Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Musik im Hintergrund (https://www.trojaner-board.de/88952-musik-hintergrund.html)

Dwza 31.07.2010 16:52
Musik im Hintergrund
 
habe das gleiche Problem wie es hier:
http://www.trojaner-board.de/88827-m...-trojaner.html

vor ein paar tagen schon mal besprochen wurde nur funktioniert dieses mbr ding bei nicht so ganz.
und mittlerweile muss ich sagen nervt die musik echt. vor allem wenn man mal nen film schauen will und man nichts mehr hört weils einfach zu laut ist.

wenn ich den mbrcheck mache dann komm folgendes log:
Zitat:
MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

\\.\G: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Error reading raw MBR!





Done! Press ENTER to exit...
was kann ich jetzt noch machen ? :)

habe neusten Avira drauf, mehrmals gescannt aber der findet nichts.

cosinus 31.07.2010 19:44
Zitat:
465 GB \\.\PhysicalDrive0 Error reading raw MBR!
Welches Betriebssystem hast du?

Dwza 31.07.2010 20:15
Ich verwende Windows 7 Professional

cosinus 31.07.2010 20:49
Dann musst Du - wie in der Anleitung angegeben (!) - den MBR-Checker per Rechtsklick als Admin ausführen!

Dwza 01.08.2010 16:42
ich hatte es als Administrator gestartet. Auch der versuch es in irgendeinem kompatibilitätsmodus zu starten blieb erfolglos.

Die einzige änderung beim komp.modus ist wenn ich es auf windows me stelle, dann sagt er mir eben noch dass das betriebssystem nicht unterstützt wird.

Dwza 01.08.2010 19:27
hier hab ich auch schon mal das osam logfile.

Zitat:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:17:05 on 01.08.2010

OS: Windows 7 (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - ? - C:\Windows\system32\bdeadmin.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ajy0tbu2" (ajy0tbu2) - "Microsoft Corporation" - C:\Windows\system32\drivers\ajy0tbu2.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"VirtualBox Guest Mouse Service" (VBoxMouse) - "Sun Microsystems, Inc." - C:\Windows\System32\DRIVERS\VBoxMouse.sys
"VirtualBox Shared Folders" (VBoxSF) - "Sun Microsystems, Inc." - C:\Windows\System32\drivers\VBoxSF.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\NAMEEXT.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
{4A85DBE0-BFB2-4119-8401-186A7C6EB653} "{4A85DBE0-BFB2-4119-8401-186A7C6EB653}" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MJSS.ocx / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{95188727-288F-4581-A48D-EAB3BD027314} "Zend Studio Toolbar" - ? - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "Zend Studio" - ? - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Stardock ObjectDock.lnk" - "Stardock" - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AmIcoSinglun" - "AlcorMicro Co., Ltd." - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
"ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe
"ATKOSD2" - "ASUS" - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HControlUser" - "ASUS" - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
"KeePass 2 PreLoad" - "Dominik Reichl" - "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"VirtualBox Shared Folders" - "Sun Microsystems, Inc." - C:\Windows\system32\VBoxMRXNP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - C:\xampp\apache\bin\httpd.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MySQL" (MySQL) - ? - C:\xampp\mysql\bin\mysqld.exe (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files\WinPcap\rpcapd.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"VirtualBox Guest Additions Service" (VBoxService) - "Sun Microsystems, Inc." - C:\Windows\System32\VBoxService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
ich habe mal die einträge die auch farbig markiert sind hier mit markiert.

