInfo" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&17e0526a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-0" .\debug.cpp(451) : ********************************************** .\boot_cleaner.cpp(1077) : System volume is \\.\C: .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`bbc57e00 .\boot_cleaner.cpp(424) : Boot sector MD5 is: d32c628275cdd877e23b59f0dec93ee2 .\boot_cleaner.cpp(1151) : .\boot_cleaner.cpp(1152) : Size Device Name MBR Status .\boot_cleaner.cpp(1153) : -------------------------------------------- .\boot_cleaner.cpp(1197) : 74 GB \\.\PhysicalDrive0 Unknown boot code .\boot_cleaner.cpp(1203) : .\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks. .\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector: .\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file] .\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command: .\boot_cleaner.cpp(1217) : remover.exe fix <device_name> .\boot_cleaner.cpp(1220) : .\boot_cleaner.cpp(1242) : Done; Ich hoffe das bringt neue Erkenntnisse... Vielen Dank im voraus LG, heidi |
|
31.07.2010, 19:33
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus - Klickgeräusche und Musik Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren! Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok. Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen: Code:
ATTFilter remover.exe fix \\.\PhysicalDrive0
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.07.2010, 20:14
| #5 |
| | Virus - Klickgeräusche und Musik ok, hab ich gemacht. Vielleicht etwas naiv, aber was hab ich gerade gemacht? |
|
31.07.2010, 20:48
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus - Klickgeräusche und Musik Du hast damit den MBR repariert. Ist für das Booten des Betriebssystems relevant. Führ zur Kontrolle bitte die remover.exe per Doppelklick aus und poste die Ausgabe.
__________________ --> Virus - Klickgeräusche und Musik |
|
31.07.2010, 21:01
| #7 |
| | Virus - Klickgeräusche und Musik Ok, done. .\debug.cpp(238) : Debug log started at 31.07.2010 - 19:57:10 .\boot_cleaner.cpp(675) : Bootkit Remover .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab .\boot_cleaner.cpp(677) : esage lab - main .\boot_cleaner.cpp(681) : Program version: 1.1.0.0 .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600) .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x804d7000 0x00217380 "\WINDOWS\system32\ntoskrnl.exe" .\debug.cpp(256) : 0x806ef000 0x00013d00 "\WINDOWS\system32\hal.dll" .\debug.cpp(256) : 0xf8cf7000 0x00002000 "\WINDOWS\system32\KDCOM.DLL" .\debug.cpp(256) : 0xf8c07000 0x00003000 "\WINDOWS\system32\BOOTVID.dll" .\debug.cpp(256) : 0xf87a7000 0x0002f000 "ACPI.sys" .\debug.cpp(256) : 0xf8cf9000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS" .\debug.cpp(256) : 0xf8796000 0x00011000 "pci.sys" .\debug.cpp(256) : 0xf87f7000 0x0000a000 "isapnp.sys" .\debug.cpp(256) : 0xf8807000 0x00010000 "ohci1394.sys" .\debug.cpp(256) : 0xf8817000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS" .\debug.cpp(256) : 0xf8c0b000 0x00003000 "compbatt.sys" .\debug.cpp(256) : 0xf8c0f000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0xf8dbf000 0x00001000 "pciide.sys" .\debug.cpp(256) : 0xf8a77000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS" .\debug.cpp(256) : 0xf8cfb000 0x00002000 "intelide.sys" .\debug.cpp(256) : 0xf8778000 0x0001e000 "pcmcia.sys" .\debug.cpp(256) : 0xf8827000 0x0000b000 "MountMgr.sys" .\debug.cpp(256) : 0xf8759000 0x0001f000 "ftdisk.sys" .\debug.cpp(256) : 0xf8cfd000 0x00002000 "dmload.sys" .\debug.cpp(256) : 0xf8733000 0x00026000 "dmio.sys" .\debug.cpp(256) : 0xf8c13000 0x00003000 "ACPIEC.sys" .\debug.cpp(256) : 0xf8dc0000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS" .\debug.cpp(256) : 0xf8a7f000 0x00005000 "PartMgr.sys" .\debug.cpp(256) : 0xf8837000 0x0000e000 "VolSnap.sys" .\debug.cpp(256) : 0xf871b000 0x00018000 "atapi.sys" .\debug.cpp(256) : 0xf8847000 0x00009000 "disk.sys" .\debug.cpp(256) : 0xf8857000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS" .\debug.cpp(256) : 0xf86fb000 0x00020000 "fltmgr.sys" .\debug.cpp(256) : 0xf86e9000 0x00012000 "sr.sys" .\debug.cpp(256) : 0xf8867000 0x00009000 "PxHelp20.sys" .\debug.cpp(256) : 0xf86c5000 0x00024000 "Fastfat.sys" .\debug.cpp(256) : 0xf86ae000 0x00017000 "KSecDD.sys" .\debug.cpp(256) : 0xf869b000 0x00013000 "WudfPf.sys" .\debug.cpp(256) : 0xf866e000 0x0002d000 "NDIS.sys" .\debug.cpp(256) : 0xf8654000 0x0001a000 "Mup.sys" .\debug.cpp(256) : 0xf8877000 0x0000b000 "agp440.sys" .\debug.cpp(256) : 0xf8c8f000 0x00004000 "\SystemRoot\System32\Drivers\cdrbsvsd.SYS" .\debug.cpp(256) : 0xf8897000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys" .\debug.cpp(256) : 0xf8a9f000 0x00008000 "\SystemRoot\system32\drivers\Afc.sys" .\debug.cpp(256) : 0xf8aa7000 0x00005000 "\SystemRoot\System32\Drivers\AnyDVD.sys" .\debug.cpp(256) : 0xf8c93000 0x00003000 "\SystemRoot\system32\drivers\pfc.sys" .\debug.cpp(256) : 0xf88a7000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0xf88b7000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys" .\debug.cpp(256) : 0xf85d8000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0xf8cff000 0x00002000 "\SystemRoot\system32\DRIVERS\NTIDrvr.sys" .\debug.cpp(256) : 0xf8aaf000 0x00007000 "\SystemRoot\System32\DRIVERS\InCDPass.sys" .