Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GMER Auswertung verdacht auf Rootkit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.09.2010, 11:14   #1
maxl909
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Hallo Leute,

ich habe den Verdacht das sich bei mir ein Rootkit eingeschlichen hat. Könnte sich bitte ein Fachmann mal diese log-Datei anschauen?
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-07 12:06:30
Windows 6.1.7600 
Running: u4lbqzbq.exe; Driver: C:\Users\Silvio\AppData\Local\Temp\pxldqpog.sys
 
 
---- System - GMER 1.0.15 ----
 
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830383F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830381DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830386F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830391A8
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C51599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\sprg.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 91E74CA0 5 Bytes JMP 866DE1D8 
.text axzqo30l.SYS 91FC4000 12 Bytes [44, 38, 02, 83, EE, 36, 02, ...] {INC ESP; CMP [EDX], AL; SUB ESI, 0x36; ADD AL, [EBX-0x7cfde860]}
.text axzqo30l.SYS 91FC400D 9 Bytes [17, 02, 83, 48, 3B, 02, 83, ...] {POP SS; ADD AL, [EBX-0x7cfdc4b8]; ADD [EAX], AL}
.text axzqo30l.SYS 91FC4017 7 Bytes [00, DE, B7, 10, 8B, E6, B5]
.text axzqo30l.SYS 91FC401F 12 Bytes [8B, F1, 12, 11, 8B, FC, 13, ...] {MOV ESI, ECX; ADC DL, [ECX]; MOV EDI, ESP; ADC EDX, [ECX]; MOV ESI, [EDX]; AAD 0x11}
.text axzqo30l.SYS 91FC402C 149 Bytes [00, 00, 00, 00, D0, C1, C4, ...]
.text ... 
.text peauth.sys 98F62C9D 28 Bytes [84, 64, A6, 45, 81, 17, C0, ...]
.text peauth.sys 98F62CC1 28 Bytes [84, 64, A6, 45, 81, 17, C0, ...]
PAGE peauth.sys 98F68E20 101 Bytes [89, AF, C5, 7C, 58, 57, 2A, ...]
PAGE peauth.sys 98F6902C 102 Bytes [10, 0C, 24, 11, B4, 32, 0F, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9AF0F000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9AF0F123 629 Bytes [A5, F0, 9A, FE, 05, 34, A5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9AF0F399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9AF0F3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 9AF0F4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ... 
 
---- Kernel IAT/EAT - GMER 1.0.15 ----
 
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B00F042] \SystemRoot\System32\Drivers\sprg.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B00F6D6] \SystemRoot\System32\Drivers\sprg.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B00F800] \SystemRoot\System32\Drivers\sprg.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B00F13E] \SystemRoot\System32\Drivers\sprg.sys
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\axzqo30l.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
 
---- User IAT/EAT - GMER 1.0.15 ----
 
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6B87A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6B8794D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6B8794E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6B8794B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6B8794A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6B87AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6B87A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6B879832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75BC5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] [6B879E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[3476] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] [6B8792CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
 
---- Devices - GMER 1.0.15 ----
 
Device \FileSystem\Ntfs \Ntfs 855901F8
 
AttachedDevice \FileSystem\Ntfs \Ntfs OODrvled.sys (O&O DriveLED Filter Driver (Win32)/O&O Software GmbH)
 
Device \Driver\NetBT \Device\NetBT_Tcpip_{18371FB9-3371-476A-9B6A-596FAACC0DE2} 866401F8
Device \Driver\volmgr \Device\VolMgrControl 8558C1F8
Device \Driver\usbuhci \Device\USBPDO-0 866DF1F8
Device \Driver\usbuhci \Device\USBPDO-1 866DF1F8
Device \Driver\usbuhci \Device\USBPDO-2 866DF1F8
Device \Driver\sptd \Device\1949078047 sprg.sys
Device \Driver\usbuhci \Device\USBPDO-3 866DF1F8
Device \Driver\usbehci \Device\USBPDO-4 866DC500
Device \Driver\volmgr \Device\HarddiskVolume1 8558C1F8
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device \Driver\NetBT \Device\NetBT_Tcpip_{F3FD4E9E-962D-47D7-8B97-5D67A6E80929} 866401F8
Device \Driver\volmgr \Device\HarddiskVolume2 8558C1F8
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device \Driver\cdrom \Device\CdRom0 8657A500
Device \Driver\ACPI_HAL \Device\00000065 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume3 8558C1F8
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device \Driver\cdrom \Device\CdRom1 8657A500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8558E1F8
Device \Driver\atapi \Device\Ide\IdePort0 8558E1F8
Device \Driver\atapi \Device\Ide\IdePort1 8558E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 8558E1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 866401F8
Device \Driver\BTHUSB \Device\00000086 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000086 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000088 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000088 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 866DF1F8
Device \Driver\usbuhci \Device\USBFDO-1 866DF1F8
Device \Driver\usbuhci \Device\USBFDO-2 866DF1F8
Device \Driver\PCI_PNP4043 \Device\0000006e sprg.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{D84C3DD2-7BC5-4992-A91D-AEF998552E13} 866401F8
Device \Driver\usbuhci \Device\USBFDO-3 866DF1F8
Device \Driver\usbehci \Device\USBFDO-4 866DC500
Device \Driver\axzqo30l \Device\Scsi\axzqo30l1Port2Path0Target0Lun0 865811F8
Device \Driver\axzqo30l \Device\Scsi\axzqo30l1 865811F8
 
---- Threads - GMER 1.0.15 ----
 
Thread System [4:3572] 9AF1CF2E
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@0012d29a6ced 0x98 0x69 0x67 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@9c18743bef75 0xFD 0xFB 0x53 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@1886ac8c1b46 0x44 0xAC 0xB2 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d8220f5 0xCE 0x17 0x59 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d4d0861 0x83 0x05 0x96 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efb8ca2@000db5824d40 0xCD 0x03 0xB4 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???m???????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1????????????????????STORAGE\VolumeSnapshot??????????s????????????4?????????????m????? ???????m?????m???????1????????????????????machine.inf??????????????m???????????????????????5???????????????????2??? ???????m???????????l?1????????????????????????os???m?????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1????????????????????? ???????m?????m???????1????????????&??????????????????????????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1????????????????????? ???????k?????????????-???????????????????????4???????m????? ???????m?????m???????1???????????????????????m???m???m???m???m???m???m???m???m????????????? ???????m???????????l?1????????@???????????? ???????k?????????????-?????????????????f?????m????? ???????m?????m???????1????????????????????? ???????m???????????l?1?????????????????????????????????????m?m?????????????,??12?????m????? ???????k?????m???????-??????????g?????S-??? ?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???|?????????????????????????????|?????|?????|???|??????????????v_mscdsc.inf_x86_neutral_ef3a0c30c03f0225???MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB52F9BB-0B6B-47A2-86C4-0138AD6BB34B}] DATAGRAM 4????????????`??????????.NT?????????????????? ???????o??????????????????????|????????i??? ??????????????????Microsoft????????????2????????m?????????Microsoft?????????????????????J?????????????MSAFD NetBIOS [\Device\NetBT_Tcpip_{B713D249-7ED1-4BA4-A5B6-8A992B91E427}] SEQPACKET 16?????\SystemRoot\system32\drivers\ws2ifsl.sys????tu???????????|???|???????????????????????????????????????????????????????????????????|???|??? ???????o?????|?????|????????$???????????????J??|?????????e????@%SystemRoot%\system32\dwm.exe,-2000?????????|??????p????????|????????h?????%SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted?????J??|?????????n????@%SystemRoot%\system32\dwm.exe,-2001????? ???|??????????????localSystem?????????????????????????ServiceMain?????????????????t??????? ?????????????,??|?????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xFC 0xEA 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDF 0xD3 0x4F 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x73 0x89 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@0012d29a6ced 0x98 0x69 0x67 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@9c18743bef75 0xFD 0xFB 0x53 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@1886ac8c1b46 0x44 0xAC 0xB2 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d8220f5 0xCE 0x17 0x59 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@00265d4d0861 0x83 0x05 0x96 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efb8ca2@000db5824d40 0xCD 0x03 0xB4 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????s???????e???????????{???????????????????????????????????s??? ???????s?????s???????????????????? ?????? ???????s????? ???????s???????????????????????????????????????s?s?s??? ???????s????????????????????r?p??? ?????????????l??s?????????????????????????????X???(??????P????????????(??????P???????????????l??s?????????????????????????????X???(??????P????????????(??????P???????????????l??s??????????????/??????????????X???(??????P????????????(??????P??????????????'0??s???,???????????????????/???????????????????????????;???????t????????????????D??s???9?????????????????????????0???(??????P???????????????D??????c????????????/e10?????????????????e?????s???????s????????????H??s?????????????????????????4?????????? ???????????????????H??s???????????/?????????????4?????????? ???????????????????0??s?????????????????s???s???????s?????????????????????????????????9p??s????????????????????????????????/????????????????\???(??????P??????????????????? ??????????????????????????0??e2??? ???????s???????????s?????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???se5??@%systemroot%\system32\wkssvc.dll,-1002???????R??????????????d??????????????????????Terminal Server Device Redirector Driver?D???D?????s?????s???????s???????e??????????????????????????11??????? ???????o?????s????????????????^???????????????????????????? ???}??????????????disk_install????????????????t???????????????t?????????????????????m?????Microsoft???????????????kbd101.dll?72???System32\Drivers\ksecdd.sys?????????????????????????????????????????t???????? ????:??s????????h??????s???s??????????????????????????????????? D??????}??????ee???s??? ???????s????????????????????4????? ?????????????????????????????s?????????????????????????????????????????????????? ???????o?????s?????s??????????R????????V??\SystemRoot\system32\DRIVERS\iaStorV.sys?l??SCSI Miniport?????R??s???????????d??iastorv.inf_x86_neutral_18cccb83b34e1453?????s?s?s?s?s?s?s?????????????g?????????????????????-??e5??*6to4mp??????????????!???e??????????????t?????????????????????????????????????????R??s????????h??????????s??????p????????v???v?
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x36 0x0F 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDF 0xD3 0x4F 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x73 0x89 0x36 ...
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 07.09.2010, 12:30   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 07.09.2010, 12:42   #3
maxl909
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Zitat:
Zitat von cosinus Beitrag anzeigen
Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
muss ich bei den scanns mit den programmen auch offline sein und das virenprogramm beendet haben?
__________________

