Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   DR/Kraddare.A verantwortlich für Land-Attacken ? (https://www.trojaner-board.de/89692-dr-kraddare-a-verantwortlich-land-attacken.html)

cosinus 22.08.2010 18:37
Mountpoints2 => Information About The Windows Registry Key "MountPoints2"

Bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

belyu 22.08.2010 21:26
Bemerkung :

Nachdem ich die cofi.exe ausgeführt habe und auf "JA" geklickt habe piepte der Systemlautsprecher und es erschien ein kleines Fenster : "FEHLER". Da klickte ich auf OK und dann hat der Rechner rebootet und das Combofix-teil startete. Er hat dann auch nicht erst die Registry gesichert, so wie es im Leitafden steht, sondern gleich nach der wiederherstellungskonsole gefragt. Ansonsten hat er dann losgelegt mit dem Scan.

Hier das Log:

Code:
ComboFix 10-08-21.06 - *** 22.08.2010  22:08:11.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1639 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winxp\regedit.com
c:\winxp\system32\taskmgr.com

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-22 bis 2010-08-22  ))))))))))))))))))))))))))))))
.

2010-08-22 19:49 . 2010-08-22 19:49        --------        d-----w-        c:\programme\CCleaner
2010-08-21 17:49 . 2010-08-21 17:49        --------        d-----w-        C:\_OTL
2010-08-20 10:58 . 2010-04-29 10:19        38224        ----a-w-        c:\winxp\system32\drivers\mbamswissarmy.sys
2010-08-20 10:58 . 2010-08-20 10:58        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2010-08-20 10:58 . 2010-04-29 10:19        20952        ----a-w-        c:\winxp\system32\drivers\mbam.sys
2010-08-07 09:19 . 2010-08-07 09:19        --------        d-----w-        c:\programme\360g
2010-07-27 18:15 . 2010-08-22 10:08        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\ICQ
2010-07-27 18:15 . 2010-08-12 16:20        --------        d-----w-        c:\programme\ICQ7.2
2010-07-26 10:06 . 2010-07-26 10:07        7546073        ----a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\becker\workingdir\download_cache\becker.download.navigation.com\!application\BeckerCM2\2010062501_2.2.1.9986\BeckerCM_Setup.exe
2010-07-26 09:49 . 2010-07-26 09:49        90624        ----a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\becker\backup\CK-XVG2-9EQB-KCA7-28BE\2035468\flash\iGO8\SDS\scfservice.dll
2010-07-26 09:38 . 2010-07-26 09:38        39632        ----a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\becker\backup\CK-XVG2-9EQB-KCA7-28BE\2035468\flash\NNGStart\MSVCR80.DLL
2010-07-26 09:38 . 2010-07-26 09:38        152088        ----a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\becker\backup\CK-XVG2-9EQB-KCA7-28BE\2035468\flash\NNGStart\NNGStart.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 16:25 . 2008-12-30 16:44        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Skype
2010-08-19 17:50 . 2008-06-19 08:35        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Winamp
2010-08-12 11:31 . 2008-10-21 14:56        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-08-12 11:30 . 2001-08-23 09:00        94602        ----a-w-        c:\winxp\system32\perfc007.dat
2010-08-12 11:30 . 2001-08-23 09:00        481458        ----a-w-        c:\winxp\system32\perfh007.dat
2010-08-11 11:08 . 2010-02-11 13:25        --------        d-----w-        c:\programme\TeamSpeak 3 Client
2010-08-09 17:24 . 2010-02-18 11:06        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Xfire
2010-08-09 17:14 . 2008-06-19 08:42        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\uTorrent
2010-08-07 09:07 . 2009-12-19 11:16        --------        d-----w-        c:\programme\Mozilla Thunderbird
2010-07-30 16:10 . 2010-02-18 11:06        --------        d-----w-        c:\programme\Xfire
2010-07-30 08:40 . 2010-07-21 10:26        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-07-30 08:39 . 2009-11-27 14:07        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-07-27 08:09 . 2010-03-16 12:14        --------        d-----w-        c:\programme\DAEMON Tools Lite
2010-07-26 09:49 . 2010-07-26 09:49        52224        ----a-w-        c:\dokumente und einstellungen\***\Anwendungsdaten\becker\backup\CK-XVG2-9EQB-KCA7-28BE\2035468\flash\iGO8\SDS\saopservice.dll
2010-07-20 15:58 . 2008-10-02 10:08        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe
2010-07-19 15:21 . 2010-07-19 15:21        --------        d-----w-        c:\programme\Common Files
2010-07-09 19:04 . 2010-07-09 19:04        41872        ----a-w-        c:\winxp\system32\xfcodec.dll
2010-07-07 14:05 . 2010-07-07 14:05        1992        ----a-w-        c:\winxp\desctemp.dat
2010-06-30 12:28 . 2007-10-09 15:05        149504        ----a-w-        c:\winxp\system32\schannel.dll
2010-06-24 12:17 . 2007-12-11 19:54        841216        ----a-w-        c:\winxp\system32\wininet.dll
2010-06-24 12:17 . 2007-10-09 13:19        78336        ----a-w-        c:\winxp\system32\ieencode.dll
2010-06-24 12:17 . 2007-10-09 13:19        17408        ----a-w-        c:\winxp\system32\corpol.dll
2010-06-24 09:02 . 2007-10-09 15:06        1852032        ----a-w-        c:\winxp\system32\win32k.sys
2010-06-21 15:27 . 2007-10-09 15:07        354304        ----a-w-        c:\winxp\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-03 19:57        80384        ----a-w-        c:\winxp\system32\iccvid.dll
2010-06-14 14:31 . 2008-06-18 13:23        744448        ----a-w-        c:\winxp\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2007-10-09 15:05        1172480        ----a-w-        c:\winxp\system32\msxml3.dll
2010-05-29 16:28 . 2009-09-25 15:57        682280        ----a-w-        c:\winxp\system32\pbsvc.exe
.