\debug.cpp(256) : 0xf8ab7000 0x00006000 "\SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys" .\debug.cpp(256) : 0xf88c7000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0xf8498000 0x000be000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys" .\debug.cpp(256) : 0xf8484000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS" .\debug.cpp(256) : 0xf8abf000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0xf8460000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0xf8ac7000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0xf8444000 0x0001c000 "\SystemRoot\system32\DRIVERS\b57xp32.sys" .\debug.cpp(256) : 0xf8134000 0x00310000 "\SystemRoot\system32\DRIVERS\w29n51.sys" .\debug.cpp(256) : 0xf8d01000 0x00002000 "\SystemRoot\system32\drivers\MbxStby.sys" .\debug.cpp(256) : 0xf8105000 0x0002f000 "\SystemRoot\system32\drivers\o2mmb.sys" .\debug.cpp(256) : 0xf88d7000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys" .\debug.cpp(256) : 0xf88e7000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0xf8acf000 0x00005000 "\SystemRoot\System32\Drivers\DKbFltr.sys" .\debug.cpp(256) : 0xf8ad7000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0xf809b000 0x00042000 "\SystemRoot\system32\DRIVERS\SynTP.sys" .\debug.cpp(256) : 0xf8d03000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0xf8adf000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0xf8087000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys" .\debug.cpp(256) : 0xf88f7000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys" .\debug.cpp(256) : 0xf8cab000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys" .\debug.cpp(256) : 0xf8ae7000 0x00007000 "\SystemRoot\system32\DRIVERS\nscirda.sys" .\debug.cpp(256) : 0xf8caf000 0x00003000 "\SystemRoot\system32\DRIVERS\irenum.sys" .\debug.cpp(256) : 0xf8005000 0x00082000 "\SystemRoot\system32\drivers\ALCXWDM.SYS" .\debug.cpp(256) : 0xf7fe1000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0xf8907000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0xf7f81000 0x00060000 "\SystemRoot\system32\drivers\ALCXSENS.SYS" .\debug.cpp(256) : 0xf7e5c000 0x00125000 "\SystemRoot\system32\DRIVERS\AGRSM.sys" .\debug.cpp(256) : 0xf8aef000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS" .\debug.cpp(256) : 0xf8cbf000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0xf85b2000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys" .\debug.cpp(256) : 0xf8af7000 0x00005000 "\SystemRoot\system32\DRIVERS\rasirda.sys" .\debug.cpp(256) : 0xf8aff000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0xf8917000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0xf8cc7000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0xf7e45000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0xf8927000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0xf8937000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0xf7d94000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys" .\debug.cpp(256) : 0xf8947000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys" .\debug.cpp(256) : 0xf8b07000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys" .\debug.cpp(256) : 0xf8b0f000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys" .\debug.cpp(256) : 0xf7d3c000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys" .\debug.cpp(256) : 0xf8957000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0xf8d05000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0xf7cde000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys" .\debug.cpp(256) : 0xf8cdb000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0xf8977000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0xf89a7000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0xb27e9000 0x00017000 "\SystemRoot\system32\DRIVERS\ozscr.sys" .\debug.cpp(256) : 0xf860b000 0x00004000 "\SystemRoot\system32\DRIVERS\SMCLIB.SYS" .\debug.cpp(256) : 0xf8603000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys" .\debug.cpp(256) : 0xf89c7000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0xf8b1f000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0xf85ff000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys" .\debug.cpp(256) : 0xf89d7000 0x0000a000 "\SystemRoot\system32\DRIVERS\savonaccessfilter.sys" .\debug.cpp(256) : 0xb272d000 0x0001c000 "\SystemRoot\system32\DRIVERS\savonaccesscontrol.sys" .\debug.cpp(256) : 0xf8d09000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0xf8580000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0xf8d0b000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0xf8b3f000 0x00006000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0xf8d0d000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS" .\debug.cpp(256) : 0xf8d0f000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0xf8d11000 0x00002000 "\SystemRoot\System32\Drivers\InCDrec.SYS" .\debug.cpp(256) : 0xb26ce000 0x00017000 "\SystemRoot\System32\Drivers\InCDfs.SYS" .\debug.cpp(256) : 0xf8b47000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0xf8b4f000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0xf80f5000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0xb26bb000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys" .\debug.cpp(256) : 0xb2662000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys" .