Alt 07.09.2010, 13:23   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Lass bitte diese sinnfreien Fullquotes.
Virenscanner solltest Du ruhig vorher deaktivieren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.09.2010, 16:34   #5
maxl909
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4561

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.09.2010 15:13:23
mbam-log-2010-09-07 (15-13-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 281484
Laufzeit: 1 Stunde(n), 22 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\maxl\Downloads\Cubes_Visualization_for_WA2.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
OTL logfile created on: 07.09.2010 17:58:40 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\maxl\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,96 Gb Total Space | 4,39 Gb Free Space | 12,55% Space Free | Partition Type: NTFS
Drive D: | 76,73 Gb Total Space | 7,04 Gb Free Space | 9,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-M2
Current User Name: maxl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\maxl\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Windows\System32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\OO Software\DriveLED\oodlag.exe (O&O Software GmbH)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Notebook Hardware Control\nhc.exe (hxxp://www.pbus-167.com)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\maxl\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (C-DillaCdaC11BA) -- C:\Windows\System32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (O&O DriveLED) -- C:\Program Files\OO Software\DriveLED\oodlag.exe (O&O Software GmbH)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation                           )
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (CdaC15BA) -- C:\Windows\System32\drivers\CDAC15BA.SYS (Macrovision Europe Ltd)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (OODrvled) -- C:\Windows\system32\DRIVERS\OODrvled.sys (O&O Software GmbH)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (VWiFiFlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (NSNDIS5) -- C:\Windows\System32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 2C 7C D9 18 D7 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: counterpixel@jabubo.de:1.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}:5.0.21
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.08.17 21:00:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.02 23:52:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.02 23:52:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.08.17 21:00:23 | 000,000,000 | ---D | M]
 
[2009.10.25 15:43:20 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\mozilla\Extensions
[2010.09.07 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\mozilla\Firefox\Profiles\jkx2zej4.default\extensions
[2010.08.16 14:14:18 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\maxl\AppData\Roaming\mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
[2010.09.02 13:30:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\maxl\AppData\Roaming\mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.30 11:48:46 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\maxl\AppData\Roaming\mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.05.06 12:52:45 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\mozilla\Firefox\Profiles\jkx2zej4.default\extensions\counterpixel@jabubo.de
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\maxl\AppData\Roaming\Mozilla\FireFox\Profiles\jkx2zej4.default\searchplugins\conduit.xml
[2010.09.05 11:57:14 | 000,001,595 | ---- | M] () -- C:\Users\maxl\AppData\Roaming\Mozilla\FireFox\Profiles\jkx2zej4.default\searchplugins\ixquick---deutsch.xml
[2010.09.02 11:57:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.02 11:57:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
[2010.05.02 20:15:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 10:45:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2004.07.02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Programme\Mozilla Firefox\components\np32asw.dll
[2004.07.02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Programme\Mozilla Firefox\plugins\np32asw.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2007.02.20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll
[2010.07.25 01:16:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.25 01:16:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.25 01:16:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.25 01:16:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.25 01:16:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab (Java Plug-in 1.5.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.81 217.0.43.65
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\Shell - "" = AutoRun
O33 - MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\Shell - "" = AutoRun
O33 - MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.07 15:21:19 | 000,000,000 | ---D | C] -- C:\Drivers
[2010.09.07 13:46:42 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Roaming\Malwarebytes
[2010.09.07 13:46:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.07 13:46:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.07 13:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.07 13:46:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.06 14:25:06 | 000,000,000 | ---D | C] -- C:\Programme\eBay
[2010.09.06 14:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay
[2010.09.04 06:22:43 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Roaming\Skype
[2010.09.04 06:22:36 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.09.04 06:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.09.03 17:12:18 | 000,000,000 | ---D | C] -- C:\Programme\Sothink SWF-Decompiler
[2010.09.02 23:52:32 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.09.02 23:52:04 | 000,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System32\NPSWF32_FlashUtil.exe
[2010.09.02 23:51:06 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.09.02 15:06:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2010.09.02 15:06:28 | 000,000,000 | ---D | C] -- C:\Programme\Sothink SWF Quicker
[2010.09.02 15:00:33 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Local\SourceTec
[2010.09.02 15:00:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SourceTec
[2010.09.02 15:00:22 | 000,000,000 | ---D | C] -- C:\Programme\Sothink SWF Decompiler
[2010.09.02 14:38:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macromedia Shared
[2010.09.02 14:37:53 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Local\Macromedia
[2010.09.02 14:37:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macromedia
[2010.09.02 14:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2010.09.02 14:36:35 | 000,000,000 | ---D | C] -- C:\Programme\Macromedia
[2010.09.02 11:57:49 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.02 11:57:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.02 11:57:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.02 11:56:47 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Local\Sun
[2010.08.31 22:04:08 | 000,000,000 | ---D | C] -- C:\Users\maxl\Desktop\musik_pazi
[2010.08.30 15:47:54 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Roaming\vlc
[2010.08.30 08:40:58 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Roaming\BOM
[2010.08.30 08:40:34 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctl32.ocx
[2010.08.30 08:40:34 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscmcde.dll
[2010.08.30 08:40:34 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mswinsck.ocx
[2010.08.30 08:40:34 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctde.dll
[2010.08.30 08:40:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winskde.dll
[2010.08.30 08:40:33 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinet.ocx
[2010.08.30 08:40:31 | 000,000,000 | ---D | C] -- C:\Programme\Biet-O-Matic
[2010.08.29 16:19:40 | 000,000,000 | ---D | C] -- C:\Programme\ALCATech
[2010.08.18 01:52:19 | 000,000,000 | ---D | C] -- C:\Programme\DJ Mix Pro
[2010.08.17 21:00:00 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.08.17 20:59:53 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.08.17 20:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010.08.16 13:12:17 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2010.08.16 13:12:17 | 000,000,000 | ---D | C] -- C:\Programme\Traktor DJ Player
[2010.08.13 21:18:57 | 000,000,000 | ---D | C] -- C:\Programme\ElcomSoft
[2010.08.13 21:18:52 | 000,000,000 | ---D | C] -- C:\Programme\Advanced Archive Password Recovery
[2010.08.13 17:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Beatlock Technology
[2010.08.12 18:33:30 | 000,000,000 | ---D | C] -- C:\Users\maxl\AppData\Roaming\Mp3tag
[2010.08.12 18:33:11 | 000,000,000 | ---D | C] -- C:\Programme\Mp3tag
[2010.08.12 11:52:18 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.12 11:52:18 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 11:52:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 11:52:09 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 11:52:09 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.12 11:52:01 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 11:52:01 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 11:52:01 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 11:52:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 11:52:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.12 11:52:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.12 11:52:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 11:52:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.12 11:50:54 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 10:45:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.07 18:00:26 | 003,670,016 | -HS- | M] () -- C:\Users\maxl\NTUSER.DAT
[2010.09.07 17:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.07 15:44:27 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 15:44:27 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 15:39:53 | 001,527,504 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.07 15:39:53 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.07 15:39:53 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.07 15:39:53 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.07 15:39:53 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.07 15:37:20 | 000,022,528 | ---- | M] (pBUS-167 Software - hxxp://www.pbus-167.com) -- C:\Windows\System32\drivers\nhcDriver.sys
[2010.09.07 15:36:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.07 15:36:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.07 15:36:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.07 15:36:26 | 2408,439,808 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.07 15:29:07 | 001,641,861 | -H-- | M] () -- C:\Users\maxl\AppData\Local\IconCache.db
[2010.09.07 13:46:37 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.01 15:20:35 | 000,048,128 | ---- | M] () -- C:\Users\maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.29 14:44:25 | 039,084,160 | ---- | M] () -- C:\Users\maxl\Desktop\Stars On 45 - Disco Hits Of The 70's Mix.mp3
[2010.08.26 02:20:40 | 000,450,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.23 23:45:07 | 000,131,256 | ---- | M] () -- C:\Users\maxl\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.17 21:26:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010.08.17 21:12:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.08.13 20:43:31 | 000,001,081 | ---- | M] () -- C:\Windows\ARCHPR.INI
 
