Internet zu langsam etc

cosinus · 22.08.2010, 17:47

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Jon31 · 30.08.2010, 16:56

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-30 17:53:44
Windows 5.1.2600 Service Pack 3, v.3311
Running: d7xibpnh.exe; Driver: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kxdyrfog.sys


---- System - GMER 1.0.15 ----

SSDT            ECB2467E                                  ZwCreateKey
SSDT            ECB24674                                  ZwCreateThread
SSDT            ECB24683                                  ZwDeleteKey
SSDT            ECB2468D                                  ZwDeleteValueKey
SSDT            ECB24692                                  ZwLoadKey
SSDT            ECB24660                                  ZwOpenProcess
SSDT            ECB24665                                  ZwOpenThread
SSDT            ECB2469C                                  ZwReplaceKey
SSDT            ECB24697                                  ZwRestoreKey
SSDT            ECB24688                                  ZwSetValueKey
SSDT            ECB2466F                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys  section is writeable [0xF5F63360, 0x1D22FD, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

Jon31 · 30.08.2010, 17:28

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:25:21 on 30.08.2010

OS: Windows XP Home Edition Service Pack 3, v.3311 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"prefscpl.cpl" - "RealNetworks, Inc." - C:\WINDOWS\system32\prefscpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASCTRM" (ASCTRM) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\ASCTRM.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"kxdyrfog" (kxdyrfog) - ? - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kxdyrfog.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"PC Camera" (PAC7302) - "PixArt Imaging Inc." - C:\WINDOWS\System32\DRIVERS\PAC7302.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - hxxp://cdn.chickipedia.com/www/images/1/14/SexKitten-35--large-msg-118977595188_896.jpg  (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - ? -   (File not found | COM-object registry key not found)
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - ? -   (File not found | COM-object registry key not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "wlmailhtml" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "Malware Defense extension" - ? -   (File not found | COM-object registry key not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - ? -   (File not found | COM-object registry key not found)
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Autoplay Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Editor Drop Target" - ? -   (File not found | COM-object registry key not found)
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Viewer Drop Target" - ? -   (File not found | COM-object registry key not found)
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{00F33137-EE26-412F-8D71-F84E4C2C6625} "{00F33137-EE26-412F-8D71-F84E4C2C6625}" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{BA162249-F2C5-4851-8ADC-FC58CB424243} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1216791357
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.1" - "ICQ, LLC." - C:\Programme\ICQ7.1\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? -   (File not found | COM-object registry key not found)
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} "{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}" - ? -   (File not found | COM-object registry key not found)
{AA58ED58-01DD-4d91-8333-CF10577473F7} "{AA58ED58-01DD-4d91-8333-CF10577473F7}" - ? -   (File not found | COM-object registry key not found)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" - ? -   (File not found | COM-object registry key not found)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Gamma Loader.exe.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk  (Shortcut exists | File not found)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"MobMapUpdater" - ? - "C:\Programme\World of Warcraft\Interface\AddOns\MobMapUpdater\MobMapUpdater.exe" --silent  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"nTrayFw" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"PAC7302_Monitor" - "PixArt Imaging Incorporation" - C:\WINDOWS\PixArt\PAC7302\Monitor.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"RealTray" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SW20" - ? - C:\WINDOWS\system32\sw20.exe
"SW24" - ? - C:\WINDOWS\system32\sw24.exe  (File found, but it contains no detailed information)
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor iP1700" - "CANON INC." - C:\WINDOWS\system32\CNMLM7W.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Akamai NetSession Interface" (Akamai) - ? - c:\programme\gemeinsame dateien\akamai\rswin_3745.dll  (File found, but it contains no detailed information)
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"ForceWare Intelligent Application Manager (IAM)" (ForceWare Intelligent Application Manager (IAM)) - ? - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
"ForceWare IP service" (nSvcIp) - "NVIDIA" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
"ForceWare user log service" (nSvcLog) - "NVIDIA" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
"Forceware Web Interface" (ForcewareWebInterface) - "Apache Software Foundation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
"Google Software Updater" (gusvc) - ? - "C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe"  (File not found)
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"NVIDIA App Filter" - "NVIDIA" - C:\WINDOWS\system32\nvappfilter.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Jon31 · 06.09.2010, 21:43

Noch wer da =)? Sorry das das ab und an solange dauert bin oft unterwegs im Ausland. Lg Jon

cosinus · 06.09.2010, 21:45

Ich warte aufs Log vom Bottkit Remover!