------- Sigcheck -------

[-] 2008-08-25 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\winxp\system32\dllcache\TCPIP.SYS
[-] 2008-08-25 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\winxp\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\winxp\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winxp\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\winxp\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winxp\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winxp\ServicePackFiles\i386\TCPIP.SYS
[-] 2008-01-08 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\winxp\$NtUninstallKB951748_0$\tcpip.sys

[-] 2008-08-24 15:23 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\winxp\ServicePackFiles\i386\ctfmon.exe
[-] 2008-08-24 15:23 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\winxp\system32\ctfmon.exe
[7] 2004-08-03 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\winxp\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\winxp\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\winxp\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"razer"="c:\programme\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"NvMediaCenter"="c:\winxp\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2009-11-20 12669544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-08-24 24064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-06-24 124928]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Dienst-Manager.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Dienst-Manager.lnk
backup=c:\winxp\pss\Dienst-Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06        976832        ----a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04        35760        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43        69632        ------r-        c:\winxp\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50        155648        ----a-w-        c:\winxp\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 01:08        2512392        ----a-w-        c:\winxp\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 09:33        16132608        ------r-        c:\winxp\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BlueSoleil Hid Service"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"O&O Defrag"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\WINXP\\system32\\mmc.exe"=
"d:\\Spiele\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Spiele\\Dead Space\\Dead Space.exe"=
"d:\\Spiele\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"d:\\Spiele\\Steam\\SteamApps\\***\\team fortress 2\\hl2.exe"=
"d:\\Spiele\\Steam\\Steam.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Spiele\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Spiele\\Prototype\\prototypef.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Spiele\\S.T.A.L.K.E.R. - Call Of Pripyat\\bin\\xrEngine.exe"=
"d:\\Spiele\\S.T.A.L.K.E.R. - Call Of Pripyat\\bin\\dedicated\\xrEngine.exe"=
"c:\\Programme\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\Xfire\\Xfire.exe"=
"c:\\Programme\\Miranda IM\\miranda32.exe"=
"d:\\Spiele\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"d:\\Spiele\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"d:\\Spiele\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"d:\\Spiele\\Steam\\SteamApps\\common\\alien swarm\\swarm.exe"=
"d:\\Spiele\\Steam\\SteamApps\\common\\alien swarm\\srcds.exe"=
"d:\\Spiele\\Steam\\SteamApps\\***\\counter-strike source\\hl2.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R1 LUMDriver;LUMDriver;c:\winxp\system32\drivers\LUMDriver.sys [11.07.2003 15:22 14912]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.03.2009 13:05 135336]
R2 BBDemon;Backbone Service;c:\programme\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [29.04.2006 07:32 49152]
R2 Start BT in service;Start BT in service;c:\programme\BlueSoleil\StartSkysolSvc.exe [19.03.2008 17:52 51816]
R3 Razerlow;Razer Copperhead Driver;c:\winxp\system32\drivers\Razerlow.sys [28.07.2008 09:13 19020]
S3 npggsvc;nProtect GameGuard Service;c:\winxp\system32\GameMon.des -service --> c:\winxp\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\winxp\system32\drivers\sptd.sys [21.06.2008 14:01 691696]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - uphcleanhlp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\kjdosw3m.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winxp\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-NWEReboot - (no file)
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-DAEMON Tools Lite - c:\programme\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-MaxMenuMgr - c:\programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
MSConfigStartUp-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
MSConfigStartUp-WinampAgent - c:\programme\Winamp\winampa.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-22 22:10
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\winxp\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-329068152-299502267-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:46,11,8b,69,ea,62,66,a2,99,55,0d,d6,21,ef,9e,d0,bc,4c,da,1b,57,
  76,cf,b0,27,66,9f,77,1f,71,3d,e8,cd,f4,76,45,59,c1,17,7c,6e,16,9b,3c,3f,dc,\
"rkeysecu"=hex:32,d0,69,74,3c,da,13,5f,03,33,41,6c,5b,eb,10,50