========== Files Created - No Company Name ==========
 
[2010.09.07 13:46:37 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.02 23:52:03 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010.08.30 08:40:34 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.08.17 21:26:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010.08.17 21:12:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.08.16 11:49:18 | 039,084,160 | ---- | C] () -- C:\Users\maxl\Desktop\Stars On 45 - Disco Hits Of The 70's Mix.mp3
[2010.08.13 20:42:36 | 000,001,081 | ---- | C] () -- C:\Windows\ARCHPR.INI
[2010.08.05 15:36:45 | 000,000,094 | ---- | C] () -- C:\Users\maxl\AppData\Local\fusioncache.dat
[2010.06.07 20:26:43 | 000,000,018 | ---- | C] () -- C:\Users\maxl\AppData\Roaming\sys386ll.dat
[2010.06.07 20:26:40 | 000,000,032 | ---- | C] () -- C:\Windows\weitere.INI
[2010.06.07 20:25:06 | 000,000,010 | ---- | C] () -- C:\Users\maxl\AppData\Roaming\hhxprot5
[2010.03.28 21:00:01 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.03.28 21:00:01 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.02.13 16:05:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.02.13 16:02:42 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.02.11 12:01:54 | 000,048,128 | ---- | C] () -- C:\Users\maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.11 11:58:34 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.02.11 11:58:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.02.10 11:36:56 | 000,033,134 | ---- | C] () -- C:\Users\maxl\AppData\Roaming\UserTile.png
[2010.01.05 13:12:32 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.10.25 17:45:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.10.25 16:48:38 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010.06.07 20:26:43 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\10-Sekunden-Haushaltsbuch
[2009.10.25 18:07:41 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Autodesk
[2010.08.31 01:03:04 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\BOM
[2010.05.03 22:06:29 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Bytemobile
[2010.03.03 00:10:24 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\cerasus
[2010.03.01 23:17:14 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\cerasus.media
[2009.10.25 17:43:39 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\DAEMON Tools Lite
[2010.02.04 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Duden
[2009.11.06 16:16:24 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\ICQLite
[2010.08.05 15:38:18 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Mathsoft
[2010.08.12 19:05:10 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Mp3tag
[2010.02.11 20:47:05 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Nokia
[2010.01.15 13:12:34 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Nokia Ovi Suite
[2010.01.21 11:34:54 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\PC Suite
[2010.03.29 10:13:42 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Samsung
[2010.01.10 02:36:34 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\SpinTop
[2010.06.17 10:59:32 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\TeamViewer
[2010.04.19 14:58:42 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\TrueCrypt
[2010.09.04 18:01:48 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\uTorrent
[2010.05.03 22:06:28 | 000,000,000 | ---D | M] -- C:\Users\maxl\AppData\Roaming\Vodafone
[2010.08.04 19:52:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:331B76C7
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 07.09.2010 17:58:40 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\maxl\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,96 Gb Total Space | 4,39 Gb Free Space | 12,55% Space Free | Partition Type: NTFS
Drive D: | 76,73 Gb Total Space | 7,04 Gb Free Space | 9,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-M2
Current User Name: maxl
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.ini [@ = inifile] -- C:\LVZ\TOOLS\EmEditor.EXE (EmSoft, k.k.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inifile [open] -- "C:\LVZ\TOOLS\EmEditor.EXE" "%1"pen (EmSoft, k.k.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008F9A3A-24A0-408B-AD7F-95C414219A00}" = Adobe Setup
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ Lite 5.10 Banner Remover 1.6
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{17E34776-B06A-4AFB-BA31-1BB17E9E107B}" = LaKu
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.5
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{3248F0A8-6813-11D6-A77B-00B0D0150210}" = J2SE Runtime Environment 5.0 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62326989-2861-4911-A39E-26373BD3FF66}" = Duden Korrektor PLUS
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74B58083-B5B9-46a5-847C-248F97FF2A56}" = Topfield Tools
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEBFD30-B94F-4A49-8106-03039708BDD4}" = Duden Korrektor Patch 012009
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AD841E2B-2F15-498E-A6C0-2FDF716B2806}_is1" = Big City Mystery
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{BADA5821-F6D3-49E9-945B-ADE46F792B46}" = Netdraw-Free
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8334783-E2F9-4CA6-86F8-090051418F09}" = Mathcad 13
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2225677e524ae91efb80c700be972bf" = Adobe Flash CS3 Professional
"Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Autodesk Express Viewer" = Autodesk Express Viewer
"Avi2Dvd" = Avi2Dvd 0.5
"AviSynth" = AviSynth 2.5
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"Biet-O-Matic v2.14.6" = Biet-O-Matic v2.14.6
"CdaC13Ba" = SafeCast Shared Components
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"DJ Mix Pro" = DJ Mix Pro
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 7_is1" = DVDFab 7.0.6.2 (20/05/2010)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQLite" = ICQ 5.1
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.46a
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"PokerStars" = PokerStars
"Sothink SWF Decompiler Retail zoo_is1" = Sothink SWF Decompiler
"SurfMusik 3.1a_is1" = SurfMusik 3.1a
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"Tunatic" = Tunatic
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.09.2010 08:22:21 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.09.2010 08:22:21 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.09.2010 08:37:18 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.09.2010 08:42:32 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.09.2010 08:42:32 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.09.2010 08:42:32 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.09.2010 08:42:32 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.09.2010 08:42:32 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.09.2010 08:44:14 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.09.2010 09:42:23 | Computer Name = PC-M2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 24.04.2010 19:52:06 | Computer Name = PC-M2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
 
Error - 24.04.2010 19:52:07 | Computer Name = PC-M2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
 
Error - 25.04.2010 04:15:21 | Computer Name = PC-M2 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 25.04.2010 04:38:50 | Computer Name = PC-M2 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 03.05.2010 14:44:55 | Computer Name = PC-M2 | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 03.05.2010 14:48:47 | Computer Name = PC-M2 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.81.802.0     Update Source: %%859     Update Stage:
 %%852     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.5703.0     Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 04.05.2010 12:40:53 | Computer Name = PC-M2 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   tcpipBM
 
Error - 04.05.2010 13:55:30 | Computer Name = PC-M2 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?05.?2010 um 19:42:20 unerwartet heruntergefahren.
 
Error - 04.05.2010 13:55:36 | Computer Name = PC-M2 | Source = BugCheck | ID = 1001
Description = 
 
Error - 04.05.2010 13:56:04 | Computer Name = PC-M2 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   tcpipBM
 
 
< End of report >
         


Geändert von maxl909 (07.09.2010 um 17:05 Uhr)

Alt 07.09.2010, 18:44   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: []  File not found
O33 - MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\Shell - "" = AutoRun
O33 - MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\Shell - "" = AutoRun
O33 - MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
[2010.06.07 20:26:43 | 000,000,018 | ---- | C] () -- C:\Users\maxl\AppData\Roaming\sys386ll.dat
[2010.06.07 20:26:40 | 000,000,032 | ---- | C] () -- C:\Windows\weitere.INI
[2010.06.07 20:25:06 | 000,000,010 | ---- | C] () -- C:\Users\maxl\AppData\Roaming\hhxprot5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:331B76C7
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> GMER Auswertung verdacht auf Rootkit

Alt 07.09.2010, 19:25   #7
maxl909
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06182abd-56e3-11df-850d-9830a273a126}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06182abd-56e3-11df-850d-9830a273a126}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06182abd-56e3-11df-850d-9830a273a126}\ not found.
File G:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06182b11-56e3-11df-850d-9830a273a126}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06182b11-56e3-11df-850d-9830a273a126}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06182b11-56e3-11df-850d-9830a273a126}\ not found.
File G:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ad22af8-ee0d-11de-9893-00197efb8ca2}\ not found.
File G:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe not found.
C:\Users\maxl\AppData\Roaming\sys386ll.dat moved successfully.
C:\Windows\weitere.INI moved successfully.
C:\Users\maxl\AppData\Roaming\hhxprot5 moved successfully.
ADS C:\ProgramData\TEMP:52B72A7C deleted successfully.
ADS C:\ProgramData\TEMP:AFFC859A deleted successfully.
ADS C:\ProgramData\TEMP:331B76C7 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: maxl
->Temp folder emptied: 749533106 bytes
->Temporary Internet Files folder emptied: 252333631 bytes
->Java cache emptied: 53941963 bytes
->FireFox cache emptied: 37990222 bytes
->Flash cache emptied: 2908074 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 153834051 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.193,00 mb
 
 
OTL by OldTimer - Version 3.2.11.0 log created on 09072010_202047

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 07.09.2010, 19:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.09.2010, 20:10   #9
maxl909
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Code:
ATTFilter
ComboFix 10-09-07.01 - maxl 07.09.2010  20:57:49.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3062.2270 [GMT 2:00]
ausgeführt von:: c:\users\maxl\Desktop\cofi.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Inetde.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-07 bis 2010-09-07  ))))))))))))))))))))))))))))))
.