und hier noch der log aus GMER

Zitat:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-01 21:14:15
Windows 6.1.7600
Running: td4r2u6b.exe; Driver: C:\Users\Dwza\AppData\Local\Temp\kxrdapow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83037AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83037104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830373F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301F634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830371DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83037958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830376F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83037F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830381A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C50599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C74F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spne.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 91FA0CA0 5 Bytes JMP 86CC71D8
.text ajy0tbu2.SYS 98A2E000 12 Bytes [44, 28, 02, 83, EE, 26, 02, ...] {INC ESP; SUB [EDX], AL; SUB ESI, 0x26; ADD AL, [EBX-0x7cfdf860]}
.text ajy0tbu2.SYS 98A2E00D 9 Bytes [07, 02, 83, 48, 2B, 02, 83, ...] {POP ES; ADD AL, [EBX-0x7cfdd4b8]; ADD [EAX], AL}
.text ajy0tbu2.SYS 98A2E017 170 Bytes [00, DE, B7, 51, 8C, E6, B5, ...]
.text ajy0tbu2.SYS 98A2E0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ajy0tbu2.SYS 98A2E0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys 9EC3BC9D 28 Bytes [5E, 13, 50, BE, 3C, 7A, 1A, ...]
.text peauth.sys 9EC3BCC1 28 Bytes [5E, 13, 50, BE, 3C, 7A, 1A, ...]
PAGE peauth.sys 9EC41E20 101 Bytes [66, 70, CE, 6A, 74, 0F, 9A, ...]
PAGE peauth.sys 9EC4202C 102 Bytes [01, FA, 47, D7, AF, 04, 63, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!CreateWindowExW 75F60E51 5 Bytes JMP 69FF8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!DialogBoxIndirectParamW 75F84AA7 5 Bytes JMP 6A11F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!DialogBoxParamW 75F8564A 5 Bytes JMP 69F14BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!DialogBoxParamA 75F9CF6A 5 Bytes JMP 6A11F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!DialogBoxIndirectParamA 75F9D29C 5 Bytes JMP 6A11F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!MessageBoxIndirectA 75FAE8C9 5 Bytes JMP 6A11F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!MessageBoxIndirectW 75FAE9C3 5 Bytes JMP 6A11F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!MessageBoxExA 75FAEA29 5 Bytes JMP 6A11F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!MessageBoxExW 75FAEA4D 5 Bytes JMP 6A11F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4836] ntdll.dll!LdrLoadDll 774AF625 5 Bytes JMP 002D13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!UnhookWindowsHookEx 75F5CC7B 5 Bytes JMP 6A00835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!CallNextHookEx 75F5CC8F 5 Bytes JMP 69FE9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!CreateWindowExW 75F60E51 5 Bytes JMP 69FF8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!SetWindowsHookExW 75F6210A 5 Bytes JMP 69FA4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!DialogBoxIndirectParamW 75F84AA7 5 Bytes JMP 6A11F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!DialogBoxParamW 75F8564A 5 Bytes JMP 69F14BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!DialogBoxParamA 75F9CF6A 5 Bytes JMP 6A11F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!DialogBoxIndirectParamA 75F9D29C 5 Bytes JMP 6A11F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!MessageBoxIndirectA 75FAE8C9 5 Bytes JMP 6A11F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!MessageBoxIndirectW 75FAE9C3 5 Bytes JMP 6A11F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!MessageBoxExA 75FAEA29 5 Bytes JMP 6A11F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!MessageBoxExW 75FAEA4D 5 Bytes JMP 6A11F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] ole32.dll!OleLoadFromStream 772F5B88 5 Bytes JMP 6A11F946 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] ole32.dll!CoCreateInstance 773457FC 5 Bytes JMP 69FF8C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!UnhookWindowsHookEx 75F5CC7B 5 Bytes JMP 6A00835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!CallNextHookEx 75F5CC8F 5 Bytes JMP 69FE9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!CreateWindowExW 75F60E51 5 Bytes JMP 69FF8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!SetWindowsHookExW 75F6210A 5 Bytes JMP 69FA4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxIndirectParamW 75F84AA7 5 Bytes JMP 6A11F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxParamW 75F8564A 5 Bytes JMP 69F14BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxParamA 75F9CF6A 5 Bytes JMP 6A11F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxIndirectParamA 75F9D29C 5 Bytes JMP 6A11F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxIndirectA 75FAE8C9 5 Bytes JMP 6A11F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxIndirectW 75FAE9C3 5 Bytes JMP 6A11F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxExA 75FAEA29 5 Bytes JMP 6A11F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxExW 75FAEA4D 5 Bytes JMP 6A11F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] ole32.dll!OleLoadFromStream 772F5B88 5 Bytes JMP 6A11F946 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] ole32.dll!CoCreateInstance 773457FC 5 Bytes JMP 69FF8C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6020] USER32.dll!TrackPopupMenu 75F84B3B 5 Bytes JMP 6143721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8C41F042] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8C41F6D6] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8C41F800] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8C41F13E] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [735C2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [735A5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [735A56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [735C250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [735B8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [735B4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [735B50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [735B51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [735B66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [735B82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [735B8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [735B907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [735BE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [735B4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [735C2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [735A5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [735A56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [735C250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [735B8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [735B4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [735B50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [735B51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [735B66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [735B82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [735B8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [735B907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [735BE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [735B4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8590A1F8
Device \FileSystem\fastfat \FatCdrom 86D1F500
Device \Driver\volmgr \Device\VolMgrControl 859041F8
Device \Driver\usbohci \Device\USBPDO-0 86CC81F8
Device \Driver\sptd \Device\477626816 spne.sys
Device \Driver\usbehci \Device\USBPDO-1 86CC91F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DAF254EE-0E6B-4913-AAB9-116639E7921A} 86C421F8
Device \Driver\usbohci \Device\USBPDO-2 86CC81F8
Device \Driver\usbehci \Device\USBPDO-3 86CC91F8
Device \Driver\PCI_PNP4816 \Device\00000061 spne.sys
Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{FBBB2132-F956-46BA-9779-CFF8874409A5} 86C421F8
Device \Driver\volmgr \Device\HarddiskVolume1 859041F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 859041F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86BAF1F8
Device \Driver\volmgr \Device\HarddiskVolume3 859041F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 86BAF1F8
Device \Driver\nvstor32 \Device\00000074 859081F8
Device \Driver\nvstor32 \Device\00000075 859081F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86C421F8
Device \Driver\nvstor32 \Device\RaidPort0 859081F8
Device \Driver\usbohci \Device\USBFDO-0 86CC81F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EA45D462-5023-44F3-8B37-6533983ED8B3} 86C421F8
Device \Driver\usbehci \Device\USBFDO-1 86CC91F8
Device \Driver\usbohci \Device\USBFDO-2 86CC81F8
Device \Driver\usbehci \Device\USBFDO-3 86CC91F8
Device \Driver\ajy0tbu2 \Device\Scsi\ajy0tbu21 86EB31F8
Device \Driver\ajy0tbu2 \Device\Scsi\ajy0tbu21Port1Path0Target0Lun0 86EB31F8
Device \FileSystem\fastfat \Fat 86D1F500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 4352
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 5196
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 5348
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 5540

