Trojaner-Board - Musik im Hintergrund,Pop-ups in IE-Fenstern

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Musik im Hintergrund,Pop-ups in IE-Fenstern (https://www.trojaner-board.de/89026-musik-hintergrund-pop-ups-ie-fenstern.html)

Schritt 1

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

:contents C:\boot.ini
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Schritt 2

Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Da Du Vista verwendest, solltest Du die cmd.exe bzw. die Eingabeaufforderung per Rechtsklick => "als Administrator ausführen" starten.
Falls wir irgendwie Probleme damit haben, können wir auch alternativ die UAC deaktivieren

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:

Code:

remover.exe fix \\.\PhysicalDrive0

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:06 on 03/08/2010 by Wir (Administrator - Elevation successful)

========== contents ==========

C:\boot.ini - Opened succesfully.

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

-=End Of File=

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Dokumente und Einstellungen\Wir>remover.exe fix \\.\PhysicalDrive0
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Restoring boot code at \\.\PhysicalDrive0...
OK

Done;
Press any key to quit...

Musik noch da......

Neu gestartet? :)

Nach Neustart scanne erneut mit Bootkitremover :)

Ja, soeben Neustart und Scan.

das Log ...

.\debug.cpp(238) : Debug log started at 03.08.2010 - 18:19:58
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x001f9280 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806d1000 0x00020300 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f78000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f67000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xba4c0000 0x00004000 "\WINDOWS\System32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0b8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f48000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba4c4000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xba671000 0x00001000 "\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f30000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xba0d8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9f10000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9efe000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xb9ee7000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9e5a000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9e2d000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xb9e19000 0x00014000 "srescan.sys"
.\debug.cpp(256) : 0xb9dff000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba574000 0x00004000 "\SystemRoot\System32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xba578000 0x00003000 "\SystemRoot\System32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xb90d2000 0x005bf000 "\SystemRoot\System32\DRIVERS\igxpmp32.sys"
.\debug.cpp(256) : 0xb90be000 0x00014000 "\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xba3d0000 0x00006000 "\SystemRoot\System32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb909a000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba3d8000 0x00008000 "\SystemRoot\System32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb9075000 0x00025000 "\SystemRoot\System32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb8ef5000 0x00180000 "\SystemRoot\System32\DRIVERS\athw.sys"
.\debug.cpp(256) : 0xba2d8000 0x0000e000 "\SystemRoot\System32\DRIVERS\l1c51x86.sys"
.\debug.cpp(256) : 0xba2e8000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xba3e0000 0x00005000 "\SystemRoot\System32\DRIVERS\DKbFltr.sys"
.\debug.cpp(256) : 0xba3e8000 0x00007000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xb8ec4000 0x00031000 "\SystemRoot\System32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xba5be000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba2f8000 0x0000d000 "\SystemRoot\System32\DRIVERS\WDFLDR.SYS"
.\debug.cpp(256) : 0xb8e48000 0x0007c000 "\SystemRoot\System32\Drivers\wdf01000.sys"
.\debug.cpp(256) : 0xba3f0000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba308000 0x0000b000 "\SystemRoot\System32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba318000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba118000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb8e25000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba128000 0x0000a000 "\SystemRoot\System32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xba6e8000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba138000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xba580000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb8e0e000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba148000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba158000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba3f8000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb8dfd000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba168000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba400000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba408000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xba178000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5c0000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb8d9f000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xba588000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xba188000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xba1a8000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xa8030000 0x000cf000 "\SystemRoot\system32\drivers\CHDAU32.sys"
.\debug.cpp(256) : 0xa800c000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba1b8000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa6e19000 0x00023000 "\SystemRoot\system32\DRIVERS\klif.sys"
.\debug.cpp(256) : 0xba440000 0x00008000 "\SystemRoot\System32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xba5c4000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba7a4000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba5c6000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba448000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba5c8000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba5ca000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba450000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba458000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xba548000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xa6de6000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xa6d8d000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xa6d65000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xa6d05000 0x00060000 "\SystemRoot\System32\vsdatant.sys"
.\debug.cpp(256) : 0xa6cdf000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xba554000 0x00003000 "\SystemRoot\System32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xba258000 0x00009000 "\SystemRoot\System32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xba460000 0x00007000 "\SystemRoot\System32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xa6c95000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xba268000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xba470000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xa6bc2000 0x00022000 "\??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS"
.\debug.cpp(256) : 0xba55c000 0x00003000 "\SystemRoot\System32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xba488000 0x00006000 "\??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS"