2010-09-07 19:05 . 2010-09-07 19:05	--------	d-----w-	c:\users\maxl\AppData\Local\temp
2010-09-07 19:05 . 2010-09-07 19:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-07 18:49 . 2010-09-07 18:49	--------	d-----w-	c:\program files\CCleaner
2010-09-07 18:20 . 2010-09-07 18:20	--------	d-----w-	C:\_OTL
2010-09-07 17:42 . 2010-09-07 17:52	--------	d-----w-	c:\program files\ICQ-Banner-Remover
2010-09-07 17:41 . 2010-09-07 18:48	--------	d-----w-	c:\users\maxl\AppData\Roaming\ICQ
2010-09-07 17:41 . 2010-09-07 17:41	--------	d-----w-	c:\users\maxl\AppData\Local\AOL
2010-09-07 17:41 . 2010-09-07 17:54	--------	d-----w-	c:\program files\ICQ7.2
2010-09-07 13:21 . 2010-09-07 13:21	--------	d-----w-	C:\Drivers
2010-09-07 11:46 . 2010-09-07 11:46	--------	d-----w-	c:\users\maxl\AppData\Roaming\Malwarebytes
2010-09-07 11:46 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 11:46 . 2010-09-07 11:46	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-07 11:46 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-07 11:46 . 2010-09-07 11:46	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-06 12:25 . 2010-09-06 12:55	--------	d-----w-	c:\programdata\eBay
2010-09-06 12:25 . 2010-09-06 12:25	--------	d-----w-	c:\program files\eBay
2010-09-04 04:22 . 2010-09-04 06:01	--------	d-----w-	c:\users\maxl\AppData\Roaming\Skype
2010-09-04 04:22 . 2010-09-04 04:22	--------	d-----r-	c:\program files\Skype
2010-09-04 04:22 . 2010-09-04 04:22	--------	d-----w-	c:\programdata\Skype
2010-09-03 15:12 . 2010-09-03 15:12	--------	d-----w-	c:\program files\Sothink SWF-Decompiler
2010-09-02 21:52 . 2010-09-02 21:52	--------	d-----w-	c:\program files\QuickTime
2010-09-02 21:52 . 2007-02-20 14:04	190696	----a-w-	c:\windows\system32\NPSWF32_FlashUtil.exe
2010-09-02 21:52 . 2007-02-20 14:04	2463976	----a-w-	c:\windows\system32\NPSWF32.dll
2010-09-02 21:51 . 2010-09-02 21:51	--------	d-----w-	c:\program files\Bonjour
2010-09-02 13:06 . 2009-06-04 13:28	44544	----a-w-	c:\windows\system32\msxml4a.dll
2010-09-02 13:06 . 2010-09-02 13:06	--------	d-----w-	c:\program files\Sothink SWF Quicker
2010-09-02 13:00 . 2010-09-02 13:00	--------	d-----w-	c:\users\maxl\AppData\Local\SourceTec
2010-09-02 13:00 . 2010-09-02 13:06	--------	d-----w-	c:\program files\Common Files\SourceTec
2010-09-02 13:00 . 2010-09-03 15:11	--------	d-----w-	c:\program files\Sothink SWF Decompiler
2010-09-02 12:38 . 2010-09-02 12:38	--------	d-----w-	c:\program files\Common Files\Macromedia Shared
2010-09-02 12:37 . 2010-09-02 12:37	--------	d-----w-	c:\users\maxl\AppData\Local\Macromedia
2010-09-02 12:37 . 2010-09-02 12:37	--------	d-----w-	c:\program files\Common Files\Macromedia
2010-09-02 12:36 . 2010-09-02 12:36	--------	d-----w-	c:\program files\Macromedia
2010-09-02 11:12 . 2002-01-24 09:00	1798144	----a-w-	c:\users\maxl\AppData\Roaming\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin.dll
2010-09-02 11:12 . 2002-03-05 21:38	147456	----a-w-	c:\users\maxl\AppData\Roaming\Macromedia\Flash MX\Configuration\Importers\AIImport.dll
2010-09-02 11:12 . 2002-02-06 10:23	1085440	----a-w-	c:\users\maxl\AppData\Roaming\Macromedia\Flash MX\Configuration\Importers\FhDbRdr.dll
2010-09-02 11:12 . 2002-02-02 08:52	2088960	----a-w-	c:\users\maxl\AppData\Roaming\Macromedia\Flash MX\Configuration\Importers\Fireworks Importer.dll
2010-09-02 11:12 . 2002-03-05 19:23	815104	----a-w-	c:\users\maxl\AppData\Roaming\Macromedia\Flash MX\Configuration\authplay.dll
2010-09-02 09:56 . 2010-09-02 09:56	--------	d-----w-	c:\users\maxl\AppData\Local\Sun
2010-08-30 13:47 . 2010-08-30 13:49	--------	d-----w-	c:\users\maxl\AppData\Roaming\vlc
2010-08-30 06:40 . 2010-08-30 23:03	--------	d-----w-	c:\users\maxl\AppData\Roaming\BOM
2010-08-30 06:40 . 2000-04-03 18:06	16896	----a-w-	c:\windows\system32\winskde.dll
2010-08-30 06:40 . 1998-07-05 22:00	22528	----a-w-	c:\windows\system32\Tabctde.dll
2010-08-30 06:40 . 1998-07-05 22:00	158208	----a-w-	c:\windows\system32\Mscmcde.dll
2010-08-30 06:40 . 2010-08-30 06:40	--------	d-----w-	c:\program files\Biet-O-Matic
2010-08-29 14:19 . 2010-08-29 14:19	--------	d-----w-	c:\program files\ALCATech
2010-08-25 09:24 . 2010-04-07 07:10	571904	----a-w-	c:\windows\system32\oleaut32.dll
2010-08-17 23:52 . 2010-08-17 23:54	--------	d-----w-	c:\program files\DJ Mix Pro
2010-08-17 19:00 . 2008-08-26 08:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2010-08-17 18:59 . 2010-08-17 18:59	--------	d-----w-	c:\program files\PC Connectivity Solution
2010-08-17 18:58 . 2010-08-17 18:58	12212040	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-08-17 18:58 . 2010-08-17 18:58	13930312	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-08-17 18:58 . 2010-08-17 18:58	77824	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-08-17 18:58 . 2010-08-17 18:58	50000	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-08-17 18:58 . 2010-08-17 18:58	38912	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-08-17 18:58 . 2010-08-17 18:58	38912	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-08-17 18:58 . 2010-08-17 18:57	103412296	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-08-17 18:58 . 2010-08-17 18:58	--------	d-----w-	c:\programdata\NokiaInstallerCache
2010-08-16 12:14 . 2010-01-25 15:06	147456	----a-w-	c:\users\maxl\AppData\Roaming\Mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll
2010-08-16 12:14 . 2009-05-06 13:26	4096	----a-w-	c:\users\maxl\AppData\Roaming\Mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\libraries\detoured.dll
2010-08-16 11:12 . 2010-08-16 11:24	--------	d-----w-	c:\program files\Traktor DJ Player
2010-08-13 19:18 . 2010-08-13 19:18	--------	d-----w-	c:\program files\ElcomSoft
2010-08-13 19:18 . 2010-08-13 19:22	--------	d-----w-	c:\program files\Advanced Archive Password Recovery
2010-08-13 15:08 . 2010-08-13 15:08	--------	d-----w-	c:\programdata\Beatlock Technology
2010-08-12 16:33 . 2010-08-12 17:05	--------	d-----w-	c:\users\maxl\AppData\Roaming\Mp3tag
2010-08-12 16:33 . 2010-08-12 16:33	--------	d-----w-	c:\program files\Mp3tag
2010-08-12 09:53 . 2010-06-14 06:12	1286016	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-12 09:51 . 2010-06-16 05:48	224256	----a-w-	c:\windows\system32\schannel.dll
2010-08-12 09:50 . 2010-06-19 04:07	2326016	----a-w-	c:\windows\system32\win32k.sys
2010-08-11 08:45 . 2010-09-02 09:56	--------	d-----w-	c:\program files\Common Files\Java

