Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Musik im Hintergrund (https://www.trojaner-board.de/88952-musik-hintergrund.html)

Dwza 31.07.2010 16:52

Musik im Hintergrund
 
habe das gleiche Problem wie es hier:
http://www.trojaner-board.de/88827-m...-trojaner.html

vor ein paar tagen schon mal besprochen wurde nur funktioniert dieses mbr ding bei nicht so ganz.
und mittlerweile muss ich sagen nervt die musik echt. vor allem wenn man mal nen film schauen will und man nichts mehr hört weils einfach zu laut ist.

wenn ich den mbrcheck mache dann komm folgendes log:
Zitat:

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

\\.\G: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Error reading raw MBR!





Done! Press ENTER to exit...

was kann ich jetzt noch machen ? :)

habe neusten Avira drauf, mehrmals gescannt aber der findet nichts.

cosinus 31.07.2010 19:44

Zitat:

465 GB \\.\PhysicalDrive0 Error reading raw MBR!
Welches Betriebssystem hast du?

Dwza 31.07.2010 20:15

Ich verwende Windows 7 Professional

cosinus 31.07.2010 20:49

Dann musst Du - wie in der Anleitung angegeben (!) - den MBR-Checker per Rechtsklick als Admin ausführen!

Dwza 01.08.2010 16:42

ich hatte es als Administrator gestartet. Auch der versuch es in irgendeinem kompatibilitätsmodus zu starten blieb erfolglos.

Die einzige änderung beim komp.modus ist wenn ich es auf windows me stelle, dann sagt er mir eben noch dass das betriebssystem nicht unterstützt wird.

Dwza 01.08.2010 19:27

hier hab ich auch schon mal das osam logfile.

Zitat:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:17:05 on 01.08.2010

OS: Windows 7 (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - ? - C:\Windows\system32\bdeadmin.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ajy0tbu2" (ajy0tbu2) - "Microsoft Corporation" - C:\Windows\system32\drivers\ajy0tbu2.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"VirtualBox Guest Mouse Service" (VBoxMouse) - "Sun Microsystems, Inc." - C:\Windows\System32\DRIVERS\VBoxMouse.sys
"VirtualBox Shared Folders" (VBoxSF) - "Sun Microsystems, Inc." - C:\Windows\System32\drivers\VBoxSF.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\NAMEEXT.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
{4A85DBE0-BFB2-4119-8401-186A7C6EB653} "{4A85DBE0-BFB2-4119-8401-186A7C6EB653}" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MJSS.ocx / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{95188727-288F-4581-A48D-EAB3BD027314} "Zend Studio Toolbar" - ? - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "Zend Studio" - ? - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Stardock ObjectDock.lnk" - "Stardock" - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AmIcoSinglun" - "AlcorMicro Co., Ltd." - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
"ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe
"ATKOSD2" - "ASUS" - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HControlUser" - "ASUS" - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
"KeePass 2 PreLoad" - "Dominik Reichl" - "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"VirtualBox Shared Folders" - "Sun Microsystems, Inc." - C:\Windows\system32\VBoxMRXNP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - C:\xampp\apache\bin\httpd.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MySQL" (MySQL) - ? - C:\xampp\mysql\bin\mysqld.exe (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files\WinPcap\rpcapd.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"VirtualBox Guest Additions Service" (VBoxService) - "Sun Microsystems, Inc." - C:\Windows\System32\VBoxService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
ich habe mal die einträge die auch farbig markiert sind hier mit markiert.