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x57 0x05 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x6B 0x96 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5B 0x99 0x09 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEF 0x62 0x29 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x57 0x05 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x6B 0x96 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5B 0x99 0x09 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEF 0x62 0x29 0xF7 ...
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3680118436\Groups@\xbb\xa2??q\x2019š 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3680118436\Groups@\xbbg?gslsš 0

Dwza 01.08.2010 22:10
dann hab ich auch jetzt hier noch Malwarebytes' Anti-Malware 1.46 scan durchgeführt... aber auch keinen erfolg dabei gehabt... bin sehr ratlos!

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4378

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.08.2010 22:58:46
mbam-log-2010-08-01 (22-58-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 313083
Laufzeit: 1 Stunde(n), 22 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
was auch komisch war... vor ein paar tagen hab ich meinen pc starten wollen aber er ging nicht mehr an. auch nach mehrmaligem versuch ihn neu zu starten, kein erfolg. habs bestimmt 20 mal versucht. ich habe meine w7 cd nicht mehr gefunden... weil ich eigentlich fixmbr machen wollte....
habe dann ne xp cd gefunden und diese eingelegt weil ich eigentlich von dieser starten wollte um einfach in das menü wegen der wiederherstellungskonsole zu kommen. als ich die cd eingelegt hatte, hat es 1 min gedaurt und dann hat er einfach wieder mein w7 gebootet. hat mir nicht mal die option gegeben von cd zu starten. obwohl es im bios so eingestellt ist. nun startet er wieder normal aber ich habe dennoch das gefühl das mein mbr nen schlag weg hat weil man sieht ja oben im log vom mbrchecker das da irgendwas nicht stimmt.

