Trojaner-Board - zonealarm blockert explorer

hallo,
habe seit gestern probleme mit meinem rechner. zunächst wurde das system heruntergefahren und ich wurde aufgefordert, meine daten zu speichern, damit diese nicht verloren gehen. habe über den taskmanager alle anwendungen beendet, dann wurde der rechner heruntergefahren. habe bei einem neustart keine möglichkeit mehr ins internet zu gelangen, da zonelarm blockiert. habe zunächst spybot drüberlaufen lassen. dieser hat u. A. eine datei "fake.adobe updater" entdeckt, ein problem, das spybot nicht unmittelbar beheben konnte und mich zu einem neustart aufgefordert hat. nach dem neustart kam eine fehlermeldung bzgl spybot, die ich mir leider nicht notiert habe.auf dem desktop ist dann eine datei "hs_err_pid 3232.log" erschienen, die ich gtelöscht habe. antivir hat die trojaner TR/Dldr.Inject.ahi und TR/Crypt.IR.41 gefunden und in Quarantäne verschoben. das programm trojaner remover hat nichts mehr gefunden. Spybot und antivir haben - auch im abgesicherten Modus - ebenfalls nichts mehr gefunden. ins internet bin ich deshalb noch nicht gekommen. habe mich dann bei euch angemeldet und Malwarebytes hat folgendes gefunden

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4489

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.08.2010 17:27:58
mbam-log-2010-08-27 (17-27-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 167734
Laufzeit: 13 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.

OTL Suchlauf ergab folgende logs:OTL Logfile:

Code:

OTL Extras logfile created on: 27.08.2010 17:53:38 - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\CH\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 26,00% Memory free

4,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free

Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 23,30 Gb Total Space | 1,70 Gb Free Space | 7,30% Space Free | Partition Type: NTFS

Drive D: | 908,21 Gb Total Space | 876,58 Gb Free Space | 96,52% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 232,88 Gb Total Space | 198,93 Gb Free Space | 85,42% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HEMPXP

Current User Name: CH

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDSee 11.0.Browse] -- "C:\Programme\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UacDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver

"{11E1BCE3-5C98-8F4A-0EDB-1B7C1C922926}" = Catalyst Control Center Graphics Full Existing

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!

"{1BF38C77-E678-49AF-885A-BBD10AED2FF3}" = ACDSee RAW Image Decoder Plug-In Update 4.0

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{250A8980-5EF4-615E-1B20-25ECC05B3A3D}" = CCC Help Danish

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{2E5F8E0F-B97A-4820-8357-D5F01DBF027B}" = Catalyst Control Center Graphics Light

"{2F811AA2-10BE-1439-79E1-961CFE52EEB7}" = CCC Help English

"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009

"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode

"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{3A6B6A5B-9F33-4869-303F-F9D5912B71D5}" = CCC Help Thai

"{3A7DC485-F9C5-2777-6996-1F51279452E0}" = CCC Help Polish

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41F5F4C6-7B0C-B0E5-091E-15D22B178C73}" = Catalyst Control Center Graphics Full New

"{43DCD4A8-A3E1-43DD-8588-765401526463}" = CCC Help Dutch

"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking

"{4A85E968-9E24-0AE4-BC49-1614E86F0A50}" = Catalyst Control Center Graphics Previews Common

"{537CD0DB-68A6-BFF7-7A16-612B3AE9A1C7}" = CCC Help Chinese Traditional

"{5B23F1F9-F3FF-66AE-20B5-7C9720D8FA2A}" = ccc-core-preinstall

"{5D901FF9-9615-7A63-37B9-72ABA7228F30}" = CCC Help Russian

"{5E196193-7C4D-9014-D079-65A35E16BC9D}" = CCC Help Swedish

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

"{65C84CD6-0E18-B80D-1F2B-BB4CDC0598E7}" = CCC Help Italian

"{6E22141E-1856-E55F-D0BA-84BE033E584C}" = Catalyst Control Center Core Implementation

"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1

"{783DC155-45AA-70D7-EB02-D19CB33EB9B7}" = CCC Help Hungarian

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87A02565-0002-43F2-BCE9-68C228F90497}" = Catalyst Control Center Localization All

"{8AFA06F7-E60E-43DE-AF33-5552C801B73A}" = Duden Korrektor

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{930661b2-4e0b-4799-b2b6-9c5db37d9291}" = Nero 9 Trial

"{93880C34-66F0-A657-C257-2FAAE73A351B}" = CCC Help Finnish

"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1

"{9BFEB4D7-9F04-6B44-0326-031E948FEF2F}" = ccc-core-static

"{9D5C331B-1693-0653-C725-A3912F66998A}" = ccc-utility

"{A11F0778-8078-C4F4-720D-8E5AC9190DD3}" = CCC Help French

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A417937A-E897-4060-2B52-FBAF7966C0CD}" = CCC Help German