und hier noch der log aus GMER

Zitat:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-01 21:14:15
Windows 6.1.7600
Running: td4r2u6b.exe; Driver: C:\Users\Dwza\AppData\Local\Temp\kxrdapow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83037AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83037104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830373F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301F634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830371DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83037958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830376F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83037F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830381A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C50599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C74F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spne.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 91FA0CA0 5 Bytes JMP 86CC71D8
.text ajy0tbu2.SYS 98A2E000 12 Bytes [44, 28, 02, 83, EE, 26, 02, ...] {INC ESP; SUB [EDX], AL; SUB ESI, 0x26; ADD AL, [EBX-0x7cfdf860]}
.text ajy0tbu2.SYS 98A2E00D 9 Bytes [07, 02, 83, 48, 2B, 02, 83, ...] {POP ES; ADD AL, [EBX-0x7cfdd4b8]; ADD [EAX], AL}
.text ajy0tbu2.SYS 98A2E017 170 Bytes [00, DE, B7, 51, 8C, E6, B5, ...]
.text ajy0tbu2.SYS 98A2E0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ajy0tbu2.SYS 98A2E0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys 9EC3BC9D 28 Bytes [5E, 13, 50, BE, 3C, 7A, 1A, ...]
.text peauth.sys 9EC3BCC1 28 Bytes [5E, 13, 50, BE, 3C, 7A, 1A, ...]
PAGE peauth.sys 9EC41E20 101 Bytes [66, 70, CE, 6A, 74, 0F, 9A, ...]
PAGE peauth.sys 9EC4202C 102 Bytes [01, FA, 47, D7, AF, 04, 63, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!CreateWindowExW 75F60E51 5 Bytes JMP 69FF8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!DialogBoxIndirectParamW 75F84AA7 5 Bytes JMP 6A11F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!DialogBoxParamW 75F8564A 5 Bytes JMP 69F14BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!DialogBoxParamA 75F9CF6A 5 Bytes JMP 6A11F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!DialogBoxIndirectParamA 75F9D29C 5 Bytes JMP 6A11F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!MessageBoxIndirectA 75FAE8C9 5 Bytes JMP 6A11F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!MessageBoxIndirectW 75FAE9C3 5 Bytes JMP 6A11F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!MessageBoxExA 75FAEA29 5 Bytes JMP 6A11F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4352] USER32.dll!MessageBoxExW 75FAEA4D 5 Bytes JMP 6A11F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4836] ntdll.dll!LdrLoadDll 774AF625 5 Bytes JMP 002D13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!UnhookWindowsHookEx 75F5CC7B 5 Bytes JMP 6A00835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!CallNextHookEx 75F5CC8F 5 Bytes JMP 69FE9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!CreateWindowExW 75F60E51 5 Bytes JMP 69FF8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!SetWindowsHookExW 75F6210A 5 Bytes JMP 69FA4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!DialogBoxIndirectParamW 75F84AA7 5 Bytes JMP 6A11F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!DialogBoxParamW 75F8564A 5 Bytes JMP 69F14BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!DialogBoxParamA 75F9CF6A 5 Bytes JMP 6A11F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!DialogBoxIndirectParamA 75F9D29C 5 Bytes JMP 6A11F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!MessageBoxIndirectA 75FAE8C9 5 Bytes JMP 6A11F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!MessageBoxIndirectW 75FAE9C3 5 Bytes JMP 6A11F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!MessageBoxExA 75FAEA29 5 Bytes JMP 6A11F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] USER32.dll!MessageBoxExW 75FAEA4D 5 Bytes JMP 6A11F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] ole32.dll!OleLoadFromStream 772F5B88 5 Bytes JMP 6A11F946 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5348] ole32.dll!CoCreateInstance 773457FC 5 Bytes JMP 69FF8C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!UnhookWindowsHookEx 75F5CC7B 5 Bytes JMP 6A00835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!CallNextHookEx 75F5CC8F 5 Bytes JMP 69FE9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!CreateWindowExW 75F60E51 5 Bytes JMP 69FF8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!SetWindowsHookExW 75F6210A 5 Bytes JMP 69FA4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxIndirectParamW 75F84AA7 5 Bytes JMP 6A11F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxParamW 75F8564A 5 Bytes JMP 69F14BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxParamA 75F9CF6A 5 Bytes JMP 6A11F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!DialogBoxIndirectParamA 75F9D29C 5 Bytes JMP 6A11F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxIndirectA 75FAE8C9 5 Bytes JMP 6A11F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxIndirectW 75FAE9C3 5 Bytes JMP 6A11F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxExA 75FAEA29 5 Bytes JMP 6A11F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] USER32.dll!MessageBoxExW 75FAEA4D 5 Bytes JMP 6A11F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] ole32.dll!OleLoadFromStream 772F5B88 5 Bytes JMP 6A11F946 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5540] ole32.dll!CoCreateInstance 773457FC 5 Bytes JMP 69FF8C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6020] USER32.dll!TrackPopupMenu 75F84B3B 5 Bytes JMP 6143721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8C41F042] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8C41F6D6] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8C41F800] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8C41F13E] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\ajy0tbu2.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2040] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [754F5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [735C2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [735A5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [735A56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [735C250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [735B8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [735B4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [735B50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [735B51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [735B66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [735B82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [735B8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [735B907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [735BE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [735B4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [735C2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [735A5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [735A56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [735C250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [735B8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [735B4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [735B50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [735B51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [735B66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [735B82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [735B8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [735B907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [735BE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5516] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [735B4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8590A1F8
Device \FileSystem\fastfat \FatCdrom 86D1F500
Device \Driver\volmgr \Device\VolMgrControl 859041F8
Device \Driver\usbohci \Device\USBPDO-0 86CC81F8
Device \Driver\sptd \Device\477626816 spne.sys
Device \Driver\usbehci \Device\USBPDO-1 86CC91F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DAF254EE-0E6B-4913-AAB9-116639E7921A} 86C421F8
Device \Driver\usbohci \Device\USBPDO-2 86CC81F8
Device \Driver\usbehci \Device\USBPDO-3 86CC91F8
Device \Driver\PCI_PNP4816 \Device\00000061 spne.sys
Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{FBBB2132-F956-46BA-9779-CFF8874409A5} 86C421F8
Device \Driver\volmgr \Device\HarddiskVolume1 859041F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 859041F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86BAF1F8
Device \Driver\volmgr \Device\HarddiskVolume3 859041F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 86BAF1F8
Device \Driver\nvstor32 \Device\00000074 859081F8
Device \Driver\nvstor32 \Device\00000075 859081F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86C421F8
Device \Driver\nvstor32 \Device\RaidPort0 859081F8
Device \Driver\usbohci \Device\USBFDO-0 86CC81F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EA45D462-5023-44F3-8B37-6533983ED8B3} 86C421F8
Device \Driver\usbehci \Device\USBFDO-1 86CC91F8
Device \Driver\usbohci \Device\USBFDO-2 86CC81F8
Device \Driver\usbehci \Device\USBFDO-3 86CC91F8
Device \Driver\ajy0tbu2 \Device\Scsi\ajy0tbu21 86EB31F8
Device \Driver\ajy0tbu2 \Device\Scsi\ajy0tbu21Port1Path0Target0Lun0 86EB31F8
Device \FileSystem\fastfat \Fat 86D1F500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 4352
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 5196
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 5348
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 5540