Dwza 02.08.2010 21:58
kann mir keiner helfen ?

cosinus 03.08.2010 12:27
Bitte nicht drängeln. Bin z.Zt. eingespannt und kann morgen wieder antworten.

Dwza 03.08.2010 17:42
ok :) sorry ^^

Dwza 04.08.2010 21:21
Irgendwie finde ich es schade , es gibt einnige hier mit dem gleichen Problem und denen wird geholfen und ich sitze auf dem Abstellgleis... sorry aber es macht mich neidisch wenn ich sehe wie schnell anderen geholfen wird.( die Natur des Menschen) *heule*

cosinus 05.08.2010 16:05
Dann probiers mal so:

Bitte den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.

Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Dwza 05.08.2010 19:57
also hab ich gemacht... der scan ging nur ein paar millisekunden. hoffe das es auch nur so lange sein muss.
hier das log was er mir erstellt hat
Code:
.\debug.cpp(238) : Debug log started at 05.08.2010 - 18:55:28
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows 7  (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82c05000 0x00410000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x83015000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80bc4000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x83220000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x83298000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x832a9000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x832b1000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x832f3000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8c40d000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8c47e000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8c48c000 0x000f3000 "\SystemRoot\System32\Drivers\spva.sys"
.\debug.cpp(256) : 0x8c57f000 0x00009000 "\SystemRoot\System32\Drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x8c588000 0x00026000 "\SystemRoot\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0x8c5ae000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x8c5f6000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x8c400000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x8339e000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x833c8000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x833d9000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x833e1000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x833ec000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x8c60a000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8c655000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8c66b000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x8c674000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x8c697000 0x0000a000 "\SystemRoot\system32\DRIVERS\msahci.sys"
.\debug.cpp(256) : 0x8c6a1000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8c6af000 0x00037000 "\SystemRoot\system32\DRIVERS\nvstor32.sys"
.\debug.cpp(256) : 0x8c6e6000 0x00047000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x8c72d000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x8c736000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8c76a000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8c808000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8c937000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8c962000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8c975000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x8c9d2000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8c9e0000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8ca18000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8cacf000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8cb0d000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8cc2a000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8cd73000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8cda4000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x8cdad000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x8cdec000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8cb32000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8cc00000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8cc10000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8cb5f000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8cc18000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8cb91000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8c77b000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8ca11000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8c9e9000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8c9f0000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8c79a000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8c7bb000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8c800000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8c7c8000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8c7d0000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x8c7d8000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8c7e3000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x83200000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8c7f1000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x91e19000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x91e73000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x91ea5000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x91eac000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x91ecb000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x91edc000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x91f19000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x91f2c000 0x00009000 "\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys"
.\debug.cpp(256) : 0x91f35000 0x0001d000 "\SystemRoot\system32\DRIVERS\VBoxDrv.sys"
.\debug.cpp(256) : 0x91f52000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x91f62000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x91f68000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x91fa9000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x91fb3000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x91fbd000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x91603000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x91667000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x9167f000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x9168d000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0x916af000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0x916b1000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x916d2000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x916e4000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x916fc000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x91709000 0x0001b000 "\SystemRoot\system32\DRIVERS\ETD.sys"