.\debug.cpp(256) : 0xa6b97000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xa6b27000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xba298000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xba2a8000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xa6b0b000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xba5d2000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xa82fe000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xa6acb000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xba606000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xa8004000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba490000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba702000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf024000 0x0002b000 "\SystemRoot\System32\igxpgd32.dll"
.\debug.cpp(256) : 0xbf012000 0x00012000 "\SystemRoot\System32\igxprd32.dll"
.\debug.cpp(256) : 0xbf04f000 0x0020c000 "\SystemRoot\System32\igxpdv32.DLL"
.\debug.cpp(256) : 0xbf25b000 0x00307000 "\SystemRoot\System32\igxpdx32.DLL"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xa699f000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xa693d000 0x00062000 "\??\C:\WINDOWS\system32\drivers\ACEDRV07.sys"
.\debug.cpp(256) : 0xa69bb000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa6528000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xa6369000 0x00057000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa6264000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xa686d000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa5cf5000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000032"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000031"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2c76c2d9&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination="\Device\avgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c52f&MI_01&Col02#7&36bca8a&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c52f#5&1630352&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d10252fc-9f2a-11df-962b-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A42&SUBSYS_02531025&REV_07#3&11583659&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_02531025&REV_03#3&11583659&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1969&DEV_1063&SUBSYS_02531025&REV_C0#4&2bcebcdb&0&00E5#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ZLTCP"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&dddc97e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&37f71a6f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRESCAN"
.\debug.cpp(400) : Destination="\Device\SRESCAN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1600BEVT-22ZCT0___________________11.01A11#5&17d5c310&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f7a30c41-8dd2-11de-b727-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&21ad834c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_02531025&REV_03#3&11583659&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000035"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4B739C76-E5A4-4815-BE45-A39AD597BC2F}"
.\debug.cpp(400) : Destination="\Device\{4B739C76-E5A4-4815-BE45-A39AD597BC2F}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&29e28ffa&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{62C222A9-5131-434C-83FD-3DE9B582C04C}"
.\debug.cpp(400) : Destination="\Device\{62C222A9-5131-434C-83FD-3DE9B582C04C}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c52f&MI_00#7&2bd67853&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination="\Device\USBFDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination="\Device\USBFDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_02531025&REV_03#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002A&SUBSYS_E006105B&REV_01#4&3905ae0c&0&00E3#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1B20#4&ff861e6&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D93A7C80-76C6-4F69-8B92-E6ADB3444062}"
.\debug.cpp(400) : Destination="\Device\{D93A7C80-76C6-4F69-8B92-E6ADB3444062}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination="\Device\USBFDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_02531025&REV_03#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7580S_________________FX04____#3033353633363033322037363330313831513231#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&b1b2650&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_02531025&REV_03#3&11583659&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CB4DFCD1-0342-46BC-9794-E157E23F8BCB}"
.\debug.cpp(400) : Destination="\Device\{CB4DFCD1-0342-46BC-9794-E157E23F8BCB}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000030"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_02531025&REV_03#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&24934fa1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{357C55AF-27BF-4F0F-9073-9072366E4E50}"
.\debug.cpp(400) : Destination="\Device\{357C55AF-27BF-4F0F-9073-9072366E4E50}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7580S_________________FX04____#3033353633363033322037363330313831513231#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\KLIF"
.\debug.cpp(400) : Destination="\FileSystem\Filters\KLIF"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Dritek_KB_Filter"
.\debug.cpp(400) : Destination="\Device\Dritek_KB_Filter"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SASKUTIL"
.\debug.cpp(400) : Destination="\Device\SASKUTIL"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_02531025&REV_03#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0014"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E97E7D2C-6717-45DE-91E7-155BD2C7EE0E}"
.\debug.cpp(400) : Destination="\Device\{E97E7D2C-6717-45DE-91E7-155BD2C7EE0E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&ff861e6&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000067"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c52f&MI_01&Col03#7&36bca8a&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000033"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EC7AA61F-AD96-4D4A-A8EC-BEC513C099FF}"
.\debug.cpp(400) : Destination="\Device\{EC7AA61F-AD96-4D4A-A8EC-BEC513C099FF}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&d767268&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c52f&MI_01&Col01#7&36bca8a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature1C7B1C7AOffset7E00Length2542978200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV"
.\debug.cpp(400) : Destination="\Device\SASDIFSV"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0733ED35-D954-44A5-BFC3-F0330EF353A8}"
.\debug.cpp(400) : Destination="\Device\{0733ED35-D954-44A5-BFC3-F0330EF353A8}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Oceanus.00"
.\debug.cpp(400) : Destination="\Device\Oceanus.00"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACEDRV07"
.\debug.cpp(400) : Destination="\Device\ACEDRV07"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A43&SUBSYS_02531025&REV_07#3&11583659&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7580S_________________FX04____#3033353633363033322037363330313831513231#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_02531025&REV_03#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c52f&MI_00#7&2bd67853&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination="\Device\SynTP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A91C1E06-DE3C-43B5-AB5D-DE03387E7263}"
.\debug.cpp(400) : Destination="\Device\{A91C1E06-DE3C-43B5-AB5D-DE03387E7263}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vsdatant"
.\debug.cpp(400) : Destination="\Device\vsdatant"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination="\Device\avipbb"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;