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="BCAD1AE977DFA40CDB92912C62020CEB73543DC292F056240A4DB6E3499DF9DEF57C7A37CD01AE976AD9E3CC7E5634BA16FDC6647D26AF1751130C02E025179E5C1A6A5F7D5EA6F4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DFEBC9E127BECC74CB50F0E5732A5870A9F8336CF4DB947CA857999B2DE8B7C6FFB4E3543832FAB2CAD3B450F36ABCD5F1118F7E01B28D0243FF233F14BE61CAE4CED61774A132F00B87AD7776E5E4AE7705C477270E6A8CE54F942DE7FFE4D5EE087C96C66B059ED57F2749FC21C7C427AB29DBACAA4E79EE351A9F4A76F6028DAD7DA81D6AD5513C7FD2F6E2239072334B1D4442901CB7D516B2E0373C4CDCA1ECFE1ED9B2671231429FE9D7FFDB452E3A42F6C8E90B4E8C4EFF72E1981AE18D41590B83BA8A0E5043540BBD2A7EF2E1589D068825DA771AC3A17ED4F9B4075EB7FFE3FBEB7F936A598B0A894E4C8A49614C23D92644F3DB559FA8E547CE4DE15992632354A3903CC7D749B445AF23C7CA76FC74C9675845712792FE804A261C4A66596AFCCBBCF8EBF941EE59F470B1CE1A934C3588D1548D94C435002249FB4997EC3C21D0635C470790E7DC040BD931123061104AA5083DE9093D3BDB44F619C9868898E3DDB8E58751D183DFD163E3577154F6587ABCA7EC7BA4071483C8C09BC842068AD85CC6D3A50C38AC4664287208C1FBDFEB0A2CD57A9E6C97543BB73DBECA9654584A65F5E83918F7D1906717FE824C214FA511309A31B6AF357B61D45CACA3418BF85105F621AA83229B312597E841D6A3DE3C9893F36E8A37E0B80B01A2EF75CB298921C6F77A694A6BB3BD5F3EDE84ABD2C23E9E9154E84D38A4939AC0148ECEC52325780484C77B5517302C30E3922D23C81A164181ABE84CA575C2674314891E66C38BE2FD1D110E9F54DBC9910026C6C7B87BF243D9AD223417D00BE2F12D852F24B29D1644200C1308C82496A9F8B59DEDA64A11E0615B2CD610798B6118B51A9FE90DCA286E75846780B56B1D243E2A9BC107D1693B65AF934DA41AEAF0BE62DA61BFC2103BAF00D2DA08149983FAE0FB0CFA7F4F835BDF68271F8F17D4AD8C77AC266673F011210AA620F8493BB22F7238A95FB90A2C627C09406502DD032FC96544FF2E757078D574446AD068A6BFE5F753FDF5725232644DEB18B15393F81F77371B2CC6DDEF7F88B72815A8F7A73971D224C6F78C33EC7424B5CB13214BE83140D8BE287EC76BC54E3B01EC682D8E0E0BD5E1FE85DF06903A16B9F81075301016354BF7E49E2348C6D6080BAFCE7B4F51828CF59E9722BBA0CD9237B308F9A57BB5920BE4D4B52F6672AD68D260BF0E2B9B09040A52C7455643AA30D6F79610A605AE348"
.
Zeit der Fertigstellung: 2010-08-22  22:11:34
ComboFix-quarantined-files.txt  2010-08-22 20:11

Vor Suchlauf: 3.706.568.704 Bytes frei
Nach Suchlauf: 3.678.826.496 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 49E8E4025C31F38D832E17E84647FDCC
MFG

cosinus 23.08.2010 12:37
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

belyu 23.08.2010 16:37
So, hier erstmal das Log von GMER

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-23 16:57:31
Windows 5.1.2600 Service Pack 3
Running: 1eowjypi.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\uxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT  B86BF826                                                                                                            ZwCreateKey
SSDT  B86BF81C                                                                                                            ZwCreateThread
SSDT  B86BF82B                                                                                                            ZwDeleteKey
SSDT  B86BF835                                                                                                            ZwDeleteValueKey
SSDT  B86BF83A                                                                                                            ZwLoadKey
SSDT  B86BF808                                                                                                            ZwOpenProcess
SSDT  B86BF80D                                                                                                            ZwOpenThread
SSDT  B86BF844                                                                                                            ZwReplaceKey
SSDT  B86BF83F                                                                                                            ZwRestoreKey
SSDT  B86BF830                                                                                                            ZwSetValueKey
SSDT  \??\C:\WINXP\system32\Drivers\uphcleanhlp.sys                                                                        ZwUnloadKey [0xB3BE26D0]