"{A5384FD7-B13F-AA8B-2361-9FC490DCE3FC}" = CCC Help Portuguese

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch

"{AEADE46F-59A9-AF88-A601-CDB4F8310910}" = CCC Help Japanese

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C22C8D5B-BA80-1971-D10E-0707BCB9257B}" = CCC Help Turkish

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFDE4B77-B1A9-BD2B-0D1D-99AA3FC76171}" = CCC Help Spanish

"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM

"{DBF6CDA2-AE8F-5A8A-19DF-D54DD726B80E}" = CCC Help Norwegian

"{E32B2636-8874-88E2-8281-B43ACE9145CD}" = Skins

"{E64BBA52-AC6A-C9BA-8CFA-C6760C11ABCB}" = CCC Help Chinese Standard

"{E650DC8E-DDB1-75B1-B301-BCCC8F001BC8}" = CCC Help Czech

"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{EDDF6128-C9B5-2CC0-6254-574BABF71AE2}" = CCC Help Greek

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F3A40FFE-EEEC-A764-6410-DB50974A0DC4}" = CCC Help Korean

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Alice Software" = Alice Software 4.9.2

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"eMule" = eMule

"Geschichte und Geschehen Arbeitsblätter CD-ROM_is1" = die Geschichte und Geschehen Arbeitsblätter CD-ROM

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"InstallShield_{8AFA06F7-E60E-43DE-AF33-5552C801B73A}" = Duden Korrektor

"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaNavigation.CDLabelPrint" = CD-LabelPrint

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"Mp3Codec" = Mpeg Layer-3 ACM Codec

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"SopCast" = SopCast 3.0.3

"Trojan Remover_is1" = Trojan Remover 6.8.2

"Veetle TV" = Veetle TV 0.9.17

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"xp-AntiSpy" = xp-AntiSpy 3.97-8

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"ZoneAlarm" = ZoneAlarm

"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Defender of the Crown" = Defender of the Crown

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12.08.2010 12:40:06 | Computer Name = HEMPXP | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

in der signierten Datei. .

 

Error - 12.08.2010 12:40:06 | Computer Name = HEMPXP | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

in der signierten Datei. .

 

Error - 12.08.2010 12:40:21 | Computer Name = HEMPXP | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

zurückgegeben. .

 

Error - 12.08.2010 12:51:07 | Computer Name = HEMPXP | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

in der signierten Datei. .

 

Error - 12.08.2010 12:51:07 | Computer Name = HEMPXP | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

in der signierten Datei. .

 

Error - 12.08.2010 12:51:22 | Computer Name = HEMPXP | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

zurückgegeben. .

 

Error - 12.08.2010 13:50:59 | Computer Name = HEMPXP | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

in der signierten Datei. .

 

Error - 12.08.2010 13:50:59 | Computer Name = HEMPXP | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

in der signierten Datei. .

 

Error - 12.08.2010 13:51:14 | Computer Name = HEMPXP | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

zurückgegeben. .

 

Error - 12.08.2010 14:04:10 | Computer Name = HEMPXP | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

in der signierten Datei. .

 

[ System Events ]

Error - 20.07.2010 12:56:18 | Computer Name = HEMPXP | Source = W32Time | ID = 39452689

Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten

Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15

Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.

(0x80072751)

 

Error - 20.07.2010 12:56:18 | Computer Name = HEMPXP | Source = W32Time | ID = 39452701

Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren

Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der

nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle

herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

 

Error - 20.07.2010 12:56:33 | Computer Name = HEMPXP | Source = W32Time | ID = 39452689

Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten

Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15

Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.

(0x80072751)

 

Error - 20.07.2010 12:56:33 | Computer Name = HEMPXP | Source = W32Time | ID = 39452701

Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren

Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der

nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle

herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

 

Error - 04.08.2010 05:13:30 | Computer Name = HEMPXP | Source = W32Time | ID = 39452689

Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten

Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15

Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.

(0x80072751)

 

Error - 04.08.2010 05:13:30 | Computer Name = HEMPXP | Source = W32Time | ID = 39452701

Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren

Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der

nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle

herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

 

Error - 04.08.2010 05:13:45 | Computer Name = HEMPXP | Source = W32Time | ID = 39452689

Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten

Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15

Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.

(0x80072751)

 

Error - 04.08.2010 05:13:45 | Computer Name = HEMPXP | Source = W32Time | ID = 39452701

Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren

Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der

nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle

herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

 

Error - 04.08.2010 05:15:24 | Computer Name = HEMPXP | Source = W32Time | ID = 39452689

Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten

Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15

Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.