noch ein scan ohne neustart..

.\debug.cpp(238) : Debug log started at 03.08.2010 - 18:24:38
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x001f9280 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806d1000 0x00020300 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f78000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f67000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xba4c0000 0x00004000 "\WINDOWS\System32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0b8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f48000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba4c4000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xba671000 0x00001000 "\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f30000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xba0d8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9f10000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9efe000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xb9ee7000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9e5a000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9e2d000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xb9e19000 0x00014000 "srescan.sys"
.\debug.cpp(256) : 0xb9dff000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba574000 0x00004000 "\SystemRoot\System32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xba578000 0x00003000 "\SystemRoot\System32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xb90d2000 0x005bf000 "\SystemRoot\System32\DRIVERS\igxpmp32.sys"
.\debug.cpp(256) : 0xb90be000 0x00014000 "\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xba3d0000 0x00006000 "\SystemRoot\System32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb909a000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba3d8000 0x00008000 "\SystemRoot\System32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb9075000 0x00025000 "\SystemRoot\System32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb8ef5000 0x00180000 "\SystemRoot\System32\DRIVERS\athw.sys"
.\debug.cpp(256) : 0xba2d8000 0x0000e000 "\SystemRoot\System32\DRIVERS\l1c51x86.sys"
.\debug.cpp(256) : 0xba2e8000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xba3e0000 0x00005000 "\SystemRoot\System32\DRIVERS\DKbFltr.sys"
.\debug.cpp(256) : 0xba3e8000 0x00007000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xb8ec4000 0x00031000 "\SystemRoot\System32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xba5be000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba2f8000 0x0000d000 "\SystemRoot\System32\DRIVERS\WDFLDR.SYS"
.\debug.cpp(256) : 0xb8e48000 0x0007c000 "\SystemRoot\System32\Drivers\wdf01000.sys"
.\debug.cpp(256) : 0xba3f0000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba308000 0x0000b000 "\SystemRoot\System32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba318000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba118000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb8e25000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba128000 0x0000a000 "\SystemRoot\System32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xba6e8000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba138000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xba580000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb8e0e000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba148000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba158000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba3f8000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb8dfd000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba168000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba400000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba408000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xba178000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5c0000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb8d9f000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xba588000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xba188000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xba1a8000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xa8030000 0x000cf000 "\SystemRoot\system32\drivers\CHDAU32.sys"
.\debug.cpp(256) : 0xa800c000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba1b8000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa6e19000 0x00023000 "\SystemRoot\system32\DRIVERS\klif.sys"
.\debug.cpp(256) : 0xba440000 0x00008000 "\SystemRoot\System32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xba5c4000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba7a4000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba5c6000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba448000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba5c8000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba5ca000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba450000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba458000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xba548000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xa6de6000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xa6d8d000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xa6d65000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xa6d05000 0x00060000 "\SystemRoot\System32\vsdatant.sys"
.\debug.cpp(256) : 0xa6cdf000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xba554000 0x00003000 "\SystemRoot\System32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xba258000 0x00009000 "\SystemRoot\System32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xba460000 0x00007000 "\SystemRoot\System32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xa6c95000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xba268000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xba470000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xa6bc2000 0x00022000 "\??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS"
.\debug.cpp(256) : 0xba55c000 0x00003000 "\SystemRoot\System32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xba488000 0x00006000 "\??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS"
.\debug.cpp(256) : 0xa6b97000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xa6b27000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xba298000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xba2a8000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xa6b0b000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xba5d2000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xa82fe000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xa6acb000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xba606000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xa8004000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba490000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba702000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf024000 0x0002b000 "\SystemRoot\System32\igxpgd32.dll"
.\debug.cpp(256) : 0xbf012000 0x00012000 "\SystemRoot\System32\igxprd32.dll"
.\debug.cpp(256) : 0xbf04f000 0x0020c000 "\SystemRoot\System32\igxpdv32.DLL"
.\debug.cpp(256) : 0xbf25b000 0x00307000 "\SystemRoot\System32\igxpdx32.DLL"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xa699f000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xa693d000 0x00062000 "\??\C:\WINDOWS\system32\drivers\ACEDRV07.sys"
.\debug.cpp(256) : 0xa69bb000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa6528000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xa6369000 0x00057000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa6264000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xa686d000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa5cf5000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000032"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000031"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2c76c2d9&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination="\Device\avgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c52f&MI_01&Col02#7&36bca8a&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c52f#5&1630352&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d10252fc-9f2a-11df-962b-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A42&SUBSYS_02531025&REV_07#3&11583659&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_02531025&REV_03#3&11583659&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1969&DEV_1063&SUBSYS_02531025&REV_C0#4&2bcebcdb&0&00E5#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ZLTCP"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&dddc97e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&37f71a6f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f7a30c41-8dd2-11de-b727-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRESCAN"
.\debug.cpp(400) : Destination="\Device\SRESCAN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1600BEVT-22ZCT0___________________11.01A11#5&17d5c310&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&21ad834c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_02531025&REV_03#3&11583659&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000035"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4B739C76-E5A4-4815-BE45-A39AD597BC2F}"
.\debug.cpp(400) : Destination="\Device\{4B739C76-E5A4-4815-BE45-A39AD597BC2F}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&29e28ffa&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{62C222A9-5131-434C-83FD-3DE9B582C04C}"
.\debug.cpp(400) : Destination="\Device\{62C222A9-5131-434C-83FD-3DE9B582C04C}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c52f&MI_00#7&2bd67853&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination="\Device\USBFDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination="\Device\USBFDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_02531025&REV_03#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002A&SUBSYS_E006105B&REV_01#4&3905ae0c&0&00E3#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1B20#4&ff861e6&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D93A7C80-76C6-4F69-8B92-E6ADB3444062}"
.\debug.cpp(400) : Destination="\Device\{D93A7C80-76C6-4F69-8B92-E6ADB3444062}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination="\Device\USBFDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_02531025&REV_03#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7580S_________________FX04____#3033353633363033322037363330313831513231#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&b1b2650&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_02531025&REV_03#3&11583659&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CB4DFCD1-0342-46BC-9794-E157E23F8BCB}"
.\debug.cpp(400) : Destination="\Device\{CB4DFCD1-0342-46BC-9794-E157E23F8BCB}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000030"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_02531025&REV_03#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7580S_________________FX04____#3033353633363033322037363330313831513231#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&24934fa1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{357C55AF-27BF-4F0F-9073-9072366E4E50}"
.\debug.cpp(400) : Destination="\Device\{357C55AF-27BF-4F0F-9073-9072366E4E50}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\KLIF"
.\debug.cpp(400) : Destination="\FileSystem\Filters\KLIF"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Dritek_KB_Filter"
.\debug.cpp(400) : Destination="\Device\Dritek_KB_Filter"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SASKUTIL"
.\debug.cpp(400) : Destination="\Device\SASKUTIL"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_02531025&REV_03#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0014"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E97E7D2C-6717-45DE-91E7-155BD2C7EE0E}"
.\debug.cpp(400) : Destination="\Device\{E97E7D2C-6717-45DE-91E7-155BD2C7EE0E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&ff861e6&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000067"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c52f&MI_01&Col03#7&36bca8a&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000033"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EC7AA61F-AD96-4D4A-A8EC-BEC513C099FF}"
.\debug.cpp(400) : Destination="\Device\{EC7AA61F-AD96-4D4A-A8EC-BEC513C099FF}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&d767268&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c52f&MI_01&Col01#7&36bca8a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature1C7B1C7AOffset7E00Length2542978200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV"
.\debug.cpp(400) : Destination="\Device\SASDIFSV"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_10250253&REV_1000#4&285fba0f&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0733ED35-D954-44A5-BFC3-F0330EF353A8}"
.\debug.cpp(400) : Destination="\Device\{0733ED35-D954-44A5-BFC3-F0330EF353A8}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Oceanus.00"
.\debug.cpp(400) : Destination="\Device\Oceanus.00"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACEDRV07"
.\debug.cpp(400) : Destination="\Device\ACEDRV07"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A43&SUBSYS_02531025&REV_07#3&11583659&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7580S_________________FX04____#3033353633363033322037363330313831513231#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_02531025&REV_03#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c52f&MI_00#7&2bd67853&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination="\Device\SynTP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A91C1E06-DE3C-43B5-AB5D-DE03387E7263}"
.\debug.cpp(400) : Destination="\Device\{A91C1E06-DE3C-43B5-AB5D-DE03387E7263}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vsdatant"
.\debug.cpp(400) : Destination="\Device\vsdatant"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination="\Device\avipbb"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;