---- Kernel code sections - GMER 1.0.15 ----

.text  C:\WINXP\system32\DRIVERS\nv4_mini.sys                                                                              section is writeable [0xB6DE7380, 0x5414D5, 0xE8000020]
.text  C:\WINXP\system32\DRIVERS\atksgt.sys                                                                                section is writeable [0xB3C26300, 0x3B6D8, 0xE8000020]
.text  C:\WINXP\system32\DRIVERS\lirsgt.sys                                                                                section is writeable [0xB83B8300, 0x1BEE, 0xE8000020]
?      C:\WINXP\system32\Drivers\uphcleanhlp.sys                                                                            Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\Explorer.EXE [KERNEL32.dll!GetProcAddress]                                    [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                          [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                              [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                              [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]                          [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]                              [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]                          [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT    C:\WINXP\Explorer.EXE[1328] @ C:\WINXP\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                   
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0xAD 0xE3 0x3B 0x5D ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                  0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  2
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x85 0x0C 0x96 0xDC ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                  C:\Programme\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                      0x21 0x99 0xE4 0x18 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xC0 0x9F 0x2A 0xCA ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0xDE 0x48 0x00 0x19 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xF7 0xEC 0x26 0x8E ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x51 0x46 0xBC 0x42 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x29 0x07 0x93 0xDF ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x73 0x03 0x27 0xFA ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x8C 0xE9 0xD7 0x34 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xB9 0x55 0x84 0xE3 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)               
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      1
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0xAD 0xE3 0x3B 0x5D ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                      0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      2
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x85 0x0C 0x96 0xDC ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                      C:\Programme\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                          0x21 0x99 0xE4 0x18 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC0 0x9F 0x2A 0xCA ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xDE 0x48 0x00 0x19 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF7 0xEC 0x26 0x8E ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x51 0x46 0xBC 0x42 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x29 0x07 0x93 0xDF ...
Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                               
Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION                                BCAD1AE977DFA40CDB92912C62020CEB73543DC292F056240A4DB6E3499DF9DEF57C7A37CD01AE976AD9E3CC7E5634BA16FDC6647D26AF1751130C02E025179E5C1A6A5F7D5EA6F4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DFEBC9E127BECC74CB50F0E5732A5870A9F8336CF4DB947CA857999B2DE8B7C6FFB4E3543832FAB2CAD3B450F36ABCD5F1118F7E01B28D0243FF233F14BE61CAE4CED61774A132F00B87AD7776E5E4AE7705C477270E6A8CE54F942DE7FFE4D5EE087C96C66B059ED57F2749FC21C7C427AB29DBACAA4E79EE351A9F4A76F6028DAD7DA81D6AD5513C7FD2F6E2239072334B1D4442901CB7D516B2E0373C4CDCA1ECFE1ED9B2671231429FE9D7FFDB452E3A42F6C8E90B4E8C4EFF72E1981AE18D41590B83BA8A0E5043540BBD2A7EF2E1589D068825DA771AC3A17ED4F9B4075EB7FFE3FBEB7F936A598B0A894E4C8A49614C23D92644F3DB559FA8E547CE4DE15992632354A3903CC7D749B445AF23C7CA76FC74C9675845712792FE804A261C4A66596AFCCBBCF8EBF941EE59F470B1CE1A934C3588D1548D94C435002249FB4997EC3C21D0635C470790E7DC040BD931123061104AA5083DE9093D3BDB44F619C9868898E3DDB8E58751D183DFD1

---- EOF - GMER 1.0.15 ----
und von OSAM

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:46:36 on 23.08.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.21283

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - C:\WINXP\system32\OODBS.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINXP\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINXP\system32\javacpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINXP\system32\PhysX.cpl
"razer.cpl" - "Razer Inc." - C:\WINXP\system32\razer.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal – Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\WINXP\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINXP\system32\drivers\Changer.sys  (File not found)
"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\WINXP\gdrv.sys
"HAMA PC-WEBCAM AC-130" (CAM1210) - "USB video camera" - C:\WINXP\System32\Drivers\cam1210.sys
"i2omgmt" (i2omgmt) - ? - C:\WINXP\system32\drivers\i2omgmt.sys  (File not found)
"InCD Reader" (InCDRm) - ? - C:\WINXP\System32\drivers\InCDRm.sys  (File not found)
"InCDPass" (InCDPass) - ? - C:\WINXP\System32\drivers\InCDPass.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINXP\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINXP\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"LUMDriver" (LUMDriver) - "IBM" - C:\WINXP\system32\drivers\LUMDriver.sys
"PCIDump" (PCIDump) - ? - C:\WINXP\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINXP\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINXP\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINXP\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINXP\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINXP\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINXP\System32\Drivers\PxHelp20.sys
"Razer Copperhead Driver" (Razerlow) - "Razer (Asia-Pacific) Pte Ltd" - C:\WINXP\System32\Drivers\Razerlow.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\ssmdrv.sys
"TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINXP\System32\DRIVERS\tcpip.sys
"WDICA" (WDICA) - ? - C:\WINXP\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINXP\system32\Rundll32.exe C:\WINXP\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINXP\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINXP\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINXP\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINXP\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINXP\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"36X Raid Configurer" - "Gigabyte Technology Corp." - C:\WINXP\system32\JMRaidSetup.exe boot
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"JMB36X IDE Setup" - ? - C:\WINXP\JM\JMInsIDE.exe  (File found, but it contains no detailed information)
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
"razer" - ? - C:\Programme\Razer\Copperhead\razerhid.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\WINXP\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Backbone Service" (BBDemon) - "Dassault Systemes" - C:\Programme\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
"HID Input Service" (HidServ) - ? -  C:\WINXP\System32\hidserv.dll  (File not found)
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINXP\system32\GameMon.des
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINXP\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Start BT in service" (Start BT in service) - ? - C:\Programme\BlueSoleil\StartSkysolSvc.exe  (File found, but it contains no detailed information)
"User Profile Hive Cleanup" (UPHClean) - "Microsoft Corporation" - C:\Programme\UPHClean\uphclean.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINXP\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
bootkit_remover :