(0x80072751)

 

Error - 04.08.2010 05:15:24 | Computer Name = HEMPXP | Source = W32Time | ID = 39452701

Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren

Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der

nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle

herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

 

 

< End of report >

--- --- ---

und II. logfileOTL Logfile:

Code:

OTL logfile created on: 27.08.2010 17:53:38 - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\CH\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 26,00% Memory free

4,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free

Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 23,30 Gb Total Space | 1,70 Gb Free Space | 7,30% Space Free | Partition Type: NTFS

Drive D: | 908,21 Gb Total Space | 876,58 Gb Free Space | 96,52% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 232,88 Gb Total Space | 198,93 Gb Free Space | 85,42% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HEMPXP

Current User Name: CH

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\CH\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - c:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Alice Software\AliceEinwahl.exe (Hansenet)

PRC - C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

PRC - C:\Programme\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

PRC - C:\Programme\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\CH\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)

MOD - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (SavRoam) -- C:\Programme\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Programme\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Programme\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (SPBBCSvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (EraserUtilDrvI9) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrvI9.sys File not found

DRV - (EraserUtilDrv10621) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv10621.sys File not found

DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100826.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100826.002\NAVENG.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)

DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Programme\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtKHDMI.sys (Realtek Semiconductor Corp.)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (ahcix86) -- C:\WINDOWS\system32\drivers\ahcix86.sys (Advanced Micro Devices, Inc)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (SymEvent) -- C:\Programme\Symantec\SYMEVENT.SYS (Symantec Corporation)

DRV - (SAVRT) -- C:\Programme\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Programme\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.6.0.15

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2010.08.11 13:18:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.22 14:03:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.02 16:43:07 | 000,000,000 | ---D | M]

 

[2010.01.24 17:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Mozilla\Extensions

[2010.08.04 13:27:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Mozilla\Firefox\Profiles\3fmz8nx2.default\extensions

[2010.01.24 19:16:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Mozilla\Firefox\Profiles\3fmz8nx2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.08.04 13:19:48 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Mozilla\Firefox\Profiles\3fmz8nx2.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}

[2010.06.15 00:31:50 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Mozilla\Firefox\Profiles\3fmz8nx2.default\searchplugins\conduit.xml

[2010.08.04 13:27:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2001.08.18 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [DNS7reminder] C:\Programme\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [Corfor] C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Adobe\Update\retcli.exe ()

O4 - HKCU..\Run: [Getdo] File not found

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\CH\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263955496062 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.01.20 03:44:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.08.27 17:09:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Malwarebytes

[2010.08.27 17:08:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.08.27 17:08:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.08.27 17:08:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.08.27 17:08:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.08.27 13:28:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\CH\Recent

[2010.08.27 12:21:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\CH\Eigene Dateien\Simply Super Software

[2010.08.27 12:21:00 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll

[2010.08.27 12:20:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Simply Super Software

[2010.08.27 12:20:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software

[2010.08.27 12:20:56 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover

[2010.08.27 09:38:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010.08.26 19:23:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Helper

[2010.08.13 14:52:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Amazon

[2010.08.13 14:52:04 | 000,000,000 | ---D | C] -- C:\Programme\Amazon

[2010.08.04 13:19:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\CH\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit

[2010.08.04 13:19:37 | 000,000,000 | ---D | C] -- C:\Programme\Conduit

[2010.08.04 13:19:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\CH\Lokale Einstellungen\Anwendungsdaten\Conduit

[2010.08.04 13:19:36 | 000,000,000 | ---D | C] -- C:\Programme\ZoneAlarm-Sicherheit

[2010.08.04 13:19:12 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll

[2010.08.04 13:19:12 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll

[2009.11.11 03:51:42 | 214,167,816 | ---- | C] (Nero AG) -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Nero-9.4.26.0_trial.exe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.08.27 17:08:52 | 000,000,683 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.08.27 15:46:26 | 001,086,470 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.08.27 15:46:26 | 000,476,794 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.08.27 15:46:26 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.08.27 15:46:26 | 000,090,734 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.08.27 15:46:26 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.08.27 15:42:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.08.27 15:42:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.08.27 13:28:02 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\CH\NTUSER.DAT

[2010.08.27 13:28:02 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\CH\ntuser.ini

[2010.08.27 12:21:02 | 000,000,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk

[2010.08.27 09:38:42 | 000,000,661 | ---- | M] () -- C:\Dokumente und Einstellungen\CH\Desktop\CCleaner.lnk

[2010.08.25 18:20:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.08.18 17:46:35 | 000,083,968 | ---- | M] () -- C:\Dokumente und Einstellungen\CH\Desktop\Sehr geehrter Herr Hampl.doc

[2010.08.08 20:27:17 | 002,114,074 | -H-- | M] () -- C:\Dokumente und Einstellungen\CH\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.08.05 12:57:30 | 000,427,421 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2010.08.05 12:57:20 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2010.08.05 12:57:20 | 000,000,718 | ---- | M] () -- C:\Dokumente und Einstellungen\CH\Desktop\ZoneAlarm Security.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.08.27 17:08:52 | 000,000,683 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.08.27 12:21:02 | 000,000,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk

[2010.08.27 12:21:00 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2010.08.27 12:21:00 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2010.08.27 12:21:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2010.08.27 12:21:00 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2010.08.27 09:38:41 | 000,000,661 | ---- | C] () -- C:\Dokumente und Einstellungen\CH\Desktop\CCleaner.lnk

[2010.08.12 13:56:50 | 000,083,968 | ---- | C] () -- C:\Dokumente und Einstellungen\CH\Desktop\Sehr geehrter Herr Hampl.doc

[2010.08.04 13:19:21 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\CH\Desktop\ZoneAlarm Security.lnk

[2010.05.27 16:06:16 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\CH\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.03.22 10:21:53 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2010.02.03 14:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2010.01.24 19:26:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bdb.ini

[2010.01.24 18:16:57 | 000,001,354 | ---- | C] () -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\SAS7_000.DAT

[2010.01.21 02:23:24 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010.01.21 01:26:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2010.01.20 04:07:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

 
 ========== LOP Check ==========

 

[2010.01.21 01:16:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems

[2010.03.22 10:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited

[2010.04.17 13:58:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ

[2010.01.21 01:25:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2010.01.24 17:33:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuance

[2010.01.24 17:33:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft

[2010.08.27 12:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software

[2010.08.27 12:34:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp

[2010.01.24 17:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\ACD Systems

[2010.08.13 14:52:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Amazon

[2010.03.22 10:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Canneverbe Limited

[2010.04.17 18:48:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Canon Easy-WebPrint EX

[2010.05.22 14:00:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\CheckPoint

[2010.01.21 01:29:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\DAEMON Tools Lite

[2010.01.24 17:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Hansenet

[2010.01.24 20:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\InterTrust

[2010.01.24 17:35:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Nuance

[2010.01.24 19:05:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\OpenOffice.org

[2010.08.27 12:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Simply Super Software

[2010.01.20 05:19:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Windows Desktop Search

[2010.01.21 01:14:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Windows Search

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 212 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:F35A93AD

@Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:CB0AACC9

< End of report >

--- --- ---

wie kenner der materie vermutlich gleich merken, bin ich ein absoluter laie und hoffe auf geduldige hilfe. bin auf jeden fall sehr dankbar, dass es ein derartiges forum gibt.
grüße
hemp

hallo arne,

GMER hatte zunächst einen bluescreen zur Folge (habe mir Angaben notiert, falls dies relevant ist), beim 2. Mal hatt ich vergessen die Internetverbindung zu schließen zudem hat sich der Rechner aufgehängt, sodass ich keinen Neustart durchführen konnte. Letzteres ist auch beim 3. Mal passiert, jedoch konnte ich folgenden file speichern:

GMER Logfile:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-08-30 15:38:34

Windows 5.1.2600 Service Pack 3

Running: k1vh3rz2.exe; Driver: C:\DOKUME~1\CH\LOKALE~1\Temp\uxtdipoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            893AA530                                                                                                            ZwAlertResumeThread

SSDT            891A17C8                                                                                                            ZwAlertThread

SSDT            89666640                                                                                                            ZwAllocateVirtualMemory

SSDT            88C88220                                                                                                            ZwConnectPort

SSDT            BA758EEE                                                                                                            ZwCreateKey

SSDT            893D20D0                                                                                                            ZwCreateMutant

SSDT            BA758EE4                                                                                                            ZwCreateThread

SSDT            BA758EF3                                                                                                            ZwDeleteKey

SSDT            BA758EFD                                                                                                            ZwDeleteValueKey

SSDT            8919F9D0                                                                                                            ZwFreeVirtualMemory

SSDT            893F90A8                                                                                                            ZwImpersonateAnonymousToken

SSDT            894394C8                                                                                                            ZwImpersonateThread

SSDT            BA758F02                                                                                                            ZwLoadKey

SSDT            8940B3C8                                                                                                            ZwMapViewOfSection

SSDT            8947C0F0                                                                                                            ZwOpenEvent

SSDT            BA758ED0                                                                                                            ZwOpenProcess

SSDT            893FD208                                                                                                            ZwOpenProcessToken

SSDT            BA758ED5                                                                                                            ZwOpenThread

SSDT            8919F598                                                                                                            ZwOpenThreadToken

SSDT            8917B1A8                                                                                                            ZwQueryValueKey

SSDT            BA758F0C                                                                                                            ZwReplaceKey

SSDT            BA758F07                                                                                                            ZwRestoreKey

SSDT            894361A8                                                                                                            ZwResumeThread