Jon31 · 08.09.2010, 22:38

Huch achso, mein Fehler sry =D.... wie ungeschickt

Jon31 · 08.09.2010, 22:42

.\debug.cpp(238) : Debug log started at 08.09.2010 - 21:41:32
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Home Edition Service Pack 3, v.3311 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x001f8f00 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806d0000 0x00020300 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7b10000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf7a20000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf74e0000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xf7b12000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf74cf000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf7610000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf7bd8000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf7890000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf7620000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf74b0000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf7898000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf7630000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xf7498000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf7482000 0x00016000 "nvatabus.sys"
.\debug.cpp(256) : 0xf7640000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf7650000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf7462000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf7450000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf7439000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf7426000 0x00013000 "WudfPf.sys"
.\debug.cpp(256) : 0xf7399000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf736c000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf78a0000 0x00005000 "nvcchflt.sys"
.\debug.cpp(256) : 0xf7352000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf7800000 0x0000a000 "\SystemRoot\system32\DRIVERS\processr.sys"
.\debug.cpp(256) : 0xf78f0000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xf6732000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf78f8000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf635a000 0x003d8000 "\SystemRoot\system32\drivers\ALCXWDM.SYS"
.\debug.cpp(256) : 0xf6336000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf7810000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xf6313000 0x00023000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0xf7820000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf7830000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf7b08000 0x00004000 "\SystemRoot\system32\DRIVERS\nvnetbus.sys"
.\debug.cpp(256) : 0xf62d3000 0x00040000 "\SystemRoot\system32\DRIVERS\NVNRM.SYS"
.\debug.cpp(256) : 0xf62a0000 0x00033000 "\SystemRoot\system32\DRIVERS\NVSNPU.SYS"
.\debug.cpp(256) : 0xf5fac000 0x002f4000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xf5f98000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf7900000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0xf7840000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xf7b0c000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xf5f84000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf7ce5000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf7850000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf7a94000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf5f6d000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf7860000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf7870000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf7908000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf5f5c000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf7880000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf7910000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf7918000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf7680000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf7920000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf7928000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf7b3e000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf5f03000 0x00059000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf7220000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf7690000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf7b40000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf77c0000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf77d0000 0x00009000 "\SystemRoot\system32\DRIVERS\NVENETFD.sys"
.\debug.cpp(256) : 0xf79d8000 0x00005000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0xf7b80000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf7c92000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf7b82000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf78e8000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xf4444000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf7b84000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf7b86000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xf443c000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xf4434000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xf7ae4000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xf0f07000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xf0eae000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xf0e86000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xf7aec000 0x00003000 "\SystemRoot\System32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0xf0e64000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf43ac000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xf442c000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xf0e39000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xf0dc9000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf438c000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xf0da3000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xf437c000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xf533a000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xf436c000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xf5336000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xf3d7d000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xed774000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xef61c000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xee782000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xed06d000 0x00016000 "\SystemRoot\System32\Drivers\dump_nvatabus.sys"