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 18:55 . 2009-10-25 15:07	22528	----a-w-	c:\windows\system32\drivers\nhcDriver.sys
2010-09-07 17:50 . 2009-10-25 15:55	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-07 17:36 . 2009-10-25 15:59	--------	d-----w-	c:\program files\ICQLite
2010-09-07 16:26 . 2010-01-25 13:11	--------	d-----w-	c:\program files\JDownloader
2010-09-07 13:39 . 2009-07-14 08:47	664634	----a-w-	c:\windows\system32\perfh007.dat
2010-09-07 13:39 . 2009-07-14 08:47	134770	----a-w-	c:\windows\system32\perfc007.dat
2010-09-04 16:01 . 2010-03-17 12:43	--------	d-----w-	c:\users\maxl\AppData\Roaming\uTorrent
2010-09-03 09:39 . 2009-12-30 14:51	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-02 22:04 . 2010-05-03 20:05	--------	d-----w-	c:\programdata\FLEXnet
2010-09-02 21:51 . 2009-10-25 15:51	--------	d-----w-	c:\program files\Common Files\Adobe
2010-09-02 21:43 . 2009-10-25 16:05	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2010-09-02 11:40 . 2009-11-15 14:50	--------	d-----w-	c:\program files\Google
2010-09-02 09:57 . 2009-10-25 13:48	--------	d-----w-	c:\program files\Java
2010-08-26 00:25 . 2010-03-27 15:23	--------	d-----w-	c:\program files\Common Files\Real
2010-08-26 00:25 . 2010-03-27 15:23	--------	d-----w-	c:\program files\Real
2010-08-23 21:45 . 2009-10-25 13:25	131256	----a-w-	c:\users\maxl\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-23 21:32 . 2010-01-15 11:06	--------	d-----w-	c:\program files\Common Files\Nokia
2010-08-23 21:32 . 2010-01-15 11:04	--------	d-----w-	c:\program files\Nokia
2010-08-17 19:26 . 2010-08-17 19:26	0	---ha-w-	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-08-17 19:12 . 2010-08-17 19:12	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-08-17 19:03 . 2010-01-15 11:04	--------	d-----w-	c:\programdata\OviInstallerCache
2010-08-13 18:59 . 2010-02-11 19:38	--------	d-----w-	c:\program files\Akademische Arbeitsgemeinschaft
2010-08-13 00:06 . 2010-08-06 11:20	--------	d-----w-	c:\program files\MP3-DJ
2010-08-10 22:04 . 2010-06-21 08:55	--------	d-----w-	c:\program files\Netdraw-Free
2010-08-06 00:03 . 2010-08-06 00:03	--------	d-----w-	c:\programdata\eMule
2010-08-05 22:40 . 2010-05-04 21:13	--------	d-----w-	c:\program files\Tunatic
2010-08-05 13:38 . 2010-08-05 13:38	--------	d-----w-	c:\users\maxl\AppData\Roaming\Mathsoft
2010-08-05 13:36 . 2010-08-05 13:36	94	----a-w-	c:\users\maxl\AppData\Local\fusioncache.dat
2010-08-05 13:36 . 2009-10-25 15:54	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-08-05 13:30 . 2010-08-05 13:30	--------	d-----w-	c:\program files\Mathsoft
2010-07-31 06:15 . 2010-03-17 12:44	--------	d-----w-	c:\program files\uTorrent
2010-07-29 06:30 . 2010-08-12 09:52	197632	----a-w-	c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 09:52	82944	----a-w-	c:\windows\system32\iccvid.dll
2010-07-27 13:57 . 2010-07-27 13:57	49152	----a-r-	c:\windows\system32\inetwh32.dll
2010-07-27 13:57 . 2010-07-27 13:57	1044480	----a-r-	c:\windows\system32\roboex32.dll
2010-07-24 10:32 . 2010-07-24 10:32	--------	d-----w-	c:\users\maxl\AppData\Roaming\DivX
2010-07-17 03:00 . 2010-05-02 18:15	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-06-30 06:25 . 2010-08-12 09:52	978432	----a-w-	c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-12 09:52	310784	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 09:52	307200	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 09:52	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-06-21 08:55 . 2010-06-21 08:55	40960	----a-r-	c:\users\maxl\AppData\Roaming\Microsoft\Installer\{BADA5821-F6D3-49E9-945B-ADE46F792B46}\NETDRW32.exe1_BADA5821F6D349E9945BADE46F792B46.exe
2010-06-21 08:55 . 2010-06-21 08:55	40960	----a-r-	c:\users\maxl\AppData\Roaming\Microsoft\Installer\{BADA5821-F6D3-49E9-945B-ADE46F792B46}\NETDRW32.exe_BADA5821F6D349E9945BADE46F792B46.exe
2010-06-21 08:55 . 2010-06-21 08:55	40960	----a-r-	c:\users\maxl\AppData\Roaming\Microsoft\Installer\{BADA5821-F6D3-49E9-945B-ADE46F792B46}\ARPPRODUCTICON.exe
2010-06-21 08:48 . 2010-06-21 08:48	40960	----a-r-	c:\users\maxl\AppData\Roaming\Microsoft\Installer\{17E34776-B06A-4AFB-BA31-1BB17E9E107B}\ARPPRODUCTICON.exe
2010-06-19 06:33 . 2010-08-12 09:52	3955080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 09:52	3899784	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 09:52	37376	----a-w-	c:\windows\system32\rtutils.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
Windows Live Mail.lnk - c:\program files\Windows Live\Mail\wlmail.exe [2009-7-26 112464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 01:12	483328	----a-w-	c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 10:13	152872	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46	1135912	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVZ-Service]
2010-05-03 09:07	78848	------w-	c:\lvz\LVZ-Service-Tray.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 07:27	570664	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-01 15:21	328568	----a-w-	c:\program files\uTorrent\uTorrent.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-07 375808]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-21 691696]
S0 OODrvled;OODrvled;c:\windows\system32\DRIVERS\OODrvled.sys [2009-09-28 25608]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 O&O DriveLED;O&O DriveLED Service;c:\program files\OO Software\DriveLED\oodlag.exe [2009-09-28 529664]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-01 29472]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

.
Inhalt des "geplante Tasks" Ordners

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 14:50]

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 14:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\users\maxl\AppData\Roaming\Mozilla\Firefox\Profiles\jkx2zej4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - www.google.de
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\users\maxl\AppData\Roaming\Mozilla\Firefox\Profiles\jkx2zej4.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Dateityp-Verknüpfung -------
.
inifile="c:\lvz\TOOLS\EmEditor.EXE" "%1"??
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-09-07  21:08:12
ComboFix-quarantined-files.txt  2010-09-07 19:08

Vor Suchlauf: 5.550.170.112 Bytes frei
Nach Suchlauf: 5.446.467.584 Bytes frei

- - End Of File - - A0ADF89DD65CE7DD4F4D133E0AB10973
         

Alt 08.09.2010, 12:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Ok. Bitte nun ein Log OSAM erstellen und posten.

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.09.2010, 13:13   #11
maxl909
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:08:58 on 08.09.2010