SSDT            8919E228                                                                                                            ZwSetContextThread

SSDT            8919B788                                                                                                            ZwSetInformationProcess

SSDT            88F08060                                                                                                            ZwSetInformationThread

SSDT            BA758EF8                                                                                                            ZwSetValueKey

SSDT            89196888                                                                                                            ZwSuspendProcess

SSDT            896B8100                                                                                                            ZwSuspendThread

SSDT            893B9AB8                                                                                                            ZwTerminateProcess

SSDT            8918B8C0                                                                                                            ZwTerminateThread

SSDT            89186228                                                                                                            ZwUnmapViewOfSection

SSDT            89687560                                                                                                            ZwWriteVirtualMemory
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                            section is writeable [0xB48C0000, 0x231B17, 0xE8000020]

.text           C:\Programme\CyberLink\PowerDVD8\000.fcl                                                                            section is writeable [0x96360000, 0x2892, 0xE8000020]

.vmp2           C:\Programme\CyberLink\PowerDVD8\000.fcl                                                                            entry point in ".vmp2" section [0x96383050]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\WINDOWS\system32\SearchIndexer.exe[456] kernel32.dll!WriteFile                                                   7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] ntdll.dll!NtCreateThread                                         7C91D1AE 5 Bytes  CALL 00F30000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] ntdll.dll!NtProtectVirtualMemory                                 7C91D6EE 5 Bytes  CALL 00F10000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] kernel32.dll!ExitProcess                                         7C81CB12 5 Bytes  CALL 00F50000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!CommitUrlCacheEntryA                                 408C0F78 5 Bytes  CALL 01210000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!InternetReadFile                                     408C654B 5 Bytes  CALL 00F00000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!InternetCloseHandle                                  408C9088 5 Bytes  CALL 012D0000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!InternetQueryDataAvailable                           408CBF7F 5 Bytes  CALL 010F0000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!HttpAddRequestHeadersA                               408CCF46 5 Bytes  CALL 01250000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!HttpOpenRequestA                                     408CD508 5 Bytes  CALL 01290000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!InternetConnectA                                     408CDEAE 5 Bytes  CALL 010D0000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!HttpSendRequestW                                     408CFABE 5 Bytes  CALL 011F0000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!HttpOpenRequestW                                     408CFBFB 5 Bytes  CALL 012B0000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!HttpAddRequestHeadersW                               408CFE49 5 Bytes  CALL 01270000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!HttpSendRequestA                                     408DEE89 5 Bytes  CALL 01110000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!CommitUrlCacheEntryW                                 408E3085 5 Bytes  CALL 01230000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!InternetReadFileExW                                  408E3349 5 Bytes  CALL 010B0000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WININET.DLL!InternetReadFileExA                                  408E3381 5 Bytes  CALL 01090000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] ADVAPI32.dll!CryptDeriveKey                                      77DB9FFD 5 Bytes  CALL 01390000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] ADVAPI32.dll!CryptImportKey                                      77DBA1F1 5 Bytes  CALL 01350000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] ADVAPI32.dll!CryptGenKey                                         77DE1849 5 Bytes  CALL 01370000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] USER32.dll!PeekMessageW                                          7E36929B 5 Bytes  CALL 012F0000 

.text           C:\Programme\Alice Software\AliceEinwahl.exe[2136] WS2_32.dll!send                                                  71A14C27 5 Bytes  CALL 01310000 

.text           C:\WINDOWS\Explorer.EXE[3212] ntdll.dll!NtCreateThread                                                              7C91D1AE 5 Bytes  CALL 01F60000 

.text           C:\WINDOWS\Explorer.EXE[3212] ntdll.dll!NtProtectVirtualMemory                                                      7C91D6EE 5 Bytes  CALL 01F00000 