\debug.cpp(256) : 0xb263a000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0xb2618000 0x00022000 "\SystemRoot\System32\drivers\afd.sys" .\debug.cpp(256) : 0xf89e7000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0xb25ed000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0xf8575000 0x00001000 "\SystemRoot\System32\Drivers\PQNTDrv.SYS" .\debug.cpp(256) : 0xb257d000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0xf89f7000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS" .\debug.cpp(256) : 0xb2557000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys" .\debug.cpp(256) : 0xf8a07000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0xf8a17000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys" .\debug.cpp(256) : 0xb24a2000 0x0008d000 "\SystemRoot\System32\Drivers\Ntfs.SYS" .\debug.cpp(256) : 0xf8a37000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS" .\debug.cpp(256) : 0xb248a000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys" .\debug.cpp(256) : 0xf8d13000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS" .\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0xf7cd2000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0xf8b57000 0x00005000 "\SystemRoot\System32\watchdog.sys" .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys" .\debug.cpp(256) : 0xf8e3d000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys" .\debug.cpp(256) : 0xbf012000 0x00063000 "\SystemRoot\System32\ati2dvag.dll" .\debug.cpp(256) : 0xbf075000 0x00121000 "\SystemRoot\System32\ati3duag.dll" .\debug.cpp(256) : 0xbf196000 0x00091000 "\SystemRoot\System32\ativvaxx.dll" .\debug.cpp(256) : 0xb2310000 0x00062000 "\??\C:\WINDOWS\system32\drivers\ACEDRV07.sys" .\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL" .\debug.cpp(256) : 0xb1fda000 0x00016000 "\SystemRoot\system32\DRIVERS\irda.sys" .\debug.cpp(256) : 0xb2104000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0xb1c7d000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys" .\debug.cpp(256) : 0xb2178000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys" .\debug.cpp(256) : 0xb1a6a000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys" .\debug.cpp(256) : 0xf8b67000 0x00005000 "\SystemRoot\System32\drivers\BrPar.sys" .\debug.cpp(256) : 0xf8d2b000 0x00002000 "\SystemRoot\system32\drivers\acernbm.sys" .\debug.cpp(256) : 0xb1c13000 0x00003000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys" .\debug.cpp(256) : 0xf8ecb000 0x00001000 "\SystemRoot\system32\drivers\osadmi.sys" .\debug.cpp(256) : 0xb1793000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys" .\debug.cpp(256) : 0xb12ca000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys" .\debug.cpp(256) : 0xb0ca9000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys" .\debug.cpp(256) : 0xb0bf2000 0x00017000 "\??\C:\DOKUME~1\HEIDIB~1\LOKALE~1\Temp\agldipog.sys" .\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\System32\ntdll.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination="\Device\Ndis" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice" .\debug.cpp(400) : Destination="\Device\WUDFLpcDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\InCDfs" .\debug.cpp(400) : Destination="\DosDevices\BsUDF" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#NSC6001#0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000069" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination="\Device\Video0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDRBSVSD" .\debug.cpp(400) : Destination="\Device\CDRBSVSD" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination="\Device\Video1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000034" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2FFF353C-2CE8-437E-96D2-07FD85673A89}" .\debug.cpp(400) : Destination="\Device\{2FFF353C-2CE8-437E-96D2-07FD85673A89}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon" .\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip" .\debug.cpp(400) : Destination="\Device\Ip" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Agere Systems AC'97 Modem" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination="\Device\Video2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04b4&Pid_6560#5&178eff08&0&6#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev" .\debug.cpp(400) : Destination="\Device\IPSEC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c047#6&26c65fbf&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000088" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination="\Device\Video3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000033" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000045" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY" .\debug.cpp(400) : Destination="\Device\NDProxy" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_00511025&REV_03#3&61aaa01&0&FD#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ-831S________________1.50____#5&fcf2c4e&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement" .\debug.cpp(400) : Destination="\Device\ProcessManagement" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination="\Device\Video4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&30b8c15c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr" .