OS: Windows 7  (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys
"catchme" (catchme) - ? - C:\Users\maxl\AppData\Local\Temp\catchme.sys  (File not found)
"CdaC15BA" (CdaC15BA) - "Macrovision Europe Ltd" - C:\Windows\system32\drivers\CDAC15BA.SYS
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"Notebook Hardware Control Driver" (nhcDriverDevice) - "pBUS-167 Software - hxxp://www.pbus-167.com" - C:\Windows\system32\drivers\nhcDriver.sys
"NSNDIS5 NDIS Protocol Driver" (NSNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\NSNDIS5.SYS
"OODrvled" (OODrvled) - "O&O Software GmbH" - C:\Windows\System32\DRIVERS\OODrvled.sys
"Sony Ericsson USB Flash Driver" (ggsemc) - "Sony Ericsson Mobile Communications" - C:\Windows\System32\DRIVERS\ggsemc.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk" - C:\Windows\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll  (File found, but it contains no detailed information)
{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} "Haali Matroska Thumbnail Exctractor" - ? -   (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CC450D71-CC90-424C-8638-1F2DBAC87A54} "ArmHelper Control" - ? - ./Images/armhelper.ocx  (File not found) / file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.5.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
"Sothink SWF Catcher" - ? - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Windows Live Mail.lnk" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\wlmail.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"MSSE" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"C-DillaCdaC11BA" (C-DillaCdaC11BA) - "Macrovision" - C:\Windows\system32\drivers\CDAC11BA.EXE
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Macromedia Licensing Service" (Macromedia Licensing Service) - "Macromedia" - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"O&O DriveLED Service" (O&O DriveLED) - "O&O Software GmbH" - C:\Program Files\OO Software\DriveLED\oodlag.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Code:
ATTFilter
.\debug.cpp(238) : Debug log started at 08.09.2010 - 12:10:43
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7  (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82c54000 0x00410000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x82c1d000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80bc9000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x83209000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x83281000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x83292000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x8329a000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x832dc000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x83387000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8ae04000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8ae12000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x8ae5a000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0x8ae63000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x8ae6b000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x8ae76000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x8aea0000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x8aeb1000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x8aeb9000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x8aec4000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x8aed4000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8af1f000 0x00007000 "\SystemRoot\system32\DRIVERS\intelide.sys"
.\debug.cpp(256) : 0x8af26000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8af34000 0x0002e000 "\SystemRoot\system32\DRIVERS\pcmcia.sys"
.\debug.cpp(256) : 0x8af62000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8af78000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x8af81000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x8afa4000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x8afad000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8afe1000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8aff2000 0x0000b000 "\SystemRoot\system32\DRIVERS\OODrvled.sys"
.\debug.cpp(256) : 0x8b023000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8b152000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8b17d000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8b190000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x8b1ed000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8b000000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8b21e000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8b2d5000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8b313000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8b435000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8b57e000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8b5af000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x8b5b8000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x8b5f7000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8b400000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8b338000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8b42d000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8b348000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8b37a000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8b38b000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8fa0e000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8fa2d000 0x00023000 "\SystemRoot\system32\DRIVERS\MpFilter.sys"
.\debug.cpp(256) : 0x8fa50000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8fa57000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8fa5e000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8fa6a000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8fa8b000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8fa98000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8faa0000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8faa8000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x8fab0000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8fabb000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8fac9000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8fae0000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8faeb000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8fb45000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8fb77000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x8fb7e000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8fb9d000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x8fbae000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8fbbc000 0x00006000 "\SystemRoot\System32\Drivers\StarOpen.SYS"
.\debug.cpp(256) : 0x8fbc2000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x90018000 0x00035000 "\SystemRoot\System32\drivers\truecrypt.sys"
.\debug.cpp(256) : 0x9004d000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x9005d000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x9009e000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x900a8000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x900b2000 0x00005000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys"
.\debug.cpp(256) : 0x900b7000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x900c3000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x90127000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x9013f000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x9014d000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x9016e000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x9063f000 0x00509000 "\SystemRoot\system32\DRIVERS\igdkmd32.sys"
.\debug.cpp(256) : 0x90b48000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x90600000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x90180000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x91a1c000 0x00413000 "\SystemRoot\system32\DRIVERS\netw5v32.sys"
.\debug.cpp(256) : 0x91e2f000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x91e3a000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x91e85000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x91e94000 0x0000f000 "\SystemRoot\system32\DRIVERS\Rtnicxp.sys"
.\debug.cpp(256) : 0x91ea3000 0x0002c000 "\SystemRoot\system32\DRIVERS\1394ohci.sys"
.\debug.cpp(256) : 0x91ecf000 0x00019000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0x91ee8000 0x00011000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys"
.\debug.cpp(256) : 0x91ef9000 0x00014000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys"
.\debug.cpp(256) : 0x91f0d000 0x00052000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys"
.\debug.cpp(256) : 0x91f5f000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x91f63000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x91f7b000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x91f88000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x91f95000 0x00018000 "\SystemRoot\System32\Drivers\AnyDVD.sys"
.\debug.cpp(256) : 0x91fad000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x91fba000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x91fcc000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x91fe4000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x9019f000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x91a00000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x901c1000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x901d8000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x91fef000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x91ff9000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x96417000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x9644b000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x96459000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x9649d000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x964ae000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x964fe000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x9652d000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x96546000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x96553000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x9655e000 0x00009000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x96567000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x82180000 0x0024a000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x96578000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x96582000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x823e0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x82020000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x9658d000 0x00012000 "\SystemRoot\System32\Drivers\BTHUSB.sys"
.\debug.cpp(256) : 0x8c23f000 0x00064000 "\SystemRoot\System32\Drivers\bthport.sys"
.\debug.cpp(256) : 0x8c2a3000 0x00002000 "\SystemRoot\System32\Drivers\USBD.SYS"
.\debug.cpp(256) : 0x8c2a5000 0x00024000 "\SystemRoot\system32\DRIVERS\rfcomm.sys"
.\debug.cpp(256) : 0x8c2c9000 0x0000d000 "\SystemRoot\system32\DRIVERS\BthEnum.sys"
.\debug.cpp(256) : 0x8c2d6000 0x0001b000 "\SystemRoot\system32\DRIVERS\bthpan.sys"
.\debug.cpp(256) : 0x8c2f1000 0x00012000 "\SystemRoot\system32\DRIVERS\bthmodem.sys"
.\debug.cpp(256) : 0x8c303000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
.\debug.cpp(256) : 0x8c310000 0x00073000 "\SystemRoot\system32\drivers\btwavdt.sys"
.\debug.cpp(256) : 0x8c383000 0x0001b000 "\SystemRoot\system32\DRIVERS\hidbth.sys"
.\debug.cpp(256) : 0x8c39e000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x8c3b1000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8c835000 0x00081000 "\SystemRoot\system32\drivers\btwaudio.sys"
.\debug.cpp(256) : 0x8c8b6000 0x0000b000 "\SystemRoot\system32\DRIVERS\btwl2cap.sys"
.\debug.cpp(256) : 0x8c8c1000 0x00003000 "\SystemRoot\system32\DRIVERS\btwrchid.sys"
.\debug.cpp(256) : 0x8c8c4000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x8c8cf000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x8c8ea000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x8c904000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x8c914000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x8c95a000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x8c96a000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x98428000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x984ad000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x984c6000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x984d8000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x984fb000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x98536000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x98569000 0x00003000 "\??\C:\Windows\system32\drivers\CDAC15BA.SYS"
.\debug.cpp(256) : 0x9856c000 0x00009000 "\SystemRoot\system32\DRIVERS\MpNWMon.sys"
.\debug.cpp(256) : 0xac816000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0xac8ad000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0xac8b7000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xac8d8000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xac8e5000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xac934000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xac985000 0x0000a000 "\??\C:\Windows\system32\drivers\nhcDriver.sys"
.\debug.cpp(256) : 0xac800000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0x76ea0000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x47ea0000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x770e0000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x003b0000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x76d60000 0x00135000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x77000000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x76ff0000 0x00006000 "\Windows\System32\nsi.dll"
.\debug.cpp(256) : 0x76c90000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x76bf0000 0x000a0000 "\Windows\System32\advapi32.dll"
.\debug.cpp(256) : 0x76bd0000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x76b70000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x76fe0000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x76b30000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x76990000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x76790000 0x001f9000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x766f0000 0x0009d000 "\Windows\System32\usp10.dll"
.\debug.cpp(256) : 0x766e0000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x76650000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x765d0000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x75980000 0x00c49000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x75930000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x758d0000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x75820000 0x000a1000 "\Windows\System32\rpcrt4.dll"
.\debug.cpp(256) : 0x75740000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(256) : 0x75690000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x75660000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x75610000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x75600000 0x00005000 "\Windows\System32\psapi.dll"
.\debug.cpp(256) : 0x75500000 0x000f4000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x75470000 0x00083000 "\Windows\System32\clbcatq.dll"
.\debug.cpp(256) : 0x75450000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x752f0000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x751d0000 0x0011c000 "\Windows\System32\crypt32.dll"
.\debug.cpp(256) : 0x75140000 0x00084000 "\Windows\System32\comctl32.dll"
.\debug.cpp(256) : 0x750f0000 0x0004a000 "\Windows\System32\KernelBase.dll"
.\debug.cpp(256) : 0x750d0000 0x00012000 "\Windows\System32\devobj.dll"
.\debug.cpp(256) : 0x750a0000 0x00027000 "\Windows\System32\cfgmgr32.dll"
.\debug.cpp(256) : 0x75070000 0x0002d000 "\Windows\System32\wintrust.dll"
.\debug.cpp(256) : 0x75060000 0x0000c000 "\Windows\System32\msasn1.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\000000b6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :  Destination "\Device\Ndis"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) :  Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM12"
.\debug.cpp(400) :  Destination "\Device\BthModem3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000005a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6C272675-58EE-4043-A4D3-92DBADB1B5F0}"
.\debug.cpp(400) :  Destination "\Device\NDMP21"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :  Destination "\Device\Video0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ00#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000068"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000005b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000058"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000017"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) :  Destination "\Device\AgileVPN"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&00010001_PID&00b1#7&6570f76&0&9C18743BEF75_C00000000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :  Destination "\Device\BthModem5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :  Destination "\Device\00000081"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :  Destination "\Device\00000061"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0010#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000000b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :  Destination "\Device\Video1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0A5C&PID_2101#5&20d213d1&0&2#{0850302a-b344-4fda-9be9-90576b8d46f0}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f#7&6570f76&0&0012D29A6CED_C00000000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :  Destination "\Device\BthModem6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_207A17AA&REV_05#4&221001b3&0&34F0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0022"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3417dd3f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :  Destination "\Device\Video2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000059"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001101-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000#7&6570f76&0&00265D8220F5_C00000000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\BthModem3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM15"
.\debug.cpp(400) :  Destination "\Device\BthModem0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :  Destination "\Device\Video3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CD2E3D66-3902-491D-948F-69FF30710F4A}"
.\debug.cpp(400) :  Destination "\Device\NDMP10"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{64FBB26A-6A9B-4A9B-A3BA-C9DF740698EC}"
.\debug.cpp(400) :  Destination "\Device\NDMP4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) :  Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BthPan"
.\debug.cpp(400) :  Destination "\Device\BthPan"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________TX07____#5&17dfe16a&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP1T0L0-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\KSENUM#00000001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) :  Destination "\Device\ProcessManagement"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000#7&6570f76&0&00265D4D0861_C00000001#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :  Destination "\Device\BthModem2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM16"
.\debug.cpp(400) :  Destination "\Device\BthModem8"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :  Destination "\Device\Video4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2b630f55&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) :  Destination "\Device\NDMP26"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_206B17AA&REV_02#3&33fd14ca&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A42A3278-A2D8-49A9-A557-4A0B646886F0}"
.\debug.cpp(400) :  Destination "\Device\NDMP7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{13D56F7F-5899-4AD6-AED9-C70BC8292B80}"
.\debug.cpp(400) :  Destination "\Device\NDMP1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) :  Destination "\Device\VolMgrControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTWAVDT"
.\debug.cpp(400) :  Destination "\Device\BTWAVDT"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&00010001_PID&00b1#7&6570f76&0&9C18743BEF75_C00000000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\BthModem5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPLCF00#4&1ce21d91&0&UID67568640#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) :  Destination "\Device\00000083"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) :  Destination "\Device\Video5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000061"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000069"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) :  Destination "\Device\00000079"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&f592d36&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) :  Destination "\Device\CompositeBattery"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :  Destination "\Device\WMIDataDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) :  Destination "\Device\TeredoTun"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) :  Destination "\Device\SPDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000056"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPLCF00#4&1ce21d91&0&UID67568640#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) :  Destination "\Device\00000083"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&17c1fb17&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&80272ba&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\0000007a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000003"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{08166d0e-c163-11de-b1b6-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\KSENUM#00000001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) :  Destination "\Device\PEAuth"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A8ADC3FF-8301-4CEA-9DCB-9DCF8C113DDA}"