.text           C:\WINDOWS\Explorer.EXE[3212] kernel32.dll!ExitProcess                                                              7C81CB12 5 Bytes  CALL 01F80000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] ntdll.dll!NtCreateThread                               7C91D1AE 5 Bytes  CALL 00D70000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] ntdll.dll!NtProtectVirtualMemory                       7C91D6EE 5 Bytes  CALL 00D50000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] kernel32.dll!ExitProcess                               7C81CB12 5 Bytes  CALL 00D90000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] user32.dll!PeekMessageW                                7E36929B 5 Bytes  CALL 01020000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] ADVAPI32.dll!CryptDeriveKey                            77DB9FFD 5 Bytes  CALL 010C0000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] ADVAPI32.dll!CryptImportKey                            77DBA1F1 5 Bytes  CALL 01080000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] ADVAPI32.dll!CryptGenKey                               77DE1849 5 Bytes  CALL 010A0000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] ws2_32.dll!send                                        71A14C27 5 Bytes  CALL 01040000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!CommitUrlCacheEntryA                       408C0F78 5 Bytes  CALL 00F40000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!InternetReadFile                           408C654B 5 Bytes  CALL 00A30000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!InternetCloseHandle                        408C9088 5 Bytes  CALL 01000000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!InternetQueryDataAvailable                 408CBF7F 5 Bytes  CALL 00EE0000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!HttpAddRequestHeadersA                     408CCF46 5 Bytes  CALL 00F80000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!HttpOpenRequestA                           408CD508 5 Bytes  CALL 00FC0000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!InternetConnectA                           408CDEAE 5 Bytes  CALL 00E00000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!HttpSendRequestW                           408CFABE 5 Bytes  CALL 00F20000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!HttpOpenRequestW                           408CFBFB 5 Bytes  CALL 00FE0000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!HttpAddRequestHeadersW                     408CFE49 5 Bytes  CALL 00FA0000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!HttpSendRequestA                           408DEE89 5 Bytes  CALL 00F00000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!CommitUrlCacheEntryW                       408E3085 5 Bytes  CALL 00F60000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!InternetReadFileExW                        408E3349 5 Bytes  CALL 00DE0000 

.text           C:\Dokumente und Einstellungen\CH\Desktop\k1vh3rz2.exe[3840] wininet.dll!InternetReadFileExA                        408E3381 5 Bytes  CALL 00DC0000 
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                           SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                         SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
 

---- Threads - GMER 1.0.15 ----
 

Thread          AliceEinwahl.exe [2136:2140]                                                                                        00130000

Thread          k1vh3rz2.exe [3840:1988]                                                                                            00130000
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x8D 0x0C 0x5E 0x4C ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xDE 0xB8 0x8C 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xC6 0x32 0x05 0xD7 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x8D 0x0C 0x5E 0x4C ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xDE 0xB8 0x8C 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC6 0x32 0x05 0xD7 ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM ergab folgendes Logfile:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 16:13:05 on 30.08.2010
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.3
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"Mp3cnfg.cpl" - "Kristal Studio" - C:\WINDOWS\system32\Mp3cnfg.cpl

"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP2.CPL
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\CH\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"EraserUtilDrv10621" (EraserUtilDrv10621) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv10621.sys  (File not found)

"EraserUtilDrvI9" (EraserUtilDrvI9) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrvI9.sys  (File not found)

"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20100826.002\naveng.sys

"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20100826.002\navex15.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"Power Control [2010/01/21 00:36:59]" ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) - ? - C:\Programme\CyberLink\PowerDVD8\000.fcl

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"SAVRT" (SAVRT) - "Symantec Corporation" - C:\Programme\Symantec AntiVirus\savrt.sys

"SAVRTPEL" (SAVRTPEL) - "Symantec Corporation" - C:\Programme\Symantec AntiVirus\Savrtpel.sys

"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys

"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Programme\Symantec\SYMEVENT.SYS

"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMTDI.SYS

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll

{BDA77241-42F6-11d0-85E2-00AA001FE28C} "VpshellEx Class" - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\CH\Startmenü\Programme\Autostart\desktop.ini

"OpenOffice.org 3.1.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Corfor" - ? - C:\Dokumente und Einstellungen\CH\Anwendungsdaten\Adobe\Update\retcli.exe  (File found, but it contains no detailed information)

"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon

"CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon

"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"

"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"DNS7reminder" - "Nuance Communications, Inc." - "C:\Programme\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuance\NaturallySpeaking10\Ereg.ini

"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start

"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"

"TrojanScanner" - "Simply Super Software" - C:\Programme\Trojan Remover\Trjscan.exe /boot

"vptray" - "Symantec Corporation" - C:\PROGRA~1\SYMANT~1\VPTray.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared files\RichVideo.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

"NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"SAVRoam" (SavRoam) - "symantec" - C:\Programme\Symantec AntiVirus\SavRoam.exe

"Symantec AntiVirus" (Symantec AntiVirus) - "Symantec Corporation " - C:\Programme\Symantec AntiVirus\Rtvscan.exe

"Symantec AntiVirus Definition Watcher" (DefWatch) - "Symantec Corporation" - C:\Programme\Symantec AntiVirus\DefWatch.exe

"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

"Symantec Network Drivers Service" (SNDSrvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe

"Symantec SPBBCSvc" (SPBBCSvc) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"NavLogon" - "Symantec Corporation" - C:\WINDOWS\system32\NavLogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Bootkit remover hat sofort folgenden Text im schwarzen Fenster angezeigt:

System volume is \\.\C:\\.\C: -> \\.\ Physical Drive 0 at offset 0x00000000`00007e00 Boot sector MD5 is: 5ddc20efcc 4d1dab37c348c7db7289cf
Size: 931 GB
Device Name: \\.\ Physical Drive 0
MBR Status: Unknown boot code