.\debug.cpp(256) : 0xef073000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c3000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xee664000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xeeae6000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf9c3000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xed8c1000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf9d5000 0x003ac000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xebff8000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xf3d89000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xeb753000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xeb716000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xf070c000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xeb5b2000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0xed5c5000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xed5c3000 0x00002000 "\SystemRoot\System32\Drivers\ASCTRM.SYS"
.\debug.cpp(256) : 0xeb3f8000 0x00052000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xed550000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0x90d03000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c910000 0x000b6000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c315#6&1ced1880&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000006c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&4d9328&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_005B&SUBSYS_1B511019&REV_A3#3&2411e6fe&0&11#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EA600F07-58BA-4E25-89F5-29063EECFBAA}"
.\debug.cpp(400) : Destination "\Device\{EA600F07-58BA-4E25-89F5-29063EECFBAA}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination "\Device\avgio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHITACHI_DVD-ROM_GD-7500_________________0006____#4&1482033c&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{3e4af7b8-0416-11dd-b631-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_04f3&Pid_0210#6&2319064a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c315#5&183185a3&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&362047d8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHITACHI_DVD-ROM_GD-7500_________________0006____#4&1482033c&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{aca97458-0415-11dd-a493-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0057&SUBSYS_1B511019&REV_A3#3&2411e6fe&0&50#{c4f6eed3-1c5e-4f43-a768-83ecba42fcc1}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_005A&SUBSYS_1B511019&REV_A2#3&2411e6fe&0&10#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#1#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_1B511019&REV_A2#3&2411e6fe&0&20#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E9178ADA-5EC1-42A0-9A85-7A77B2EFBD68}"
.\debug.cpp(400) : Destination "\Device\{E9178ADA-5EC1-42A0-9A85-7A77B2EFBD68}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_1B511019&REV_A2#3&2411e6fe&0&20#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_1B511019&REV_A2#3&2411e6fe&0&20#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASCTRM"
.\debug.cpp(400) : Destination "\Device\ASCTRM"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_1B511019&REV_A2#3&2411e6fe&0&20#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{be699382-1d35-11d7-ba35-00142a7d9322}"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination "\Device\ssmctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1a3e09be-1e45-494b-9174-d7385b45bbf5}#NVNET_DEV0057#4&31de8c1b&0&01#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF1BCC58COffset7E00Length991DA0C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskMaxtor_6K040L0__________________________NAR61HA0#314B393239374746202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0140&SUBSYS_00000000&REV_A2#4&243d7bd0&0&0070#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1A72724F-18AE-4815-BFB2-8EE773F51714}"
.\debug.cpp(400) : Destination "\Device\{1A72724F-18AE-4815-BFB2-8EE773F51714}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\NvAta0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_04f3&Pid_0210#6&2319064a&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{3e4af7b9-0416-11dd-b631-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\NvAta1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{85338BC6-3F57-4A85-BC7D-15F91F294E7E}"
.\debug.cpp(400) : Destination "\Device\{85338BC6-3F57-4A85-BC7D-15F91F294E7E}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMIDA_40XB_______________________________FA16____#4&1482033c&0&1.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000063"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_47#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{802DADAF-4C34-48FF-9AC0-3634BA4D6285}"
.\debug.cpp(400) : Destination "\Device\{802DADAF-4C34-48FF-9AC0-3634BA4D6285}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8AA0A224-F5EA-4D52-9908-3C4B3C80BE39}"
.\debug.cpp(400) : Destination "\Device\{8AA0A224-F5EA-4D52-9908-3C4B3C80BE39}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\NvAta2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{59A82BE1-83E7-4D0C-B0D6-F8A91DE25B17}"
.\debug.cpp(400) : Destination "\Device\{59A82BE1-83E7-4D0C-B0D6-F8A91DE25B17}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04f3&Pid_0210#5&183185a3&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&35fb2ad7&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMIDA_40XB_______________________________FA16____#4&1482033c&0&1.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000063"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination "\Device\avipbb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c315#6&1ced1880&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000006c"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 38 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;