.\debug.cpp(400) :  Destination "\Device\NDMP23"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0019#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000014"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{012BB052-079E-4635-9B33-B453A1D64325}"
.\debug.cpp(400) :  Destination "\Device\NDMP19"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :  Destination "\Device\NamedPipe"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0012#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000000d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000007"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000004"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) :  Destination "\Device\vwififlt"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) :  Destination "\Device\BthModem6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6352E677-B159-4B05-B40B-A5539EBC9951}"
.\debug.cpp(400) :  Destination "\Device\NDMP14"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :  Destination "\Device\Mup"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
.\debug.cpp(400) :  Destination "\Device\NDMP37"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\000000b7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM4"
.\debug.cpp(400) :  Destination "\Device\BthModem2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\00000061"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_206C17AA&REV_02#3&33fd14ca&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) :  Destination "\Device\Psched"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f58d069d-c164-11de-9e12-00197efb8ca2}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0016#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000011"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4227&SUBSYS_10118086&REV_02#4&195a0dc1&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :  Destination "\Device\USBFDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standardmäßige Modem-über-Bluetooth-Verbindung #2"
.\debug.cpp(400) :  Destination "\Device\BthModem2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM5"
.\debug.cpp(400) :  Destination "\Device\BthModem1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0A5C&PID_2101#5&20d213d1&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) :  Destination "\Device\NDMP32"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_206F17AA&REV_02#3&33fd14ca&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000017"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TrueCrypt"
.\debug.cpp(400) :  Destination "\Device\TrueCrypt"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :  Destination "\Device\Tcp"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________TX07____#5&17dfe16a&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP1T0L0-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0017#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000012"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000003"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :  Destination "\Device\00000083"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&00010001_PID&006e#7&6570f76&0&1886AC8C1B46_C00000000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :  Destination "\Device\BthModem4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001101-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f#7&6570f76&0&000DB5824D40_C00000000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\BthModem0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001101-0000-1000-8000-00805f9b34fb}_LOCALMFG&0000#7&6570f76&0&000000000000_00000002#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\BthModem7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standardmäßige Modem-über-Bluetooth-Verbindung #3"
.\debug.cpp(400) :  Destination "\Device\BthModem5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM6"
.\debug.cpp(400) :  Destination "\Device\BthModem7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :  Destination "\Device\USBFDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) :  Destination "\Device\00000063"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :  Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&80272ba&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000007b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM7"
.\debug.cpp(400) :  Destination "\Device\BthModem5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standardmäßige Modem-über-Bluetooth-Verbindung #4"
.\debug.cpp(400) :  Destination "\Device\BthModem4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&269f8da8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000061"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\00000061"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :  Destination "\Device\USBFDO-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0011#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000000c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000006"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{83B3723F-0E48-46AA-9A23-FCB17106C253}"
.\debug.cpp(400) :  Destination "\Device\NDMP6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :  Destination "\DosDevices\LPT1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\0000006c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{08166d11-c163-11de-b1b6-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#{00001124-0000-1000-8000-00805f9b34fb}_VID&0001045e_PID&007c&Col01#8&20ca4260&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\000000b2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :  Destination "\Device\00000062"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) :  Destination "\Device\IPSECDOSP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000081"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000061"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :  Destination "\Device\USBFDO-3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :  Destination "\Device\FsWrap"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{08166d12-c163-11de-b1b6-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#{84a1e9b8-12ba-4a9c-8ab0-a43784e0d149}_LOCALMFG&0000#8&19a75450&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\000000b4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) :  Destination "\Device\00000079"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0843&SUBSYS_207817AA&REV_01#4&221001b3&0&32F0#{ba39d8e2-30c9-11d4-b3cd-d916bda91711}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000005c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) :  Destination "\Device\USBFDO-4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9CFAE5BF-4A6A-4339-A4E5-5D14C8C97295}"
.\debug.cpp(400) :  Destination "\Device\NDMP18"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&f592d36&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :  Destination "\GLOBAL??"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0592&SUBSYS_207917AA&REV_0A#4&221001b3&0&33F0#{d2d3b8e3-2400-448c-8c0d-79abecfcfda3}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000058"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1A28CC9A-1A96-4C77-B706-C37E831C0E91}"
.\debug.cpp(400) :  Destination "\Device\NDMP2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) :  Destination "\clfs"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000005d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0011#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000000c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000006"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&80272ba&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000007a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001101-0000-1000-8000-00805f9b34fb}_LOCALMFG&0000#7&6570f76&0&000000000000_00000003#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\BthModem8"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTH#MS_BTHPAN#6&1444bbe2&0&2#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000086"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standardmäßige Modem-über-Bluetooth-Verbindung"
.\debug.cpp(400) :  Destination "\Device\BthModem6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0BB246B8-5390-4ADD-9747-C2F3F1DD5242}"
.\debug.cpp(400) :  Destination "\Device\NDMP8"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\000000b6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) :  Destination "\Device\Secdrv"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&00010001_PID&006e#7&6570f76&0&1886AC8C1B46_C00000000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\BthModem4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) :  Destination "\Device\00000081"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D84C3DD2-7BC5-4992-A91D-AEF998552E13}"
.\debug.cpp(400) :  Destination "\Device\NDMP25"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000004"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\StarOpen"
.\debug.cpp(400) :  Destination "\Device\StarOpen"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\000000b7"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F3854AE8-DE98-48CE-A6D4-ADC5DB12996F}"
.\debug.cpp(400) :  Destination "\Device\NDMP15"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :  Destination "\Device\00000081"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdaC17BA"
.\debug.cpp(400) :  Destination "\Device\CdaC17BA"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) :  Destination "\Device\nativewifip"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) :  Destination "\Device\NDMP33"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000005b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0010#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000000b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTH#MS_BTHPAN#6&1444bbe2&0&2#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000086"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#{00001124-0000-1000-8000-00805f9b34fb}_VID&0001045e_PID&007c&Col01#8&20ca4260&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\000000b2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000005d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :  Destination "\Device\MountPointManager"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000057"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000081"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000059"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{63FB0EBB-63F5-4981-8026-C4DA8985A1A4}"
.\debug.cpp(400) :  Destination "\Device\NDMP20"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A366669C-6278-4D71-B34A-1A8C2C327EF3}"
.\debug.cpp(400) :  Destination "\Device\NDMP11"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{08166d15-c163-11de-b1b6-806e6f6e6963}"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) :  Destination "\Device\Nsi"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0018#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000013"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0015#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000010"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0009#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000000a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :  Destination "\Device\00000081"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5256A5F3-136E-4193-B033-E634FF397DBA}"
.\debug.cpp(400) :  Destination "\Device\NDMP5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :  Destination "\Device\WANARP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) :  Destination "\Device\PartmgrControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nhcDriverDevice"
.\debug.cpp(400) :  Destination "\Device\nhcDriverDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) :  Destination "\Device\NXTIPSEC"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000057"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) :  Destination "\Device\NDMP27"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F3FD4E9E-962D-47D7-8B97-5D67A6E80929}"
.\debug.cpp(400) :  Destination "\Device\NDMP24"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0014#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000000f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0008#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000009"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{08166d0e-c163-11de-b1b6-806e6f6e6963}#00000008C3D00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000061"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000000f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0008#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000009"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) :  Destination "\Device\WFP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) :  Destination "\Device\WwanProt"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :  Destination "\Device\NDMP29"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) :  Destination "\Device\ASYNCMAC"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_206E17AA&REV_02#3&33fd14ca&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0016#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000011"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DE6E3624-BA23-47D2-AB6E-E872366D6B1D}"
.\debug.cpp(400) :  Destination "\Device\NDMP3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO"
.\debug.cpp(400) :  Destination "\Device\ElbyCDIO"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) :  Destination "\Device\WANARPV6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\0000006a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0019#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000014"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :  Destination "\Device\000000b5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0017#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000012"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AD68D78F-88B7-4AC7-8AFB-8FCCE4D46157}"
.\debug.cpp(400) :  Destination "\Device\NDMP17"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9A51D8F8-A5CB-41EC-8F72-979F7F4CC571}"
.\debug.cpp(400) :  Destination "\Device\NDMP12"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) :  Destination "\Device\1394BUS0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\OODrvLed"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\OODrvLed"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{08166d0e-c163-11de-b1b6-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#{00001124-0000-1000-8000-00805f9b34fb}_VID&0001045e_PID&007c&Col02#8&20ca4260&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :  Destination "\Device\000000b3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHITACHI_HTS541612J9SA00_________________SBDIC7UP#5&2a99920f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000005c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&a49ab80&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\00000061"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000056"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3E2A0055-0602-46CC-9838-B9B9ACC93F14}"
.\debug.cpp(400) :  Destination "\Device\NDMP36"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :  Destination "\Device\NdisWan"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) :  Destination "\Device\AscKmd"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTWL2CAP"
.\debug.cpp(400) :  Destination "\Device\BTWL2CAP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14_-_Intel(R)_Core(TM)_Duo_CPU______T2450__@_2.00GHz#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000066"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) :  Destination "\Device\NDMP28"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) :  Destination "\Device\MPS"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f#7&6570f76&0&0012D29A6CED_C00000000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\BthModem6"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0012#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000000d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000007"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{252F1CC2-C333-42A4-A5A4-08951EAA4A77}"
.\debug.cpp(400) :  Destination "\Device\NDMP35"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_207417AA&REV_10#4&221001b3&0&08F0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :  Destination "\Device\VolMgrControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :  Destination "\Device\MailSlot"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{18371FB9-3371-476A-9B6A-596FAACC0DE2}"
.\debug.cpp(400) :  Destination "\Device\NDMP34"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_206217AA&REV_03#3&33fd14ca&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14_-_Intel(R)_Core(TM)_Duo_CPU______T2450__@_2.00GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\00000067"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) :  Destination "\Device\NDMP31"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) :  Destination "\Device\NDMP30"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0020#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000015"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0013#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000000e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0007#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000008"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :  Destination "\DosDevices\COM1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :  Destination ""
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_207417AA&REV_10#4&221001b3&0&08F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) :  Destination "\Device\SstpDrv"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdaC15BA"
.\debug.cpp(400) :  Destination "\Device\CdaC15BA"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :  Destination "\Device\Ndisuio"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000060"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001103-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000#7&6570f76&0&00265D4D0861_C00000001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\BthModem2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHENUM#{00001101-0000-1000-8000-00805f9b34fb}_VID&0001000f_PID&0000#7&6570f76&0&00265D4D0861_C00000001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\BthModem1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_207617AA&REV_00#4&221001b3&0&30F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0015#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000010"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0009#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\0000000a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :  Destination "\Device\Null"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) :  Destination "\Device\00000063"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0862&SUBSYS_17AA8E2D&REV_1000#4&2c03fc71&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000081"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_206217AA&REV_03#3&33fd14ca&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0001"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0020#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000015"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0013#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000000e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0007#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000008"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) :  Destination "\Device\WfpAle"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\0000005f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_206D17AA&REV_02#3&33fd14ca&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0AE96C60-4B97-4AA5-B0BB-61127698384B}"
.\debug.cpp(400) :  Destination "\Device\NDMP16"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{39E886AE-A379-4430-B394-9B2DF01F6F62}"
.\debug.cpp(400) :  Destination "\Device\NDMP9"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000005a"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM11"
.\debug.cpp(400) :  Destination "\Device\BthModem4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4227&SUBSYS_10118086&REV_02#4&195a0dc1&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0018#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :  Destination "\Device\00000013"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E129510B-21DA-4EBE-9E58-233E27188141}"
.\debug.cpp(400) :  Destination "\Device\NDMP13"
.\debug.cpp(409) :  --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
.\boot_cleaner.cpp(1060) : 
.\boot_cleaner.cpp(1061) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1062) :  --------------------------------------------
.\boot_cleaner.cpp(1106) :    111 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) : 
.\boot_cleaner.cpp(1151) : Done;
         