Unknown boot code has been found on some of your physical disks: To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe <device_name>

im bootkitremover debug log txt editor steht:

.\debug.cpp(238) : Debug log started at 30.08.2010 - 14:28:40
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f78000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f67000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba0b8000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xba0c8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0d8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f48000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba5ac000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb9f22000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f0a000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xb9ec6000 0x00044000 "ahcix86.sys"
.\debug.cpp(256) : 0xb9eae000 0x00018000 "\WINDOWS\system32\drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba108000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9e8e000 0x00020000 "fltMgr.sys"
.\debug.cpp(256) : 0xb9e7c000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba118000 0x0000a000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb9e65000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9dd8000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9dab000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xb9d91000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba158000 0x0000d000 "\SystemRoot\system32\DRIVERS\AmdPPM.sys"
.\debug.cpp(256) : 0xb5d59000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xb2ffb000 0x00485000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys"
.\debug.cpp(256) : 0xb2fe7000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xb2fbf000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xba3f8000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xb2f9b000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba400000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xba168000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba178000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb2f78000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xb3fba000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xb3faa000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xba408000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0xb3f9a000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xb5d4d000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xb2f64000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xb3f8a000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xba410000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba418000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba705000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xb3f7a000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb5d49000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb2f4d000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xb3f6a000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xb3f5a000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba420000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb2f3c000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xb3f4a000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba428000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba430000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb2f0c000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xb3f3a000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5e4000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb2eae000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xba560000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xba228000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xa645d000 0x00390000 "\SystemRoot\system32\drivers\RtKHDMI.sys"
.\debug.cpp(256) : 0xa6423000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba2f8000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa5460000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xba5fc000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xa3187000 0x005cb000 "\SystemRoot\system32\drivers\RtkHDAud.sys"
.\debug.cpp(256) : 0xba440000 0x00005000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0x9f319000 0x00058000 "\??\C:\Programme\Symantec AntiVirus\savrt.sys"
.\debug.cpp(256) : 0x9f2f7000 0x00022000 "\??\C:\Programme\Symantec\SYMEVENT.SYS"
.\debug.cpp(256) : 0x9f2e3000 0x00014000 "\??\C:\Programme\Symantec AntiVirus\Savrtpel.sys"
.\debug.cpp(256) : 0xba64e000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba7bc000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba65c000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xa2c85000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba5b8000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba5be000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba3e0000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba438000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xba594000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x9d9e5000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0x9d98c000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0x9d951000 0x0003b000 "\SystemRoot\System32\Drivers\SYMTDI.SYS"
.\debug.cpp(256) : 0x9d92b000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0x9fe43000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x9d903000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x9fdb3000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0x9d8e1000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xba258000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xba458000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x9d87f000 0x00062000 "\??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys"
.\debug.cpp(256) : 0x9d854000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x9d7e4000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xa2535000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0x9d786000 0x0005e000 "\??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys"
.\debug.cpp(256) : 0x9d769000 0x0001d000 "\??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
.\debug.cpp(256) : 0x9d747000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xba652000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xba278000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb5d5d000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba480000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba6f2000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00056000 "\SystemRoot\System32\ati2dvag.dll"
.\debug.cpp(256) : 0xbf068000 0x00096000 "\SystemRoot\System32\ati2cqag.dll"
.\debug.cpp(256) : 0xbf0fe000 0x00099000 "\SystemRoot\System32\atikvmag.dll"
.\debug.cpp(256) : 0xbf197000 0x00060000 "\SystemRoot\System32\atiok3x2.dll"
.\debug.cpp(256) : 0xbf1f7000 0x00321000 "\SystemRoot\System32\ati3duag.dll"
.\debug.cpp(256) : 0xbf518000 0x001f6000 "\SystemRoot\System32\ativvaxx.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x9a00b000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xb2bf0000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x99eee000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xba62e000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0x99e24000 0x00052000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x99cb8000 0x0002c000 "\??\C:\Programme\CyberLink\PowerDVD8\000.fcl"
.\debug.cpp(256) : 0x997ce000 0x0014c000 "\??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20100826.002\navex15.sys"
.\debug.cpp(256) : 0x997ba000 0x00014000 "\??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20100826.002\naveng.sys"