Code:
.\debug.cpp(238) : Debug log started at 23.08.2010 - 15:54:17
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINXP\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINXP\system32\hal.dll"
.\debug.cpp(256) : 0xb85a8000 0x00002000 "\WINXP\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xb84b8000 0x00003000 "\WINXP\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb7f78000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xb85aa000 0x00002000 "\WINXP\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb7f67000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xb80a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xb8670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xb8328000 0x00007000 "\WINXP\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xb80b8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb7f48000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xb85ac000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb7f22000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xb8330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xb80c8000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xb7f0a000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xb80d8000 0x0000b000 "jraid.sys"
.\debug.cpp(256) : 0xb7ef2000 0x00018000 "\WINXP\system32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0xb80e8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xb80f8000 0x0000d000 "\WINXP\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb7ed2000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb7ec0000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xb8108000 0x00009000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb7ea9000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb7e96000 0x00013000 "WudfPf.sys"
.\debug.cpp(256) : 0xb7e09000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb7ddc000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xb84bc000 0x00004000 "vbtenum.sys"
.\debug.cpp(256) : 0xb7dc2000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xb85ae000 0x00002000 "JGOGO.sys"
.\debug.cpp(256) : 0xb8338000 0x00007000 "BTHidMgr.sys"
.\debug.cpp(256) : 0xb82a8000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb6e7b000 0x009c4000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xb6e67000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xb83f8000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb6e43000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xb8400000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb6e1b000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb82b8000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xb8408000 0x00008000 "\SystemRoot\system32\drivers\Afc.sys"
.\debug.cpp(256) : 0xb82c8000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xb82d8000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb6df8000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xb82e8000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xb8410000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xb82f8000 0x0000a000 "\SystemRoot\System32\Drivers\VcommMgr.sys"
.\debug.cpp(256) : 0xb8418000 0x00007000 "\SystemRoot\system32\DRIVERS\blueletaudio.sys"
.\debug.cpp(256) : 0xb6dd4000 0x00024000 "\SystemRoot\system32\DRIVERS\portcls.sys"
.\debug.cpp(256) : 0xb8308000 0x0000f000 "\SystemRoot\system32\DRIVERS\drmk.sys"
.\debug.cpp(256) : 0xb8420000 0x00006000 "\SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys"
.\debug.cpp(256) : 0xb86bc000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xb85c4000 0x00002000 "\SystemRoot\System32\Drivers\RootMdm.sys"
.\debug.cpp(256) : 0xb8428000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xb8318000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb8598000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb6dbd000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xb8138000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xb8148000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xb8430000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb6dac000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xb8158000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xb8438000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xb8440000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb8448000 0x00007000 "\SystemRoot\system32\DRIVERS\VComm.sys"
.\debug.cpp(256) : 0xb7d9e000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xb6d7c000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xb8168000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xb8450000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xb85c6000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb6c7e000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xb7d8e000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xb8178000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xb8188000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xb85ca000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xb46b0000 0x00456000 "\SystemRoot\system32\drivers\RtkHDAud.sys"
.\debug.cpp(256) : 0xb85ce000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xb87dd000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xb85d0000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xb8470000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xb8478000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xb85d2000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xb85d4000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xb8480000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xb8488000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xb6c5a000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xb4655000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xb45fc000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xb45d6000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb45ae000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xb8198000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xb458c000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xb81a8000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xb8490000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xb4561000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xb44f1000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xb6c56000 0x00003000 "\??\C:\WINXP\system32\drivers\LUMDriver.sys"
.\debug.cpp(256) : 0xb81b8000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xb44cf000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xb85d8000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xb8498000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xb84a0000 0x00005000 "\SystemRoot\System32\Drivers\Razerlow.sys"
.\debug.cpp(256) : 0xb6c3a000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xb81e8000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xb6c36000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xb6c2e000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xb81f8000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xb443f000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xb85da000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb4b0e000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xb84a8000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbd000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xb86c2000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbd012000 0x005fe000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x99589000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0x9957d000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x99264000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0x991d1000 0x00043000 "\SystemRoot\system32\DRIVERS\atksgt.sys"
.\debug.cpp(256) : 0xb83b0000 0x00005000 "\SystemRoot\system32\DRIVERS\lirsgt.sys"
.\debug.cpp(256) : 0x9908a000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x990e9000 0x00003000 "\??\C:\WINXP\system32\Drivers\uphcleanhlp.sys"
.\debug.cpp(256) : 0x98e1d000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0x99191000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0x98bd4000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0x989dd000 0x00017000 "\SystemRoot\system32\DRIVERS\Rtenicxp.sys"
.\debug.cpp(256) : 0x988ea000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINXP\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808a433&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000008e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :              Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) :              Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :              Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :              Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth DUN Modem"
.\debug.cpp(400) :              Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000055"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature835F835FOffsetC34F34A00Length2E031A3600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) :              Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :              Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&88ab043&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) :              Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{35CA3BB9-F4DF-406A-88C1-A929AE014D7A}"
.\debug.cpp(400) :              Destination="\Device\{35CA3BB9-F4DF-406A-88C1-A929AE014D7A}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1e850c4&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) :              Destination="\Device\avgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :              Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D9671641-5591-4EAA-B5F7-387B4A25DC7A}"
.\debug.cpp(400) :              Destination="\Device\{D9671641-5591-4EAA-B5F7-387B4A25DC7A}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c045b8b5-3d47-11dd-aa13-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) :              Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) :              Destination="\Device\Scsi\JRAID1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) :              Destination="\Device\ProcessManagement"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#HIDCLASS#0000#{57574d37-c5e9-412d-a115-fa6d779eff08}"
.\debug.cpp(400) :              Destination="\Device\00000006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) :              Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808a433&0&0201#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :              Destination="\Device\0000008e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_50041458&REV_02#3&13c0b0c5&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :              Destination="\Device\00000035"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) :              Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{c045b8b4-3d47-11dd-aa13-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_50041458&REV_02#3&13c0b0c5&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTHidMgr"