\debug.cpp(400) : Destination="\Device\RdpDrDvMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACERNBM" .\debug.cpp(400) : Destination="\Device\ACERNBM" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination="\Device\CompositeBattery" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination="\Device\WMIDataDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c047#5&408075d&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1" .\debug.cpp(400) : Destination="\Device\Serial0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CX2IOCTL" .\debug.cpp(400) : Destination="\Device\CX2IOCTL" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination="\Device\NamedPipe" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4afa8312-bc29-11d9-a33b-806d6172696f}" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3" .\debug.cpp(400) : Destination="\Device\AgereModem5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination="\Device\Mup" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c047#6&26c65fbf&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000088" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched" .\debug.cpp(400) : Destination="\Device\PSched" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_00511025&REV_03#3&61aaa01&0&FD#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT" .\debug.cpp(400) : Destination="\Device\IPNAT" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C7&SUBSYS_00511025&REV_03#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice" .\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination="\Device\USBFDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCD_PSEUDO_DEVICE" .\debug.cpp(400) : Destination="\Device\INCD_PSEUDO_DEVICE" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\osadmi" .\debug.cpp(400) : Destination="\Device\osadmi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination="\Device\Tcp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\agldipog" .\debug.cpp(400) : Destination="\Device\agldipog" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination="\Device\VideoPdo1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1653&SUBSYS_00511025&REV_03#4&16793a72&0&10F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0014" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination="\Device\USBFDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C2&SUBSYS_00511025&REV_03#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003a" .\debug.cpp(369) : Device "\GLOBAL??\BsUDF" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureDEE8DEE8Offset80F095E00LengthA92C02400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCMCIA#O2Micro-SmartCardBus_Reader-2E10#1#{50dd5230-ba8a-11d1-bf5d-0000f805f530}" .\debug.cpp(400) : Destination="\Device\PcCard0-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination="\DosDevices\LPT1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000037" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination="\Device\USBFDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio" .\debug.cpp(400) : Destination="\Device\sysaudio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination="\Device\FsWrap" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000036" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3" .\debug.cpp(400) : Destination="\Device\USBFDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000038" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c94c2660-3257-11de-a7c5-806d6172696f}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4afa8310-bc29-11d9-a33b-806d6172696f}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SAVOnAccess" .\debug.cpp(400) : Destination="\Device\SAVOnAccessControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\00000048" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination="\GLOBAL??" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#3d3e47c09f00#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000006a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000004d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1f4ce3ab&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0" .\debug.cpp(400) : Destination="\Device\Pcmcia0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Paspi0" .\debug.cpp(400) : Destination="\Device\Paspi0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4220&SUBSYS_27018086&REV_05#4&16793a72&0&20F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D71D8557-202B-40C9-87F2-4D9C4169124E}" .\debug.cpp(400) : Destination="\Device\{D71D8557-202B-40C9-87F2-4D9C4169124E}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia1" .\debug.cpp(400) : Destination="\Device\Pcmcia1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000004b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BRLPT1" .\debug.cpp(400) : Destination="\Device\BrPar0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia2" .\debug.cpp(400) : Destination="\Device\Pcmcia2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\InCDfsComm" .\debug.cpp(400) : Destination="\Device\InCDfsComm" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394" .\debug.cpp(400) : Destination="\Device\ARP1394" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E806326D-BD1E-4B16-B204-FAF1A570A735}" .