Das sieht doch schon viel besser aus :)

Schritt 1

Downloade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel:

Malwarebytes - MajorGeeks.com - BestTechie

Anwendbar auf Windows 2000, XP und Vista.
Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), wenn das nicht automatisch passiert (ca. 1 MB).
Aktiviere "Komplett Scan durchführen" => Scan.
Wähle alle verfügbaren Laufwerke aus und starte den Scan.
Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
Versichere Dich, dass alle Funde markiert sind und drücke "Löschen".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.

Schritt 2

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.

http://image.hijackthis.eu/upload/otl_screen_neu.jpg
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Schritt 3

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.
Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system?
Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

.. bis jetzt kein Pop up oder Musik mehr :-)

schaun wir mal..

Ich mache trotzdem weiter -oder?

Gruß
Rainer

Ja jetzt gehts erst los :)

Hallo,

mache morgen weiter.

Danke!!

Rainer

Ok dann bis morgen :)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4386

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04.08.2010 18:57:27
mbam-log-2010-08-04 (18-57-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 215584
Laufzeit: 1 Stunde(n), 4 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\JDownloader\downloads\Fuer_Sprachsteuerung_und_TTS.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Habe ich entfernt :-)

weiter gehts...

OTL Logfile:

Code:

OTL logfile created on: 04.08.2010 19:04:46 - Run 2

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Wir\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): C:\pagefile.sys 4092 5000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,04 Gb Total Space | 5,57 Gb Free Space | 3,74% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FAM-6634P0WGE1G

Current User Name: Wir

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Wir\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)

PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

PRC - C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()

PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)

PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)

PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)

PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)

PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)

PRC - C:\WINDOWS\system32\NILaunch.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Wir\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (WDDMService) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (WDSmartWareBackgroundService) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()

SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)

SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\RtsUCcid.sys File not found

DRV - (RtsUIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found

DRV - (catchme) -- C:\DOKUME~1\Wir\LOKALE~1\Temp\catchme.sys File not found

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)

DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (athr) -- C:\WINDOWS\system32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"

FF - prefs.js..browser.search.order.1: "GMX Suche"

FF - prefs.js..browser.search.order.2: "1und1 Suche"

FF - prefs.js..browser.search.order.3: "amazon.de"

FF - prefs.js..browser.search.order.4: "WEB.DE Suche"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.web.de"

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 41

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5

FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.6.2

FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.24 15:07:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.24 15:07:15 | 000,000,000 | ---D | M]

 

[2010.05.27 18:48:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Extensions

[2010.05.27 18:48:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com

[2010.02.15 22:43:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Firefox\Profiles\krds1db9.default\extensions

[2010.01.09 13:29:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Firefox\Profiles\krds1db9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009.08.24 10:28:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Firefox\Profiles\krds1db9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010.07.17 08:01:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Firefox\Profiles\r2liucfw.Standard-Benutzer\extensions

[2010.04.27 17:38:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Firefox\Profiles\r2liucfw.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.07.16 21:29:09 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Firefox\Profiles\r2liucfw.Standard-Benutzer\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}

[2010.02.15 22:52:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Firefox\Profiles\r2liucfw.Standard-Benutzer\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010.02.07 15:55:37 | 000,005,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Firefox\Profiles\krds1db9.default\searchplugins\1und1-suche.xml

[2010.02.07 15:55:35 | 000,001,371 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Firefox\Profiles\krds1db9.default\searchplugins\amazonde.xml

[2010.02.07 15:55:35 | 000,010,605 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Firefox\Profiles\krds1db9.default\searchplugins\gmx-suche.xml

[2010.02.07 15:55:35 | 000,005,588 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Mozilla\Firefox\Profiles\krds1db9.default\searchplugins\webde-suche.xml

[2010.07.17 08:01:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.02.07 15:54:42 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2010.02.07 15:54:42 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}

[2010.06.03 15:10:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010.07.04 09:36:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.08.03 18:02:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()

O4 - HKLM..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Wir\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Wir\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.08.20 22:54:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.08.04 19:02:24 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wir\Desktop\OTL.exe

[2010.08.03 22:10:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.08.03 22:10:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.08.03 22:10:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.08.03 19:37:47 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Dokumente und Einstellungen\Wir\Desktop\remover.exe

[2010.08.03 19:08:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.08.03 17:52:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.08.03 17:52:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.08.03 17:52:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.08.03 17:52:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.08.03 17:52:03 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.08.02 22:21:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Uniblue