.\debug.cpp(400) :              Destination="\Device\BTHidMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :              Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth Fax Modem"
.\debug.cpp(400) :              Destination="\Device\00000035"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\uphcleanhlp"
.\debug.cpp(400) :              Destination="\Device\uphcleanhlp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_50041458&REV_02#3&13c0b0c5&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_50041458&REV_02#3&13c0b0c5&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_50061458&REV_02#3&13c0b0c5&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0091&SUBSYS_02C210DE&REV_A1#4&1a9c9f1a&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :              Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0006#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) :              Destination="\Device\Serial2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) :              Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :              Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) :              Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM4"
.\debug.cpp(400) :              Destination="\Device\Serial3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :              Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000002e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :              Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&30b58b36&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0008#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM5"
.\debug.cpp(400) :              Destination="\Device\Serial4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :              Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :              Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0003#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM6"
.\debug.cpp(400) :              Destination="\Device\Serial5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :              Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :              Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&bd04752&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :              Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM7"
.\debug.cpp(400) :              Destination="\Device\Serial6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808a433&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\0000008e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) :              Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :              Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :              Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0007#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0004#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM8"
.\debug.cpp(400) :              Destination="\Device\Serial7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000002e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) :              Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&70ace42&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0E28496E-0F3B-4C0B-94AD-C062E7CD7946}"
.\debug.cpp(400) :              Destination="\Device\{0E28496E-0F3B-4C0B-94AD-C062E7CD7946}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM9"
.\debug.cpp(400) :              Destination="\Device\Serial8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000002f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :              Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LUMDriver"
.\debug.cpp(400) :              Destination="\Device\LUMDriver"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) :              Destination="\Device\USBFDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0005#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0002#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{435F5762-0FEB-487B-B956-510E38242255}"
.\debug.cpp(400) :              Destination="\Device\{435F5762-0FEB-487B-B956-510E38242255}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000059"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808a433&0&0201#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000008e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) :              Destination="\Device\USBFDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0001#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :              Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) :              Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_1532&Pid_0101&MI_01#7&1ee692d9&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000094"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2d364fd6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) :              Destination="\Device\USBFDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_50041458&REV_02#3&13c0b0c5&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GSA-4165B&Rev_DL03#5&2cfd9831&0&000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\JRAID1Port4Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_1532&Pid_0101#5&22954613&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000002f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000002f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&26397ab7&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VcommMgrDevice"
.\debug.cpp(400) :              Destination="\Device\VcommMgrDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :              Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000002e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_1532&Pid_0101&MI_00#6&286bef29&0&0000#{d2f9ad00-6ae9-11d5-88f8-0080c8ef5b74}"
.\debug.cpp(400) :              Destination="\Device\00000091"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) :              Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&99f0121&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&269b1df4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) :              Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RealTekCard"
.\debug.cpp(400) :              Destination="\Device\RealTekCard"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :              Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808a433&0&0201#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000008e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_50041458&REV_02#3&13c0b0c5&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\0000002e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_50061458&REV_02#3&13c0b0c5&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2F61D4EC-8926-4277-9F3A-EAF30E5D80B2}"
.\debug.cpp(400) :              Destination="\Device\{2F61D4EC-8926-4277-9F3A-EAF30E5D80B2}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :              Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\razerlow"
.\debug.cpp(400) :              Destination="\Device\razerlow"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_01#4&cf4e44&0&00E5#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\lirsgt"
.\debug.cpp(400) :              Destination="\Device\lirsgt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) :              Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{73ced5d0-3d3c-11dd-a731-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) :              Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :              Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) :              Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) :              Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) :              Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature835F835FOffset7E00LengthC34F24E00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) :              Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) :              Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_1532&Pid_0101&MI_00#7&7230694&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000093"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :              Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\0000002f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3250820NS_____________________________3.AEK___#5&3d0951c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :              Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :              Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E8C22410-7A7D-404C-88BF-786F3E1DC907}"
.\debug.cpp(400) :              Destination="\Device\{E8C22410-7A7D-404C-88BF-786F3E1DC907}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :              Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_1532&Pid_0101&MI_01#7&1ee692d9&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\00000094"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\atksgt"
.\debug.cpp(400) :              Destination="\Device\atksgt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :              Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :              Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Aaspi0"
.\debug.cpp(400) :              Destination="\Device\Aaspi0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2363&SUBSYS_B0001458&REV_02#4&345cafaf&0&00E4#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_1532&Pid_0101&MI_00#7&7230694&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\00000093"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GSA-4165B&Rev_DL03#5&2cfd9831&0&000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\JRAID1Port4Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EEACF48B-DCF5-4689-BDAB-6E01D2C7004F}"
.\debug.cpp(400) :              Destination="\Device\{EEACF48B-DCF5-4689-BDAB-6E01D2C7004F}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM10"
.\debug.cpp(400) :              Destination="\Device\Serial9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GSA-4165B&Rev_DL03#5&2cfd9831&0&000#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) :              Destination="\Device\Scsi\JRAID1Port4Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) :              Destination="\Device\avipbb"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM11"
.\debug.cpp(400) :              Destination="\Device\Serial10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmInfo"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1153) :  --------------------------------------------
.\boot_cleaner.cpp(1197) :    232 GB  \\.\PhysicalDrive0  Unknown boot code
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1217) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1220) :
.\boot_cleaner.cpp(1242) : Done;