\debug.cpp(400) : Destination="\Device\{E806326D-BD1E-4B16-B204-FAF1A570A735}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FFD4C8B7-52FC-4D40-96A5-042BFCABC3E1}" .\debug.cpp(400) : Destination="\Device\{FFD4C8B7-52FC-4D40-96A5-042BFCABC3E1}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&32d50c2&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000063" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C6&SUBSYS_00511025&REV_03#3&61aaa01&0&FE#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013" .\debug.cpp(369) : Device "\GLOBAL??\CONAN" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8EE0C52E-6C07-4D04-9BDA-266D0A8EBD09}" .\debug.cpp(400) : Destination="\Device\{8EE0C52E-6C07-4D04-9BDA-266D0A8EBD09}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&38abc481&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4E50&SUBSYS_00511025&REV_00#4&1ab4b779&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_13#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination="\Device\MountPointManager" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&32d50c2&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000064" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#6&1087c98d&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}" .\debug.cpp(400) : Destination="\Device\Parallel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000032" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig" .\debug.cpp(400) : Destination="\Device\DmControl\DmConfig" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8026&SUBSYS_00511025&REV_00#4&16793a72&0&38F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination="\Device\WANARP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{156B2696-13AB-4D2A-968E-4B2C48817BDC}" .\debug.cpp(400) : Destination="\Device\{156B2696-13AB-4D2A-968E-4B2C48817BDC}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DDD25580-B2E8-4BE0-B4F6-5619F0FBAA4B}" .\debug.cpp(400) : Destination="\Device\{DDD25580-B2E8-4BE0-B4F6-5619F0FBAA4B}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace" .\debug.cpp(400) : Destination="\Device\DmControl\DmTrace" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Dritek_KB_Filter" .\debug.cpp(400) : Destination="\Device\Dritek_KB_Filter" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6D90E119-9752-4028-A07B-66AB2972322D}" .\debug.cpp(400) : Destination="\Device\{6D90E119-9752-4028-A07B-66AB2972322D}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination="\Device\NdisWanIp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO" .\debug.cpp(400) : Destination="\Device\ElbyCDIO" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ-831S________________1.50____#5&fcf2c4e&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_00511025&REV_03#3&61aaa01&0&FD#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1217&DEV_7110&SUBSYS_00511025&REV_00#4&16793a72&0&32F0#{894a7461-a033-11d2-821e-444553540000}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{47E4A8A5-8D6C-4230-A17C-F22ED039E2AB}" .\debug.cpp(400) : Destination="\Device\{47E4A8A5-8D6C-4230-A17C-F22ED039E2AB}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0" .\debug.cpp(400) : Destination="\Device\1394BUS0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskIC25N080ATMR04-0________________________MO4OAD4A#5&2288dcf3&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#0#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\00000068" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000035" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9F88E4B7-F9B2-465D-9F3A-8FDD43ABE7E5}" .\debug.cpp(400) : Destination="\Device\{9F88E4B7-F9B2-465D-9F3A-8FDD43ABE7E5}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1" .\debug.cpp(400) : Destination="\Device\ParTechInc0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI" .\debug.cpp(400) : Destination="\Device\NdisTapi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination="\Device\NdisWan" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST" .\debug.cpp(400) : Destination="\Device\IPMULTICAST" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1" .\debug.cpp(400) : Destination="\Device\Parallel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2" .\debug.cpp(400) : Destination="\Device\ParTechInc1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NTIDrvr" .\debug.cpp(400) : Destination="\Device\NTIDrvr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader" .\debug.cpp(400) : Destination="\Device\DmLoader" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureDEE8DEE8OffsetBBC57E00Length753436200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow" .\debug.cpp(400) : Destination="\Device\LanmanRedirector" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{081F5FF4-B570-4BC2-B503-12F8AFA88D2D}" .\debug.cpp(400) : Destination="\Device\{081F5FF4-B570-4BC2-B503-12F8AFA88D2D}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3" .\debug.cpp(400) : Destination="\Device\ParTechInc2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCDPASS_REAL_DEVICE00000000" .\debug.cpp(400) : Destination="\Device\INCDPASS_REAL_DEVICE00000000" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_00511025&REV_03#3&61aaa01&0&FD#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#3#{97f76ef0-f883-11d0-af1f-0000f800845c}" .