[2010.08.02 22:21:26 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue

[2010.08.02 20:26:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

[2010.08.01 11:33:01 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010.08.01 11:30:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.08.01 11:21:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Wir\Recent

[2010.08.01 11:19:21 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010.08.01 09:38:59 | 000,081,920 | ---- | C] (eSage Lab) -- C:\WINDOWS\System32\remover.exe

[2010.08.01 09:25:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Malwarebytes

[2010.08.01 09:25:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.07.20 19:16:57 | 000,000,000 | ---D | C] -- C:\found.000

[2010.07.17 09:19:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Conduit

[2010.07.17 09:19:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\NCH

[2010.07.16 21:44:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Conduit

[2010.07.16 21:44:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\NCH

[2010.07.16 21:29:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\NCH Software

[2010.07.16 21:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Software

[2010.07.16 21:29:05 | 000,000,000 | ---D | C] -- C:\Programme\Conduit

[2010.07.16 21:29:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wir\Lokale Einstellungen\Anwendungsdaten\Conduit

[2010.07.16 21:29:04 | 000,000,000 | ---D | C] -- C:\Programme\NCH

[2010.07.16 21:28:45 | 000,000,000 | ---D | C] -- C:\Programme\NCH Software

[2010.07.16 21:17:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010.07.14 07:22:24 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.08.04 19:05:06 | 075,202,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2010.08.04 19:02:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wir\Desktop\OTL.exe

[2010.08.04 19:00:23 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2010.08.04 19:00:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.08.04 18:59:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.08.04 18:59:16 | 000,886,460 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2010.08.04 18:59:01 | 006,815,744 | -H-- | M] () -- C:\Dokumente und Einstellungen\Wir\NTUSER.DAT

[2010.08.04 18:59:01 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Wir\ntuser.ini

[2010.08.03 22:10:43 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.08.03 19:32:12 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Desktop\MBRCheck_MBR_Backup_08-03-10_19-32-12.bak

[2010.08.03 18:02:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.08.03 18:02:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.08.03 17:52:53 | 000,068,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

[2010.08.02 21:24:13 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.08.02 21:06:53 | 000,080,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Desktop\MBRCheck.exe

[2010.08.02 18:53:51 | 000,006,662 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Eigene Dateien\cc_20100802_185338registry.reg

[2010.08.01 11:33:06 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010.08.01 11:27:18 | 003,748,898 | R--- | M] () -- C:\Dokumente und Einstellungen\Wir\Desktop\cofi.exe.exe

[2010.08.01 11:25:46 | 000,248,396 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Eigene Dateien\cc_20100801_112535.reg

[2010.08.01 11:19:25 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Desktop\CCleaner.lnk

[2010.08.01 09:39:17 | 000,000,512 | ---- | M] () -- C:\mbr.mbr

[2010.07.31 15:41:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.07.31 12:53:23 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk

[2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll

[2010.07.22 16:43:23 | 000,015,975 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Desktop\Thermostat OM636 direkt am Kopf.jpg

[2010.07.22 09:14:19 | 002,359,350 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp

[2010.07.21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\WINDOWS\System32\remover.exe

[2010.07.21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\Dokumente und Einstellungen\Wir\Desktop\remover.exe

[2010.07.18 07:32:57 | 001,042,162 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.07.18 07:32:57 | 000,448,970 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.07.18 07:32:57 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.07.18 07:32:57 | 000,080,488 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.07.18 07:32:57 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.07.16 21:30:24 | 000,096,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.07.16 20:26:02 | 000,524,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Desktop\OM636.3gp

[2010.07.12 18:56:34 | 000,690,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Wir\Desktop\Haube Rainer.JPG

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.08.03 22:10:43 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.08.03 19:32:12 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wir\Desktop\MBRCheck_MBR_Backup_08-03-10_19-32-12.bak

[2010.08.03 17:52:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.08.03 17:52:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.08.03 17:52:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.08.02 21:07:19 | 000,080,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Wir\Desktop\MBRCheck.exe

[2010.08.02 18:53:49 | 000,006,662 | ---- | C] () -- C:\Dokumente und Einstellungen\Wir\Eigene Dateien\cc_20100802_185338registry.reg

[2010.08.01 11:33:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010.08.01 11:33:03 | 000,262,448 | ---- | C] () -- C:\cmldr

[2010.08.01 11:30:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.08.01 11:30:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.08.01 11:28:17 | 003,748,898 | R--- | C] () -- C:\Dokumente und Einstellungen\Wir\Desktop\cofi.exe.exe

[2010.08.01 11:25:37 | 000,248,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wir\Eigene Dateien\cc_20100801_112535.reg

[2010.08.01 11:19:25 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\Wir\Desktop\CCleaner.lnk

[2010.08.01 09:39:17 | 000,036,061 | ---- | C] () -- C:\Dokumente und Einstellungen\Wir\bootkit_remover_debug_log.txt

[2010.08.01 09:39:17 | 000,000,512 | ---- | C] () -- C:\mbr.mbr

[2010.07.22 16:43:20 | 000,015,975 | ---- | C] () -- C:\Dokumente und Einstellungen\Wir\Desktop\Thermostat OM636 direkt am Kopf.jpg

[2010.07.22 09:14:19 | 002,359,350 | ---- | C] () -- C:\WINDOWS\ACD Wallpaper.bmp

[2010.07.16 21:11:13 | 000,524,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Wir\Desktop\OM636.3gp

[2010.07.12 19:00:18 | 000,450,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Wir\Desktop\gitter haube.JPG

[2010.07.12 18:56:34 | 000,690,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Wir\Desktop\Haube Rainer.JPG