cosinus 23.08.2010 17:48
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

belyu 23.08.2010 18:13
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Professional
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x0000001c

Kernel Drivers (total 128):
  0x804D7000 \WINXP\system32\ntkrnlpa.exe
  0x806E5000 \WINXP\system32\hal.dll
  0xB85A8000 \WINXP\system32\KDCOM.DLL
  0xB84B8000 \WINXP\system32\BOOTVID.dll
  0xB7F78000 ACPI.sys
  0xB85AA000 \WINXP\system32\DRIVERS\WMILIB.SYS
  0xB7F67000 pci.sys
  0xB80A8000 isapnp.sys
  0xB8670000 pciide.sys
  0xB8328000 \WINXP\system32\DRIVERS\PCIIDEX.SYS
  0xB80B8000 MountMgr.sys
  0xB7F48000 ftdisk.sys
  0xB85AC000 dmload.sys
  0xB7F22000 dmio.sys
  0xB8330000 PartMgr.sys
  0xB80C8000 VolSnap.sys
  0xB7F0A000 atapi.sys
  0xB80D8000 jraid.sys
  0xB7EF2000 \WINXP\system32\DRIVERS\SCSIPORT.SYS
  0xB80E8000 disk.sys
  0xB80F8000 \WINXP\system32\DRIVERS\CLASSPNP.SYS
  0xB7ED2000 fltmgr.sys
  0xB7EC0000 sr.sys
  0xB8108000 PxHelp20.sys
  0xB7EA9000 KSecDD.sys
  0xB7E96000 WudfPf.sys
  0xB7E09000 Ntfs.sys
  0xB7DDC000 NDIS.sys
  0xB84BC000 vbtenum.sys
  0xB7DC2000 Mup.sys
  0xB85AE000 JGOGO.sys
  0xB8338000 BTHidMgr.sys
  0xB8248000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB6B08000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB6AF4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB8430000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB6AD0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xB8438000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB6AA8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xB8258000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xB8440000 \SystemRoot\system32\drivers\Afc.sys
  0xB8268000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xB8278000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB6A85000 \SystemRoot\system32\DRIVERS\ks.sys
  0xB6A6E000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
  0xB8288000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xB8450000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xB8298000 \SystemRoot\System32\Drivers\VcommMgr.sys
  0xB8458000 \SystemRoot\system32\DRIVERS\blueletaudio.sys
  0xB6A4A000 \SystemRoot\system32\DRIVERS\portcls.sys
  0xB82A8000 \SystemRoot\system32\DRIVERS\drmk.sys
  0xB8460000 \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys
  0xB87D4000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xB85C8000 \SystemRoot\System32\Drivers\RootMdm.sys
  0xB8468000 \SystemRoot\System32\Drivers\Modem.SYS
  0xB82B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB8590000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB6A33000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xB82C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xB82D8000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xB8470000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB6A22000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB82E8000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xB8478000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xB8480000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB8488000 \SystemRoot\system32\DRIVERS\VComm.sys
  0xB85A0000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xB69F2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xB82F8000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xB8490000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xB85CA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB68F4000 \SystemRoot\system32\DRIVERS\update.sys
  0xB7D96000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB8308000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xB8318000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xB85CE000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xB4326000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xB85D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xB87C7000 \SystemRoot\System32\Drivers\Null.SYS
  0xB85D4000 \SystemRoot\System32\Drivers\Beep.SYS
  0xB8358000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xB8390000 \SystemRoot\System32\drivers\vga.sys
  0xB85D6000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xB85D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xB8398000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB83A0000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB68D0000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xB42CB000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xB4272000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xB424A000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB4224000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xB8138000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xB4202000 \SystemRoot\System32\drivers\afd.sys
  0xB8148000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xB83A8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xB41D7000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xB4167000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xB68CC000 \??\C:\WINXP\system32\drivers\LUMDriver.sys
  0xB8158000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB4145000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xB85DC000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xB83B0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xB83B8000 \SystemRoot\System32\Drivers\Razerlow.sys
  0xB68B0000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xB8188000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xB68AC000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xB68A4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xB8198000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB40B5000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xB85DE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB4790000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB83C8000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0xB86FE000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32\nv4_disp.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xB3CFF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xB3CFB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB39B2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB396F000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xB8420000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xB3828000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB3947000 \??\C:\WINXP\system32\Drivers\uphcleanhlp.sys
  0xB35BB000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB38EF000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB3278000 \SystemRoot\System32\Drivers\HTTP.sys
  0x7C910000 \WINXP\system32\ntdll.dll