.\debug.cpp(256) : 0x91724000 0x00009000 "\SystemRoot\system32\DRIVERS\VBoxMouse.sys"
.\debug.cpp(256) : 0x9172d000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x9173a000 0x00009000 "\SystemRoot\system32\DRIVERS\nvsmu.sys"
.\debug.cpp(256) : 0x91743000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x9174d000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x91798000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x917a7000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x917c6000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x92c39000 0x00afa000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
.\debug.cpp(256) : 0x93733000 0x00002000 "\SystemRoot\system32\DRIVERS\nvBridge.kmd"
.\debug.cpp(256) : 0x93735000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x92c00000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x917cc000 0x00025000 "\SystemRoot\system32\DRIVERS\Rt86win7.sys"
.\debug.cpp(256) : 0x9261a000 0x0012d000 "\SystemRoot\system32\DRIVERS\athr.sys"
.\debug.cpp(256) : 0x92747000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x92751000 0x00039000 "\SystemRoot\System32\Drivers\afahscnz.SYS"
.\debug.cpp(256) : 0x9278a000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0x92793000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x92797000 0x00008000 "\SystemRoot\system32\DRIVERS\ATKACPI.sys"
.\debug.cpp(256) : 0x9279f000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x927ac000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x927be000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x927d6000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x91fc9000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x927e1000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x92600000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x91e00000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x91eea000 0x00017000 "\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys"
.\debug.cpp(256) : 0x937ec000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x93e16000 0x0001a000 "\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys"
.\debug.cpp(256) : 0x93e30000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x93e32000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x93e66000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x93e74000 0x0002a000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x93e9e000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x93ee2000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x93ef3000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x93f43000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x93f72000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x93f8b000 0x00013000 "\SystemRoot\system32\drivers\nvhda32v.sys"
.\debug.cpp(256) : 0x9ab40000 0x0024a000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x93f9e000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x93fa8000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x93fb5000 0x0000a000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"
.\debug.cpp(256) : 0x93fbf000 0x00037000 "\SystemRoot\System32\Drivers\dump_nvstor32.sys"
.\debug.cpp(256) : 0x93e00000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x91f01000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x93e11000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x81e07000 0x001ae000 "\SystemRoot\system32\DRIVERS\snp2uvc.sys"
.\debug.cpp(256) : 0x81fb5000 0x0000e000 "\SystemRoot\system32\DRIVERS\STREAM.SYS"
.\debug.cpp(256) : 0x81fc3000 0x00007000 "\SystemRoot\system32\DRIVERS\sncduvc.SYS"
.\debug.cpp(256) : 0x81fca000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x9ada0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x9add0000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x81fd5000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x91feb000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0x8cbb6000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x81ff0000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x98c14000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x98c5a000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x98c6a000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x98c7d000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x98d02000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x98d1b000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x98d2d000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x98d50000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x98d8b000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x98dbe000 0x0000f000 "\SystemRoot\system32\drivers\npf.sys"
.\debug.cpp(256) : 0x9de3a000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x9ded1000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x9dedb000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x9defc000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x9df09000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x9df5a000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x9dfad000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x9dfb8000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x9dfcb000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x9dfd2000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xad66a000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0x76ee0000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x475e0000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77120000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00ab0000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x10000000 0x0022d000 "\Program Files\DAEMON Tools Lite\Engine.dll"
.\debug.cpp(256) : 0x770d0000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x76e00000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(256) : 0x77050000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x76db0000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x76ce0000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x76ba0000 0x00135000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x77030000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x76ad0000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x76930000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x76910000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x76870000 0x000a0000 "\Windows\System32\advapi32.dll"