[2010.06.13 13:22:55 | 000,000,261 | ---- | C] () -- C:\WINDOWS\mp3merger.ini

[2009.11.29 16:40:05 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll

[2009.11.29 16:39:13 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll

[2009.11.29 16:39:13 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL

[2009.11.29 16:39:13 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll

[2009.11.29 16:39:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll

[2009.11.29 16:39:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL

[2009.11.29 16:39:12 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL

[2009.11.29 16:34:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI

[2009.11.29 16:07:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI

[2009.10.25 16:53:51 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009.10.22 22:03:18 | 000,000,088 | ---- | C] () -- C:\WINDOWS\ka.ini

[2009.10.22 22:01:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009.10.22 21:58:49 | 000,000,614 | ---- | C] () -- C:\WINDOWS\disney.ini

[2009.10.22 21:45:51 | 000,000,019 | ---- | C] () -- C:\WINDOWS\Benrep.ini

[2009.10.21 21:17:56 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll

[2009.10.21 21:17:56 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll

[2009.10.21 21:17:40 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll

[2009.09.08 21:06:21 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll

[2009.09.02 19:03:50 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009.08.26 21:41:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL

[2009.08.26 21:41:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL

[2009.08.26 21:41:44 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL

[2009.08.26 21:41:44 | 000,000,453 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2009.08.26 21:41:44 | 000,000,137 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2009.08.26 21:41:44 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1430.ini

[2009.08.26 21:41:44 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI

[2009.08.26 21:41:44 | 000,000,026 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini

[2009.08.26 21:41:44 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2009.08.26 21:41:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BROHL143.INI

[2009.08.26 21:41:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2009.08.26 21:41:42 | 000,013,109 | ---- | C] () -- C:\WINDOWS\HL-1430.INI

[2009.08.26 21:41:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini

[2009.08.21 22:08:48 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.08.21 21:58:46 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll

[2009.08.20 23:03:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll

[2009.04.30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[1999.05.11 03:23:00 | 000,000,250 | ---- | C] () -- C:\WINDOWS\acroread.ini

[1999.03.10 03:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll

[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998.01.13 03:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll

[1997.11.14 03:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll

[1996.07.09 03:23:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini

[1994.07.25 03:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv

[1994.04.07 03:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

 
 ========== LOP Check ==========

 

[2009.09.19 19:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV

[2009.08.22 22:43:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Broadcom

[2009.09.08 21:06:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF

[2010.02.07 15:54:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1

[2009.08.20 23:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier

[2009.08.22 22:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink

[2009.08.21 22:20:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT

[2009.10.21 20:48:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2010.05.27 18:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom

[2009.11.29 16:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems

[2010.01.08 18:03:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Western Digital

[2009.09.27 22:32:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010.02.07 15:54:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BA53D93D-6DA8-41AA-AD03-9D07C35074A6}

[2009.08.21 22:00:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\ACD Systems

[2009.11.21 19:00:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\FarmingSimulator2008

[2010.02.01 22:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\InventionOffice

[2010.06.11 22:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Leadertech

[2009.08.29 23:17:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Opera

[2009.11.06 21:56:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\TeamViewer

[2010.05.27 18:47:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\TomTom

[2009.11.29 16:07:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Ulead Systems

[2010.08.02 22:21:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Uniblue

[2010.01.08 18:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wir\Anwendungsdaten\Western Digital

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 142 bytes -> C:\WINDOWS\system32:,|ö‹pctlsp.log

@Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7E95B6FD

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 04.08.2010 19:04:46 - Run 2

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\Wir\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): C:\pagefile.sys 4092 5000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,04 Gb Total Space | 5,57 Gb Free Space | 3,74% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FAM-6634P0WGE1G

Current User Name: Wir

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port

"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server

"1935:TCP" = 1935:TCP:*:Enabled:BroadCam Video Streaming Server Flash Video Server

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v4.170.25.12_Foxconn Installation Program

"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter

"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare

"{24b6a778-0089-4b98-920a-4314840e837b}" = Nero 9 Essentials

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{32180A3A-F7F0-4BD9-924A-B3A271DD35AE}" = Caillous Vorschule

"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{42A74897-DE10-11D5-AB0D-000374890932}" = Perfect FTP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{560E96B3-356D-4572-9FE3-B44F9AB92622}" = CBL Daten-Shredder

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager

"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F389ED5D-77EF-11D6-B235-0050DACD394D}" = Disneys Winnie Puuhs Bilderbuch

"{FDE773CD-9201-4655-87F3-4E051860D47D}" = Ralink Wireless LAN Installation Program for XP v1.4.0.0

"7-Zip" = 7-Zip 4.65

"ACDSee" = ACDSee

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audiograbber" = Audiograbber 1.83 SE 

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Brother HL-1430" = Brother HL-1430

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Direct MP3 Joiner_is1" = Direct MP3 Joiner version 3.0.1.5

"etope Lister_is1" = 1.25

"Firefox 3.6 WEB.DE Edition" = Firefox 3.6 WEB.DE Edition

"FRANKIE - LUSTIGE WELTREISE" = FRANKIE - LUSTIGE WELTREISE

"Free CD to MP3 Converter" = Free CD to MP3 Converter

"FreePDF_XP" = FreePDF (Remove only)

"GPL Ghostscript 8.64" = GPL Ghostscript 8.64

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MozBackup" = MozBackup 1.4.10

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"SmartSuite V99.0" = Lotus SmartSuite Version 9.5

"Surf & E-Mail-Stick" = Surf & E-Mail-Stick

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamViewer 4" = TeamViewer 4

"WBFS Manager 3.0" = WBFS Manager 3.0

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xilisoft DPG Converter" = Xilisoft DPG Converter

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"ZoneAlarm" = ZoneAlarm

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03.08.2010 15:05:15 | Computer Name = FAM-6634P0WGE1G | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established

.