\debug.cpp(400) : Destination="\Device\00000067" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3EA702F1-6836-4351-861B-D1283B61D6BD}" .\debug.cpp(400) : Destination="\Device\{3EA702F1-6836-4351-861B-D1283B61D6BD}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_IRDAMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000031" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C6&SUBSYS_00511025&REV_03#3&61aaa01&0&FE#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination="\Device\FtControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination="\Device\MailSlot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACEDRV07" .\debug.cpp(400) : Destination="\Device\ACEDRV07" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination="\DosDevices\COM1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PQNTDRV" .\debug.cpp(400) : Destination="\Device\PQNTDRV" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C4&SUBSYS_00511025&REV_03#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ-831S________________1.50____#5&fcf2c4e&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination="\Device\Ndisuio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination="" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AGRSM_xface" .\debug.cpp(400) : Destination="\Device\AGRSM_xface" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination="\Device\Null" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000003d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#0#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\00000068" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Aaspi0" .\debug.cpp(400) : Destination="\Device\Aaspi0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP" .\debug.cpp(400) : Destination="\Device\SynTP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24CD&SUBSYS_00511025&REV_03#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&17e0526a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo" .\debug.cpp(400) : Destination="\Device\DmControl\DmInfo" .\debug.cpp(451) : ********************************************** .\boot_cleaner.cpp(1077) : System volume is \\.\C: .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`bbc57e00 .\boot_cleaner.cpp(424) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd .\boot_cleaner.cpp(1151) : .\boot_cleaner.cpp(1152) : Size Device Name MBR Status .\boot_cleaner.cpp(1153) : -------------------------------------------- .\boot_cleaner.cpp(1197) : 74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) .\boot_cleaner.cpp(1203) : .\boot_cleaner.cpp(1242) : Done; |
|
31.07.2010, 23:50
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus - Klickgeräusche und Musik Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.08.2010, 13:14
| #9 |
| | Virus - Klickgeräusche und Musik So, der Scan mit SUPERAntiSpyware hat etwas gedauert, hat aber was gefunden. Soll ich jetzt gleich noch einen Scan mit Malwarebytes durchführen, oder soll ich erst die gefundenen Sachen bereinigen? SUPERAntiSpyware-Log: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 08/01/2010 at 01:38 PM Application Version : 4.41.1000 Core Rules Database Version : 5297 Trace Rules Database Version: 3109 Scan type : Complete Scan Total Scan Time : 02:28:26 Memory items scanned : 622 Memory threats detected : 0 Registry items scanned : 8702 Registry threats detected : 0 File items scanned : 115747 File threats detected : 83 Adware.Tracking Cookie C:\Dokumente und Einstellungen\NetworkService\Cookies\system@atdmt[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@ads.creative-serving[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@ad.yieldmanager[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@collective-media[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@webmasterplan[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@ad.zanox[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@ad.adition[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@content.yieldmanager[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@mediaplex[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@track.effiliation[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@www.active-tracking[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@serving-sys[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@adfarm1.adition[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@traffictrack[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@tradedoubler[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@shop.zanox[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@tracking.inuvo[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@rotator.adjuggler[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@im.banner.t-online[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@revsci[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@unitymedia[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@tracking.quisma[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@adserver.traffictrack[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@adtech[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@bs.serving-sys[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@zanox-affiliate[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@eas.apm.emediate[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@adition[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@zanox[2].