.\debug.cpp(256) : 0x76840000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x767b0000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x765b0000 0x001f9000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x76550000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x764f0000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x77020000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x764e0000 0x00005000 "\Windows\System32\psapi.dll"
.\debug.cpp(256) : 0x76430000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x76330000 0x000f4000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x76320000 0x00006000 "\Windows\System32\nsi.dll"
.\debug.cpp(256) : 0x76270000 0x000a1000 "\Windows\System32\rpcrt4.dll"
.\debug.cpp(256) : 0x76110000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x76070000 0x0009d000 "\Windows\System32\usp10.dll"
.\debug.cpp(256) : 0x75fe0000 0x00083000 "\Windows\System32\clbcatq.dll"
.\debug.cpp(256) : 0x75f90000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x75340000 0x00c49000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x75330000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x752a0000 0x00084000 "\Windows\System32\comctl32.dll"
.\debug.cpp(256) : 0x75280000 0x00012000 "\Windows\System32\devobj.dll"
.\debug.cpp(256) : 0x75250000 0x0002d000 "\Windows\System32\wintrust.dll"
.\debug.cpp(256) : 0x75130000 0x0011c000 "\Windows\System32\crypt32.dll"
.\debug.cpp(256) : 0x75100000 0x00027000 "\Windows\System32\cfgmgr32.dll"
.\debug.cpp(256) : 0x750b0000 0x0004a000 "\Windows\System32\KernelBase.dll"
.\debug.cpp(256) : 0x750a0000 0x0000c000 "\Windows\System32\msasn1.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :              Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanBh"
.\debug.cpp(400) :              Destination="\Device\NPF_NdisWanBh"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) :              Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d7f7bce&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#4&3335f3d6&0&00B0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :              Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) :              Destination="\Device\AgileVPN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{522EB546-CFD0-46DF-841A-ACD904E69F5D}"
.\debug.cpp(400) :              Destination="\Device\NDMP20"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :              Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116&MI_00#6&23871ea2&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{EA45D462-5023-44F3-8B37-6533983ED8B3}"
.\debug.cpp(400) :              Destination="\Device\NPF_{EA45D462-5023-44F3-8B37-6533983ED8B3}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{01C21647-D87C-4597-977E-CB66BE5067B6}"
.\debug.cpp(400) :              Destination="\Device\NDMP3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :              Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AB9&SUBSYS_1D171043&REV_B1#3&267a616a&0&58#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0432a195-0b6d-11df-a2c3-90e6ba0f8336}"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) :              Destination="\Device\ATKACPI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{4AF8FEBD-F5C3-476D-88A2-EB2748CCF485}"
.\debug.cpp(400) :              Destination="\Device\NPF_{4AF8FEBD-F5C3-476D-88A2-EB2748CCF485}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2a062092&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000069"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :              Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&ace7d69&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) :              Destination="\Device\avgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) :              Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) :              Destination="\Device\ProcessManagement"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :              Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) :              Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{D944D3C4-F77E-4B82-B79B-0D96376B07B0}"
.\debug.cpp(400) :              Destination="\Device\NPF_{D944D3C4-F77E-4B82-B79B-0D96376B07B0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{7EE62A88-76DB-4120-BEB7-0B989D99F3D2}"
.\debug.cpp(400) :              Destination="\Device\NPF_{7EE62A88-76DB-4120-BEB7-0B989D99F3D2}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) :              Destination="\Device\Video5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) :              Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) :              Destination="\Device\SPDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :              Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{B43A5A77-EFD7-4A66-8B97-BDDBC7C935D0}"
.\debug.cpp(400) :              Destination="\Device\NPF_{B43A5A77-EFD7-4A66-8B97-BDDBC7C935D0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanIpv6"
.\debug.cpp(400) :              Destination="\Device\NPF_NdisWanIpv6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA9&SUBSYS_1D171043&REV_B1#3&267a616a&0&31#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) :              Destination="\Device\TeredoTun"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) :              Destination="\Device\PEAuth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{C6E1F540-7B39-4FDB-8AD0-BAAC12F76C4D}"
.\debug.cpp(400) :              Destination="\Device\NPF_{C6E1F540-7B39-4FDB-8AD0-BAAC12F76C4D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) :              Destination="\Device\NPF_{E28D896F-9EA8-433A-9C10-66C97C19A921}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :              Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) :              Destination="\Device\vwififlt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_ST950032&Prod_5AS#4&2889a776&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
.\debug.cpp(400) :              Destination="\Device\NDMP23"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{633E5986-5E90-4C27-A4F8-523389EAADF1}"
.\debug.cpp(400) :              Destination="\Device\NPF_{633E5986-5E90-4C27-A4F8-523389EAADF1}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxNetFlt"