 

Error - 03.08.2010 15:13:27 | Computer Name = FAM-6634P0WGE1G | Source = WDSmartWareBackgroundService | ID = 0

Description = 

 

Error - 03.08.2010 15:13:29 | Computer Name = FAM-6634P0WGE1G | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved

.

 

Error - 04.08.2010 03:17:23 | Computer Name = FAM-6634P0WGE1G | Source = WDSmartWareBackgroundService | ID = 0

Description = 

 

Error - 04.08.2010 03:17:34 | Computer Name = FAM-6634P0WGE1G | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established

.

 

Error - 04.08.2010 06:47:38 | Computer Name = FAM-6634P0WGE1G | Source = WDSmartWareBackgroundService | ID = 0

Description = 

 

Error - 04.08.2010 06:47:48 | Computer Name = FAM-6634P0WGE1G | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established

.

 

Error - 04.08.2010 10:26:34 | Computer Name = FAM-6634P0WGE1G | Source = WDSmartWareBackgroundService | ID = 0

Description = 

 

Error - 04.08.2010 13:00:14 | Computer Name = FAM-6634P0WGE1G | Source = WDSmartWareBackgroundService | ID = 0

Description = 

 

Error - 04.08.2010 13:00:24 | Computer Name = FAM-6634P0WGE1G | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established

.

 

[ System Events ]

Error - 04.08.2010 03:17:25 | Computer Name = FAM-6634P0WGE1G | Source = Service Control Manager | ID = 7002

Description = Der Dienst "BrPar" ist von der Gruppe "Parallel arbitrator" abhängig.

 Kein Mitglied dieser Gruppe wurde jedoch gestartet.

 

Error - 04.08.2010 03:17:25 | Computer Name = FAM-6634P0WGE1G | Source = Service Control Manager | ID = 7023

Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 04.08.2010 06:47:41 | Computer Name = FAM-6634P0WGE1G | Source = Service Control Manager | ID = 7002

Description = Der Dienst "BrPar" ist von der Gruppe "Parallel arbitrator" abhängig.

 Kein Mitglied dieser Gruppe wurde jedoch gestartet.

 

Error - 04.08.2010 06:47:41 | Computer Name = FAM-6634P0WGE1G | Source = Service Control Manager | ID = 7023

Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 04.08.2010 10:26:37 | Computer Name = FAM-6634P0WGE1G | Source = Service Control Manager | ID = 7002

Description = Der Dienst "BrPar" ist von der Gruppe "Parallel arbitrator" abhängig.

 Kein Mitglied dieser Gruppe wurde jedoch gestartet.

 

Error - 04.08.2010 10:26:37 | Computer Name = FAM-6634P0WGE1G | Source = Service Control Manager | ID = 7023

Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 04.08.2010 12:58:27 | Computer Name = FAM-6634P0WGE1G | Source = BROWSER | ID = 8032

Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport

 "\Device\NetBT_Tcpip_{CB4DFCD1-0342-46BC-9794-E157E23F8BCB}" zu oft fehl.  Der Sicherungssuchdienst

 wird beendet.

 

Error - 04.08.2010 13:00:16 | Computer Name = FAM-6634P0WGE1G | Source = Service Control Manager | ID = 7002

Description = Der Dienst "BrPar" ist von der Gruppe "Parallel arbitrator" abhängig.

 Kein Mitglied dieser Gruppe wurde jedoch gestartet.

 

Error - 04.08.2010 13:00:16 | Computer Name = FAM-6634P0WGE1G | Source = Service Control Manager | ID = 7023

Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 04.08.2010 13:06:07 | Computer Name = FAM-6634P0WGE1G | Source = BROWSER | ID = 8032

Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport

 "\Device\NetBT_Tcpip_{CB4DFCD1-0342-46BC-9794-E157E23F8BCB}" zu oft fehl.  Der Sicherungssuchdienst

 wird beendet.

 

 

< End of report >

--- --- ---

GMER Logfile:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-08-04 20:59:25

Windows 5.1.2600 Service Pack 3

Running: 88x6ps87.exe; Driver: C:\DOKUME~1\Wir\LOKALE~1\Temp\awacyfog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwConnectPort [0xA6CC6040]

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwCreateFile [0xA6CC2930]

SSDT            BA71848E                                                                                                                                                                                                                                                                           ZwCreateKey

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwCreatePort [0xA6CC6510]

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwCreateProcess [0xA6CCC870]

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwCreateProcessEx [0xA6CCCAA0]

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwCreateSection [0xA6CCFFD0]

SSDT            BA718484                                                                                                                                                                                                                                                                           ZwCreateThread

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwCreateWaitablePort [0xA6CC6600]

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwDeleteFile [0xA6CC2F20]

SSDT            BA718493                                                                                                                                                                                                                                                                           ZwDeleteKey

SSDT            BA71849D                                                                                                                                                                                                                                                                           ZwDeleteValueKey

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwDuplicateObject [0xA6CCC580]

SSDT            BA7184A2                                                                                                                                                                                                                                                                           ZwLoadKey

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwOpenFile [0xA6CC2D70]

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwOpenProcess [0xA6CCC350]

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwOpenThread [0xA6CCC150]

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwRenameKey [0xA6CCF250]

SSDT            BA7184AC                                                                                                                                                                                                                                                                           ZwReplaceKey

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwRequestWaitReplyPort [0xA6CC5C00]

SSDT            BA7184A7                                                                                                                                                                                                                                                                           ZwRestoreKey

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwSecureConnectPort [0xA6CC6220]

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwSetInformationFile [0xA6CC3120]

SSDT            BA718498                                                                                                                                                                                                                                                                           ZwSetValueKey

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                                                                                                                        ZwTerminateProcess [0xA6CCCCD0]
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwCallbackReturn + 2424                                                                                                                                                                                                                                               80501C5C 12 Bytes  [10, 65, CC, A6, 70, C8, CC, ...]