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@zbox.zanox[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@adserver.adtechus[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@adtechus[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@apmebf[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@doubleclick[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@ads.sportwerk[1].txt C:\Dokumente und Einstellungen\NetworkService\Cookies\system@ad.adc-serv[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@game-advertising-online[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@apmebf[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@www.zanox-affiliate[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@shop.zanox[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@webmasterplan[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@tracking.quisma[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@adserver.adtechus[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@zbox.zanox[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@smartadserver[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@track.effiliation[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@adtech[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@traffictrack[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@track.adform[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@ad.zanox[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@rotator.adjuggler[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@adtechus[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@ad.adc-serv[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@atdmt[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@ad.adition[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@mediaplex[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@ads.sportwerk[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@ads.medienhaus[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@www.active-tracking[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@revsci[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@collective-media[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@zanox[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@media6degrees[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@serving-sys[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@yieldmanager[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@gw.sslmediaserver[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@tradedoubler[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@tracking.inuvo[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@adviva[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@im.banner.t-online[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@adsby.aim4media[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@ads.creative-serving[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@bs.serving-sys[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@zanox-affiliate[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@media.gan-online[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@www.usenext[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@content.yieldmanager[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@azjmp[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@adfarm1.adition[2].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@ad.yieldmanager[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@popularscreensavers[1].txt C:\Dokumente und Einstellungen\LocalService\Cookies\system@doubleclick[1].txt Trojan.Agent/Gen-Blackder C:\DOKUMENTE UND EINSTELLUNGEN\****\LOKALE EINSTELLUNGEN\TEMP\LOADER.EXE Um es zwischendurch nochmal zu betonen, ich bin sehr dankbar und froh, dass mir hier jemand hilft. |
|
01.08.2010, 19:34
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus - Klickgeräusche und Musik Ja, bite entfernen. Dann kannst Du nochmal Malwarebytes starten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.08.2010, 22:18
| #11 |
| | Virus - Klickgeräusche und Musik Ich hab alles entfernt, was SUPERAntiSpyware gefunden hat und hab dann noch mal einen Vollscan mit Malwarebytes durchgeführt. Hat nichts gefunden. Heisst das jetzt - alles zusammen genommen - dass mein Rechner wieder sauber ist? Heute hab ich auch keine Auffälligkeiten mehr bemerkt... Malwarebytes-Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4378 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 01.08.2010 23:11:12 mbam-log-2010-08-01 (23-11-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 256716 Laufzeit: 1 Stunde(n), 15 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
05.08.2010, 09:38
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus - Klickgeräusche und Musik Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Virus - Klickgeräusche und Musik |
| adobe, bho, bonjour, dll, einstellungen, excel, explorer, firefox, hijack, hijackthis, hijackthis logfile, hkus\s-1-5-18, internet, internet explorer, launch, logfile, mozilla, musik, plug-in, rundll, scan, schutz, server, software, starmoney, system, uleadburninghelper, virus, windows, windows xp |
Linear-Darstellung