.\debug.cpp(400) :              Destination="\Device\VBoxNetFlt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :              Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :              Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) :              Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0c220ecd-ee70-11de-b4b7-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :              Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) :              Destination="\Device\NDMP17"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{77DB83D7-3C6F-4945-A113-F1366913928E}"
.\debug.cpp(400) :              Destination="\Device\NDMP8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :              Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6D464834-60D0-489C-90D2-65F9C68B6046}"
.\debug.cpp(400) :              Destination="\Device\NDMP22"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :              Destination="\Device\00000082"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :              Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) :              Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{73bc5944-ed9f-11de-88aa-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :              Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{FBBB2132-F956-46BA-9779-CFF8874409A5}"
.\debug.cpp(400) :              Destination="\Device\NPF_{FBBB2132-F956-46BA-9779-CFF8874409A5}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :              Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :              Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{0c220ec0-ee70-11de-b4b7-806e6f6e6963}#0000003D2628F200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{0c220ec0-ee70-11de-b4b7-806e6f6e6963}#0000000000007E00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) :              Destination="\Device\IPSECDOSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116&MI_00#6&23871ea2&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :              Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D944D3C4-F77E-4B82-B79B-0D96376B07B0}"
.\debug.cpp(400) :              Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NvAdminDevice"
.\debug.cpp(400) :              Destination="\Device\NvAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :              Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DAF254EE-0E6B-4913-AAB9-116639E7921A}"
.\debug.cpp(400) :              Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4AF8FEBD-F5C3-476D-88A2-EB2748CCF485}"
.\debug.cpp(400) :              Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{01C21647-D87C-4597-977E-CB66BE5067B6}"
.\debug.cpp(400) :              Destination="\Device\NPF_{01C21647-D87C-4597-977E-CB66BE5067B6}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{64FD6A92-DAC5-408A-B323-81055B0FC764}"
.\debug.cpp(400) :              Destination="\Device\NPF_{64FD6A92-DAC5-408A-B323-81055B0FC764}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :              Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_01#4&1184cc98&0&00A8#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxUSBMon"
.\debug.cpp(400) :              Destination="\Device\VBoxUSBMon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) :              Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00E#6&5bcf65e&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\00000085"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GT10N#4&2889a776&0&010100#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000075"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00E#6&5bcf65e&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000085"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C00E#5&237753d&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) :              Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
.\debug.cpp(400) :              Destination="\Device\NPF_{E2F8A220-AF88-446C-9A55-453E58DD3A33}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) :              Destination="\Device\00000066"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{ABBE29E9-F55B-49AD-9E1E-E7FB0F37D449}"
.\debug.cpp(400) :              Destination="\Device\NPF_{ABBE29E9-F55B-49AD-9E1E-E7FB0F37D449}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LGD01DD#5&12b9f7fb&0&UID33554704#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) :              Destination="\Device\00000082"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPA000#4&5d18f2df&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA7&SUBSYS_1D171043&REV_B1#3&267a616a&0&30#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{80EA241B-D56F-4143-ABD7-ACAFA911A8F4}"
.\debug.cpp(400) :              Destination="\Device\NPF_{80EA241B-D56F-4143-ABD7-ACAFA911A8F4}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#4&3335f3d6&0&00B0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ETD"
.\debug.cpp(400) :              Destination="\Device\ETD"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) :              Destination="\Device\nativewifip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0653&SUBSYS_202D1043&REV_A1#4&6d1634d&0&0060#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1a65ddc9&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) :              Destination="\Device\NDMP18"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{73bc5945-ed9f-11de-88aa-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{522EB546-CFD0-46DF-841A-ACD904E69F5D}"
.\debug.cpp(400) :              Destination="\Device\NPF_{522EB546-CFD0-46DF-841A-ACD904E69F5D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) :              Destination="\Device\NPF_{483C9FF8-503D-414B-B402-E4C1F1F568CB}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :              Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) :              Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) :              Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Intel(R)_Core(TM)2_Duo_CPU_____T6500__@_2.10GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000057"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA6&SUBSYS_1D171043&REV_B1#3&267a616a&0&21#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :              Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) :              Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0653&SUBSYS_202D1043&REV_A1#4&6d1634d&0&0060#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) :              Destination="\Device\NPF_{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) :              Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) :              Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{ABBE29E9-F55B-49AD-9E1E-E7FB0F37D449}"