?               srescan.sys                                                                                                                                                                                                                                                                        Das System kann die angegebene Datei nicht finden. !

.text           C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                                                                                                                                                                                           section is writeable [0xA68FF000, 0x328BA, 0xE8000020]

.pklstb         C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                                                                                                                                                                                           entry point in ".pklstb" section [0xA6943000]

.relo2          C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                                                                                                                                                                                           unknown last section [0xA695F000, 0x8E, 0x42000040]
 

---- Devices - GMER 1.0.15 ----
 

Device          \Driver\Tcpip \Device\Ip                                                                                                                                                                                                                                                           vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
 

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                                                                                                                                                                            wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                                                                                                                                                                            wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

Device          \Driver\Tcpip \Device\Tcp                                                                                                                                                                                                                                                          vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

Device          \Driver\Tcpip \Device\Udp                                                                                                                                                                                                                                                          vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

Device          \Driver\Tcpip \Device\RawIp                                                                                                                                                                                                                                                        vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

Device          \Driver\Tcpip \Device\IPMULTICAST                                                                                                                                                                                                                                                  vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                                                                                                                                                                              

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL                                                                                                                                                                                              E0F15C417A4C75A6B567327A926BD3FB005B3C945A11B70146D028E4BEB086CCEF7F9632E5E9B11F850488FCDA7E4B2748A410D485E563679322DFC07C5EBC21161DA0B51D9A4554D305981A7E01F2CEF61CA65F236ED8C6FB0B08A891169D0E2182737DA968B850286B8115D193075C752E61A974052988E5006660CD8BB01E90CA5DBF067EA75B449BB4B49E7AD97ADC2679AB30A6F958E85619347395131F9CF67EB8A2AC42841A5EFA47A29ECF1A00B57AE27FF50828D14890EF3930F2232EE74E2663674D21CEDE6D1A8D8D616FDEF244CF80B81FAE217491E6CA78927F626716CA214521C5BD2FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D14078EDD5E5BE2F6E6676B13BFBAC3087F590DDA01C1EE527BF70BB176A27C3C248237B02C2839CC83F5D2F23EC19677F428A6C7B0EDE755ECF6EA00A3B3F3F7870E053FC5315446F6B98860AAAE286AAD451574E1510F5067737CC0E1D104B6817CBDD849C373C89621C7C6E977B0507C509A3D22DCB4748055A6608E84B108811D0D9E80A470635187A392D137815A6DCC4CFE77243DB47CE8A34DFAF816402BA5732EAAB63A6D472CFD37ACAB7C7EBC21149DDADCA0C6D75E037CEC00DEF655B1C4ACF806517ECAAF91273AB99AF

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION                                                                                                                                                                                               4D562972EDDC8051D0D377BCEA6DF7BB3C2EB04770946C78A1D6A4C86FC2B495361A98649FF21711637EB8DCEA49EB1821AF54D0B7C9FB47A072778A7D9A4084CFB5C15BA6D265E29BAD1C0EC6E0A81A1677B6E21FFCFA905CDADC9F70A57F6A569093ACA4BB50B7C29D06C4BE1E9625933F4FB220DDF64698E2031FA00045EAFD340FF1EDD18F051AB26F3C424BF59E86622CBBEA8154E28E7EAAE599243931EA4E4B088A1AAF46D273617378195672CDDEEB3EE0DFC8DF6AC6A7151BF5586639AFF28F37FD9276148A7DA9B9989E0EBD5B433D99D5DEBCCF78E48E9739EF3DF550446EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794FEBC9E127BECC74CC038D530D6EB34523ABBC754438365A604439E2D18DECA86632ABFFC5B0E2F084CC33A85827B5F9CEB7A6201228C50888255CC40AA634086890616C96EC527F02190FA9307797982DBFB41C97A4A34A64B906F24BC904252EEB0D64CF848A7FA5FB9E9D6B0C0090C58F167452454747C8812CF2095B286693C51301F4EBE5C45CC8D3958FEF1CD1864772B0EECE0054B9ADB8783EE3C590B4E72215F337104B1DF3EED2866519D493707B6C5174F6F1794D2081C76C417BCB4017F2F6552F0664965E2574FC7DE07BB01898F551E52A7BD40934

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{925E058A-9A62-2C41-9DBE-D250D23052DD}                                                                                                                                                                    

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{925E058A-9A62-2C41-9DBE-D250D23052DD}@oammhmedbmeglaoombcedkkeiahnji                                                                                                                                     0x64 0x61 0x6C 0x63 ...

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{925E058A-9A62-2C41-9DBE-D250D23052DD}@oainhpkcijlfffkfmiebjedlpoaeni                                                                                                                                     0x6A 0x61 0x6C 0x63 ...

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{925E058A-9A62-2C41-9DBE-D250D23052DD}@naomnpjeookdkeofdjbakaagdien                                                                                                                                       0x6A 0x61 0x6C 0x63 ...
 

---- Files - GMER 1.0.15 ----
 

File            C:\Dokumente und Einstellungen\Wir\Eigene Dateien\Sicherungen Bilder 2003-2009\Sicherung 07_2009\Rainer Bilder\Rainer\Downloads\3609_Bibi_and_Tina_The_Great_Paper_Chase_EUR_MULTi3_NDS-OneUp\3609_Bibi_and_Tina_The_Great_Paper_Chase_EUR_MULTi3_NDS-OneUp\1u-bibit\BIBIAN~1.NDS  16777216 bytes
 

---- EOF - GMER 1.0.15 ----

--- --- ---

So das wars :-)