.\debug.cpp(256) : 0x99665000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0x999b8000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0x99147000 0x0000a000 "\SystemRoot\System32\Drivers\SYMREDRV.SYS"
.\debug.cpp(256) : 0x98fae000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0x98b3b000 0x00023000 "\SystemRoot\system32\DRIVERS\Rtenicxp.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0ea69c28-056b-11df-94db-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&126b8476&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8024&SUBSYS_10001458&REV_00#4&cc5b14e&0&70A4#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_50041458&REV_00#3&61aaa01&0&92#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
.\debug.cpp(400) : Destination="\Device\SymEvent"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05e3&Pid_0605#5&13bfbfd5&0&3#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination="\Device\avgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#3&61aaa01&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{ABD8D4F6-71FF-406A-A4E1-53D212E0BDA3}"
.\debug.cpp(400) : Destination="\Device\{ABD8D4F6-71FF-406A-A4E1-53D212E0BDA3}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_WDC&Prod_WD1002FBYS-02A6B&Rev_03.0#4&2765364e&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\ahcix861Port2Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination="\Device\ParallelVdm0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#3&61aaa01&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&29d1e53&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02#4&36a73f9a&0&0050#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0023"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRom__JLMS_DVD-ROM_LTD-166S_________________DS08____#5&13942378&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_50041458&REV_00#3&61aaa01&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&78963dc&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BBDRVCHANNEL"
.\debug.cpp(400) : Destination="\Device\BBDrvDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCL{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}"
.\debug.cpp(400) : Destination="\Device\PCL{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) : Destination="\Device\NAVEX15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4399&SUBSYS_50041458&REV_00#3&61aaa01&0&A5#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-4120B_______________A102____#334b344347373547303920352020202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T1L0-c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&25568eaf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI10"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) : Destination="\Device\EraserCtrlDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0ea69c27-056b-11df-94db-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9D457EFE-EDDF-49B8-AE3C-BE885CFD0E8D}"
.\debug.cpp(400) : Destination="\Device\{9D457EFE-EDDF-49B8-AE3C-BE885CFD0E8D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{45D402E4-E23E-4867-9664-43539C5F9E7A}"
.\debug.cpp(400) : Destination="\Device\{45D402E4-E23E-4867-9664-43539C5F9E7A}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination="\Device\USBFDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature204C204COffset5D3634200LengthE30D504000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_50041458&REV_00#3&61aaa01&0&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination="\Device\USBFDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) : Destination="\Device\NAVENG"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_67#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000#5&3c41713&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRom__JLMS_DVD-ROM_LTD-166S_________________DS08____#5&13942378&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-4120B_______________A102____#334b344347373547303920352020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T1L0-c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&89d919a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination="\Device\ARP1394"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&61aaa01&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&126b8476&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{746DC708-755D-46F3-A7FF-AD2FF369CA13}"
.\debug.cpp(400) : Destination="\Device\{746DC708-755D-46F3-A7FF-AD2FF369CA13}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9610&SUBSYS_D0001458&REV_00#4&1fca042a&0&2808#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3735426b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_50041458&REV_00#3&61aaa01&0&91#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_67#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2163b286&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&126b8476&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{ED107A55-4DA0-4B4A-B9AF-4453E7162CA9}"
.\debug.cpp(400) : Destination="\Device\{ED107A55-4DA0-4B4A-B9AF-4453E7162CA9}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RealTekCard"
.\debug.cpp(400) : Destination="\Device\RealTekCard"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AA5B4D85-618B-4864-A86A-A8A9E0640C43}"
.\debug.cpp(400) : Destination="\Device\{AA5B4D85-618B-4864-A86A-A8A9E0640C43}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&2c514809&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EA9B310C-4BAC-4BC9-8442-A7B176894C61}"
.\debug.cpp(400) : Destination="\Device\{EA9B310C-4BAC-4BC9-8442-A7B176894C61}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SAVRT"
.\debug.cpp(400) : Destination="\Device\SAVRT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&362114ad&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0ea69c2a-056b-11df-94db-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature204C204COffset7E00Length5D3624600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_50041458&REV_00#3&61aaa01&0&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11010"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&126b8476&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI"
.\debug.cpp(400) : Destination="\Device\SymTDI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{99F58666-C0D9-40FB-AF09-AE176CA85E35}"
.\debug.cpp(400) : Destination="\Device\{99F58666-C0D9-40FB-AF09-AE176CA85E35}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{da996546-056a-11df-b554-001fd08db06f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&371082c9&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\FloppyPDO0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SAVRTPEL"
.\debug.cpp(400) : Destination="\Device\SAVRTPEL"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0ea69c26-056b-11df-94db-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-4120B_______________A102____#334b344347373547303920352020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T1L0-c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4391&SUBSYS_B0021458&REV_00#3&61aaa01&0&88#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_50041458&REV_00#3&61aaa01&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Scsi\ahcix861"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#1fd0764c27#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000063"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination="\Device\DmControl\DmInfo"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&126b8476&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination="\Device\avipbb"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 931 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1217) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1220) :
.\boot_cleaner.cpp(1242) : Done;

ich hoffe, du kannst damit etwas anfangen. kenn mich ,ja wie bereits gesagt, überhaupts nicht aus.
herzlichen dank für deine Mühen
Hemp