cosinus · 08.09.2010, 22:58

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Jon31 · 09.09.2010, 13:23

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3, v.3311 (build 2600)
Logical Drives Mask: 0x0000002d

Kernel Drivers (total 117):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7B10000 \WINDOWS\system32\KDCOM.DLL
0xF7A20000 \WINDOWS\system32\BOOTVID.dll
0xF74E0000 ACPI.sys
0xF7B12000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74CF000 pci.sys
0xF7610000 isapnp.sys
0xF7BD8000 pciide.sys
0xF7890000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7620000 MountMgr.sys
0xF74B0000 ftdisk.sys
0xF7898000 PartMgr.sys
0xF7630000 VolSnap.sys
0xF7498000 atapi.sys
0xF7482000 nvatabus.sys
0xF7640000 disk.sys
0xF7650000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7462000 fltmgr.sys
0xF7450000 sr.sys
0xF7439000 KSecDD.sys
0xF7426000 WudfPf.sys
0xF7399000 Ntfs.sys
0xF736C000 NDIS.sys
0xF78A0000 nvcchflt.sys
0xF7352000 Mup.sys
0xF7830000 \SystemRoot\system32\DRIVERS\processr.sys
0xF78E8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF683C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78F0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6464000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6440000 \SystemRoot\system32\drivers\portcls.sys
0xF7840000 \SystemRoot\system32\drivers\drmk.sys
0xF641D000 \SystemRoot\system32\drivers\ks.sys
0xF7850000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7860000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7B0C000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF63DD000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF63AA000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF60B6000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF60A2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78F8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7870000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A94000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF608E000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7CD8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7880000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF732E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6077000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7680000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7690000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7900000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6066000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7908000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7910000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76B0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7918000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7920000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B3C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF600D000 \SystemRoot\system32\DRIVERS\update.sys
0xF7326000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B3E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7800000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF79D0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7B7C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C89000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B7E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF456D000 \SystemRoot\System32\drivers\vga.sys
0xF7B80000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B82000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF4565000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF455D000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AE8000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF1067000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF100E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF0FE6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7AF0000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF0FC4000 \SystemRoot\System32\drivers\afd.sys
0xF4495000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF4555000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF0F99000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF0F29000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF4475000 \SystemRoot\System32\Drivers\Fips.SYS
0xF0F03000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF4465000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF5444000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF6A47000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF5440000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF3EB0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF0767000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xEF8DE000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xEE7DF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEB11B000 \SystemRoot\System32\Drivers\dump_nvatabus.sys
0xEF8D4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEE970000 \SystemRoot\System32\drivers\Dxapi.sys
0xEECF7000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xEDC71000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEB0A6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF6880000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEBAA7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEBA92000 \SystemRoot\system32\drivers\wdmaud.sys
0xF091C000 \SystemRoot\system32\drivers\sysaudio.sys
0xEB92E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEF360000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEF35E000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xEB774000 \SystemRoot\system32\DRIVERS\srv.sys
0xED46F000 \SystemRoot\System32\Drivers\HTTP.sys
0xEBB5D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
540 C:\WINDOWS\system32\smss.exe
604 csrss.exe
628 C:\WINDOWS\system32\winlogon.exe
672 C:\WINDOWS\system32\services.exe
684 C:\WINDOWS\system32\lsass.exe
848 C:\WINDOWS\system32\svchost.exe
908 svchost.exe
1008 C:\WINDOWS\system32\svchost.exe
1044 C:\WINDOWS\system32\svchost.exe
1196 svchost.exe
1360 svchost.exe
1460 C:\WINDOWS\explorer.exe
1580 C:\WINDOWS\system32\spoolsv.exe
1628 C:\Programme\Avira\AntiVir Desktop\sched.exe
1864 C:\WINDOWS\system32\rundll32.exe
1872 C:\WINDOWS\soundman.exe
1880 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
1888 C:\Programme\QuickTime\QTTask.exe
1896 C:\Programme\Real\RealPlayer\realplay.exe
1904 C:\Programme\SweetIM\Messenger\SweetIM.exe
1912 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
1920 C:\WINDOWS\PixArt\PAC7302\Monitor.exe
1928 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
1936 C:\Programme\World of Warcraft\Interface\AddOns\MobMapUpdater\MobMapUpdater.exe
1944 C:\WINDOWS\system32\ctfmon.exe
364 C:\WINDOWS\system32\svchost.exe
376 C:\Programme\Avira\AntiVir Desktop\avguard.exe
392 C:\Programme\Bonjour\mDNSResponder.exe
436 C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
256 C:\Programme\ICQ6Toolbar\ICQ Service.exe
588 C:\Programme\Java\jre6\bin\jqs.exe
892 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
1088 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
1192 C:\WINDOWS\system32\nvsvc32.exe
1288 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1216 C:\WINDOWS\system32\svchost.exe
1752 C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
1816 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
3484 C:\WINDOWS\system32\wscntfy.exe
3636 alg.exe
4044 C:\Programme\ICQ7.1\ICQ.exe
3212 C:\Programme\Mozilla Firefox\firefox.exe
3520 C:\Programme\Mozilla Firefox\plugin-container.exe
3908 wmiprvse.exe
3156 C:\Dokumente und Einstellungen\Besitzer\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: Maxtor6K040L0, Rev: NAR61HA0

Size Device Name MBR Status
--------------------------------------------
38 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

cosinus · 09.09.2010, 13:24

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

06.09.2010, 21:45	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Internet zu langsam etc Ich warte aufs Log vom Bottkit Remover! __________________ Logfiles bitte immer in CODE-Tags posten

09.09.2010, 13:24	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Internet zu langsam etc Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Internet zu langsam etc

Log-Analyse und Auswertung: Internet zu langsam etc