Processes (total 33):
      0 System Idle Process
      4 System
    680 C:\WINXP\system32\smss.exe
    736 csrss.exe
    760 C:\WINXP\system32\winlogon.exe
    804 C:\WINXP\system32\services.exe
    816 C:\WINXP\system32\lsass.exe
    1028 C:\WINXP\system32\nvsvc32.exe
    1060 C:\WINXP\system32\svchost.exe
    1128 svchost.exe
    1224 C:\WINXP\system32\svchost.exe
    1264 C:\WINXP\system32\svchost.exe
    1372 svchost.exe
    1424 svchost.exe
    1580 C:\WINXP\system32\spoolsv.exe
    1648 C:\Programme\Avira\AntiVir Desktop\sched.exe
    1724 svchost.exe
    1804 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1820 C:\Programme\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
    1944 C:\Programme\BlueSoleil\StartSkysolSvc.exe
    2004 C:\WINXP\system32\svchost.exe
    2036 C:\Programme\UPHClean\uphclean.exe
    272 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    724 alg.exe
    1388 C:\WINXP\explorer.exe
    184 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    1200 C:\Programme\Razer\Copperhead\razerhid.exe
    3004 C:\Programme\Razer\Copperhead\razertra.exe
    3020 C:\Programme\Razer\Copperhead\razerofa.exe
    3324 C:\Programme\ICQ7.2\ICQ.exe
    3976 D:\Spiele\Steam\Steam.exe
    448 C:\Programme\Mozilla Firefox\firefox.exe
    3236 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00  (NTFS)

PhysicalDrive0 Model Number: ST3250820NS, Rev: 3.AEK 

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus 23.08.2010 19:20
Auch ok.
Was ist an diesem Rechner anders? Der andere PC erzeugt keine solchen Meldungen durch den Router?

belyu 23.08.2010 19:52
hm... das OS ist exakt dasselbe, genauso wie die ICQ-Version...der Firefox ist glaube älter auf dem anderen Rechner (aber nicht viel älter 3.6.6 glaube), werd ich morgen mal updaten und gucken was passiert.

Ich muss dazu sagen, dass ICQ jetz schon seit 3 Tagen nicht mehr selbstständig disconnected, aber die Land's immer noch erscheinen....sehr kurios.

Sieht sehr nach einem Fehlalarm aus, aber warum erst nach 5 Jahren sowas :confused:

Ich vermute mal es ist ein Bug irgendeiner Software, der mit einem Update gekommen ist.

Es besteht ja noch die Möglichkeit, dass der Angriff von Außen kommt... allerdings hab ich eine dynamische IP, die bei jedem Login ins Internet anders ist. Und selbst wenn, müssten dann die Land's ja auch im Router auftauchen, wenn ich mit dem anderen Rechner on bin. Wie sollte er denn herausfinden welche IP immer zu meinem Rechner gehört und nicht zu dem Anderen.

Achja, bei dem anderen Rechner fehlen auch noch ein paar der letzten Windows-Updates (er ist halt wenig an)...vllt liegt auch da möglicherweise der Hase im Pfeffer.

MFG

belyu 24.08.2010 18:33
So!

Ich glaube ich habe den Übeltäter gefunden. Mozilla Firefox in der Version 3.6.8 !

Wie gesag, hatte ich auf diesem Rechner hier bis eben noch die ältere Version 3.6.6 drauf.

Als ich eben das aktuellste Update auf Version 3.6.8 gemacht habe und Firefox neugestartet habe, kamen zum ersten Mal Land-Meldungen im Router-Log mit der IP dieses Rechners.

Wird Firefox auch von ICQ zum Anzeigen von Werbung benutzt, wenn Firefox als Standardbrowser eingestellt ist? Auch von Steam? Wenn ja, würde das auch erklären warum ich die Lands kriege obwohl Firefox nicht an ist.

Edit: Eben hat hier ICQ auch zum ersten mal disconnected... scheint also wirklich an Firefox zu liegen.

MFG

cosinus 24.08.2010 18:58
An Firefox 3.6.8 solls liegen? :confused:
Kann ich mir kaum vorstellen. Ist das reproduzierbar? Auf dem "Problemrechner" mal ein downgrade auf FF 3.6.6 gemacht und es kamen keine Routerwarnungen mehr?

EDith: http://www.router-forum.de/board-smc...75-page-1.html

Was soll das Crossposting :koch:

belyu 25.08.2010 09:35
So hier is ne Liste der FF-Releases :

hxxp://releases.mozilla.org/pub/mozilla.org/firefox/releases/

Aber wie krieg ich das runtergeladen und wie installieren? :rolleyes: :lach:

MFG


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:31 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131