.\debug.cpp(400) :              Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{8a66bc63-97e2-11df-8891-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) :              Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) :              Destination="\Device\WwanProt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :              Destination="\Device\NDMP14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{0c220ec0-ee70-11de-b4b7-806e6f6e6963}#00000002EE1AF400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) :              Destination="\Device\ASYNCMAC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ETD0001#4&2a062092&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000006a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :              Destination="\Device\RaidPort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) :              Destination="\Device\WANARPV6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\00000084"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{80EA241B-D56F-4143-ABD7-ACAFA911A8F4}"
.\debug.cpp(400) :              Destination="\Device\NDMP21"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Intel(R)_Core(TM)2_Duo_CPU_____T6500__@_2.10GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA5&SUBSYS_1D171043&REV_B1#3&267a616a&0&20#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{2f3e4dc3-3dd9-47ea-8aa4-8155ec2c643e}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxNetAdp"
.\debug.cpp(400) :              Destination="\Device\VBoxNetAdp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EA45D462-5023-44F3-8B37-6533983ED8B3}"
.\debug.cpp(400) :              Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ONMNOLC&Prod_6Z8HAVGP&Rev_1.03#5&36e5972&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\afahscnz1Port1Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :              Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) :              Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116#CN1316-S30B-MI033-VS-R03.02.04#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :              Destination="\Device\Scsi\afahscnz1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FBBB2132-F956-46BA-9779-CFF8874409A5}"
.\debug.cpp(400) :              Destination="\Device\NDMP19"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) :              Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{633E5986-5E90-4C27-A4F8-523389EAADF1}"
.\debug.cpp(400) :              Destination="\Device\NDMP7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_01#4&1184cc98&0&00A8#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) :              Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LGD01DD#5&12b9f7fb&0&UID33554704#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) :              Destination="\Device\00000082"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&338a96ac&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#4&3335f3d6&0&00B0#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanIp"
.\debug.cpp(400) :              Destination="\Device\NPF_NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) :              Destination="\Device\NPF_{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ONMNOLC&Prod_6Z8HAVGP&Rev_1.03#5&36e5972&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\afahscnz1Port1Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) :              Destination="\Device\NDMP16"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) :              Destination="\Device\NDMP15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :              Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :              Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GT10N#4&2889a776&0&010100#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000075"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :              Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) :              Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :              Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :              Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA3&SUBSYS_1D171043&REV_B1#3&267a616a&0&1D#{8ad261ed-6aec-4b95-b844-552766d76ef9}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B43A5A77-EFD7-4A66-8B97-BDDBC7C935D0}"
.\debug.cpp(400) :              Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxDrv"
.\debug.cpp(400) :              Destination="\Device\VBoxDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) :              Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) :              Destination="\Device\00000066"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{D37D6C3F-20C4-4912-A475-0AD1DC0A645B}"
.\debug.cpp(400) :              Destination="\Device\NPF_{D37D6C3F-20C4-4912-A475-0AD1DC0A645B}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) :              Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) :              Destination="\Device\avipbb"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{77DB83D7-3C6F-4945-A113-F1366913928E}"
.\debug.cpp(400) :              Destination="\Device\NPF_{77DB83D7-3C6F-4945-A113-F1366913928E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{DAF254EE-0E6B-4913-AAB9-116639E7921A}"
.\debug.cpp(400) :              Destination="\Device\NPF_{DAF254EE-0E6B-4913-AAB9-116639E7921A}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) :              Destination="\Device\NPF_{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116&MI_00#6&23871ea2&0&0000#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"
.\debug.cpp(400) :              Destination="\Device\00000080"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 2e060ce1d43e9295787d38be56932990
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1153) :  --------------------------------------------
.\boot_cleaner.cpp(1197) :    465 GB  \\.\PhysicalDrive0  Unknown boot code
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1217) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1220) :
.\boot_cleaner.cpp(1242) : Done;

cosinus 05.08.2010 21:01
Hast Du für den Fall der Fälle eine Win7-DVD zur Hand? Wäre wichtig!


Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:
Code:
remover.exe fix \\.\PhysicalDrive0

Dwza 05.08.2010 22:15
jetzt hab ich hier falsch editiert.... unten ncohmal die zusammenfassung als jemand anderes hier mitliest


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:16 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55