Alt 08.09.2010, 14:02   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.09.2010, 16:57   #13
maxl909
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Ok erstmal vielen Dank.

Die Log-Files kommen gleich ...

Ich habe aber dennoch zwei Fragen.
1. Was war es denn nun genau bzw. hast du gar nichts finden können?
2. Was bedeutet in der GMER-Auswertung diese Zeilen?

Zitat:
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C51599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
Vielen Dank

Alt 08.09.2010, 19:00   #14
maxl909
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4571

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.09.2010 17:59:04
mbam-log-2010-09-08 (17-59-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 278630
Laufzeit: 1 Stunde(n), 10 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/08/2010 at 07:56 PM

Application Version : 4.42.1000

Core Rules Database Version : 5471
Trace Rules Database Version: 3283

Scan type       : Complete Scan
Total Scan Time : 01:45:43

Memory items scanned      : 637
Memory threats detected   : 0
Registry items scanned    : 10419
Registry threats detected : 0
File items scanned        : 146285
File threats detected     : 13

Adware.Tracking Cookie
	C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@mediaplex[2].txt
	C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@atdmt[2].txt
	C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@doubleclick[1].txt
	C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@oberon-media[2].txt
	C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@content.yieldmanager[2].txt
	C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@gamecenter.oberon-media[2].txt
	C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@apmebf[2].txt
	C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@content.yieldmanager[3].txt
	C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@sevenoneintermedia.112.2o7[1].txt
	C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@ad.yieldmanager[1].txt
	C:\Users\maxl\AppData\Roaming\Microsoft\Windows\Cookies\maxl@2o7[2].txt
	ia.media-imdb.com [ C:\Users\maxl\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPEGTS2V ]
	icq.oberon-media.com [ C:\Users\maxl\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPEGTS2V ]
         

Alt 08.09.2010, 20:06   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER Auswertung verdacht auf Rootkit - Standard

GMER Auswertung verdacht auf Rootkit



Ein Rootkit hab ich da nicht gesehen. Einige überflüssige Einträge haben wir gefixt, das ein oder andere harmlosere Zeug wurde mit Malwarebytes entfernt.
Dein GMER Schippsel da zeigt ein paar Dumps der Datei ntkrnlpa.exe an. Warum willst Du das genau wissen? Was die genau bedeuten können wohl nur Programmierspezialisten interpretieren.

Rechner wieder ok? Da wurden zum Schluss nur harmlose Cookies gefunden.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu GMER Auswertung verdacht auf Rootkit
0 bytes, appdata, auswertung, bios, cdrom, code, controlset002, crypt, dwm.exe, gmer, ide, lanmanworkstation, live, localsystemnetworkrestricted, local\temp, locker, log-datei, mail, neu, notification, ntdll.dll, registry, rootkit, scan, secur, server, services, shell32.dll, software, svchost.exe, system, system32, temp, usbport.sys, verdacht, win32, windows live



Ähnliche Themen: GMER Auswertung verdacht auf Rootkit


  1. GMER-Rootkit-Analyse !
    Log-Analyse und Auswertung - 05.11.2014 (6)
  2. GMER - Rootkit - Analayse
    Log-Analyse und Auswertung - 09.07.2014 (3)
  3. gmer log bei rootkit
    Log-Analyse und Auswertung - 21.12.2013 (7)
  4. GMER - Rootkit Scanner - VMAUTHSERVICE Rootkit
    Log-Analyse und Auswertung - 27.10.2013 (5)
  5. Rootkit? - Hilfe bei Auswertung von gmer Log
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (2)
  6. Rootkit Infektion, danach Windows-Neuinstallation, GMER zeigt erneut Rootkit Aktivitäten an (Avast! false positive?)
    Log-Analyse und Auswertung - 05.03.2013 (2)
  7. GMER hat Rootkit gefunden (vdrv1000.sys)
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (5)
  8. Gmer.exe findet Rootkit/Malware
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (5)
  9. Absturz durch Rootkit beim GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (4)
  10. Pc Absturz durch Rootkit bei GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (20)
  11. Gmer meldet Rootkit Verdacht: HIDDEN MSSQL Service
    Log-Analyse und Auswertung - 04.08.2010 (5)
  12. GMER hat Rootkit gefunden!
    Plagegeister aller Art und deren Bekämpfung - 08.03.2010 (1)
  13. Rootkit mit Gmer gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.03.2010 (5)
  14. Rootkit? (Bisher nur gmer-Log)
    Mülltonne - 08.02.2010 (2)
  15. Rootkit Untersuchung mit GMER
    Plagegeister aller Art und deren Bekämpfung - 16.11.2009 (5)
  16. Frage zu GMER Rootkit Scan
    Antiviren-, Firewall- und andere Schutzprogramme - 17.02.2009 (3)

Zum Thema GMER Auswertung verdacht auf Rootkit - Hallo Leute, ich habe den Verdacht das sich bei mir ein Rootkit eingeschlichen hat. Könnte sich bitte ein Fachmann mal diese log-Datei anschauen? GMER Logfile: Code: Alles auswählen Aufklappen ATTFilter - GMER Auswertung verdacht auf Rootkit...
Archiv
Du betrachtest: GMER Auswertung verdacht auf Rootkit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.