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x57 0x05 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x6B 0x96 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5B 0x99 0x09 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEF 0x62 0x29 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x57 0x05 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x6B 0x96 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5B 0x99 0x09 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEF 0x62 0x29 0xF7 ...
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3680118436\Groups@\xbb\xa2??q\x2019š 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3680118436\Groups@\xbbg?gslsš 0


Dwza 01.08.2010 22:10

dann hab ich auch jetzt hier noch Malwarebytes' Anti-Malware 1.46 scan durchgeführt... aber auch keinen erfolg dabei gehabt... bin sehr ratlos!

Code:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4378

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.08.2010 22:58:46
mbam-log-2010-08-01 (22-58-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 313083
Laufzeit: 1 Stunde(n), 22 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

was auch komisch war... vor ein paar tagen hab ich meinen pc starten wollen aber er ging nicht mehr an. auch nach mehrmaligem versuch ihn neu zu starten, kein erfolg. habs bestimmt 20 mal versucht. ich habe meine w7 cd nicht mehr gefunden... weil ich eigentlich fixmbr machen wollte....
habe dann ne xp cd gefunden und diese eingelegt weil ich eigentlich von dieser starten wollte um einfach in das menü wegen der wiederherstellungskonsole zu kommen. als ich die cd eingelegt hatte, hat es 1 min gedaurt und dann hat er einfach wieder mein w7 gebootet. hat mir nicht mal die option gegeben von cd zu starten. obwohl es im bios so eingestellt ist. nun startet er wieder normal aber ich habe dennoch das gefühl das mein mbr nen schlag weg hat weil man sieht ja oben im log vom mbrchecker das da irgendwas nicht stimmt.

Dwza 02.08.2010 21:58

kann mir keiner helfen ?

cosinus 03.08.2010 12:27

Bitte nicht drängeln. Bin z.Zt. eingespannt und kann morgen wieder antworten.

Dwza 03.08.2010 17:42

ok :) sorry ^^

Dwza 04.08.2010 21:21

Irgendwie finde ich es schade , es gibt einnige hier mit dem gleichen Problem und denen wird geholfen und ich sitze auf dem Abstellgleis... sorry aber es macht mich neidisch wenn ich sehe wie schnell anderen geholfen wird.( die Natur des Menschen) *heule*

cosinus 05.08.2010 16:05

Dann probiers mal so:

Bitte den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.

Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Dwza 05.08.2010 19:57

also hab ich gemacht... der scan ging nur ein paar millisekunden. hoffe das es auch nur so lange sein muss.
hier das log was er mir erstellt hat
Code:

.\debug.cpp(238) : Debug log started at 05.08.2010 - 18:55:28
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows 7  (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82c05000 0x00410000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x83015000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80bc4000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x83220000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x83298000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x832a9000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x832b1000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x832f3000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8c40d000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8c47e000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8c48c000 0x000f3000 "\SystemRoot\System32\Drivers\spva.sys"
.\debug.cpp(256) : 0x8c57f000 0x00009000 "\SystemRoot\System32\Drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x8c588000 0x00026000 "\SystemRoot\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0x8c5ae000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x8c5f6000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x8c400000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x8339e000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x833c8000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x833d9000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x833e1000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x833ec000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x8c60a000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8c655000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8c66b000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x8c674000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x8c697000 0x0000a000 "\SystemRoot\system32\DRIVERS\msahci.sys"
.\debug.cpp(256) : 0x8c6a1000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8c6af000 0x00037000 "\SystemRoot\system32\DRIVERS\nvstor32.sys"
.\debug.cpp(256) : 0x8c6e6000 0x00047000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x8c72d000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x8c736000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8c76a000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8c808000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8c937000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8c962000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8c975000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x8c9d2000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8c9e0000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8ca18000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8cacf000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8cb0d000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8cc2a000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8cd73000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8cda4000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x8cdad000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x8cdec000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8cb32000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8cc00000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8cc10000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8cb5f000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8cc18000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8cb91000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8c77b000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8ca11000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8c9e9000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8c9f0000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8c79a000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8c7bb000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8c800000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8c7c8000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8c7d0000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x8c7d8000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8c7e3000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x83200000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8c7f1000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x91e19000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x91e73000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x91ea5000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x91eac000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x91ecb000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x91edc000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x91f19000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x91f2c000 0x00009000 "\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys"
.\debug.cpp(256) : 0x91f35000 0x0001d000 "\SystemRoot\system32\DRIVERS\VBoxDrv.sys"
.\debug.cpp(256) : 0x91f52000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x91f62000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x91f68000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x91fa9000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x91fb3000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x91fbd000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x91603000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x91667000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x9167f000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x9168d000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0x916af000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0x916b1000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x916d2000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x916e4000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x916fc000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x91709000 0x0001b000 "\SystemRoot\system32\DRIVERS\ETD.sys"
.\debug.cpp(256) : 0x91724000 0x00009000 "\SystemRoot\system32\DRIVERS\VBoxMouse.sys"
.\debug.cpp(256) : 0x9172d000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x9173a000 0x00009000 "\SystemRoot\system32\DRIVERS\nvsmu.sys"
.\debug.cpp(256) : 0x91743000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x9174d000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x91798000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x917a7000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x917c6000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x92c39000 0x00afa000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
.\debug.cpp(256) : 0x93733000 0x00002000 "\SystemRoot\system32\DRIVERS\nvBridge.kmd"
.\debug.cpp(256) : 0x93735000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x92c00000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x917cc000 0x00025000 "\SystemRoot\system32\DRIVERS\Rt86win7.sys"
.\debug.cpp(256) : 0x9261a000 0x0012d000 "\SystemRoot\system32\DRIVERS\athr.sys"
.\debug.cpp(256) : 0x92747000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x92751000 0x00039000 "\SystemRoot\System32\Drivers\afahscnz.SYS"
.\debug.cpp(256) : 0x9278a000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0x92793000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x92797000 0x00008000 "\SystemRoot\system32\DRIVERS\ATKACPI.sys"
.\debug.cpp(256) : 0x9279f000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x927ac000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x927be000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x927d6000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x91fc9000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x927e1000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x92600000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x91e00000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x91eea000 0x00017000 "\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys"
.\debug.cpp(256) : 0x937ec000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x93e16000 0x0001a000 "\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys"
.\debug.cpp(256) : 0x93e30000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x93e32000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x93e66000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x93e74000 0x0002a000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x93e9e000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x93ee2000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x93ef3000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x93f43000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x93f72000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x93f8b000 0x00013000 "\SystemRoot\system32\drivers\nvhda32v.sys"
.\debug.cpp(256) : 0x9ab40000 0x0024a000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x93f9e000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x93fa8000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x93fb5000 0x0000a000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"
.\debug.cpp(256) : 0x93fbf000 0x00037000 "\SystemRoot\System32\Drivers\dump_nvstor32.sys"
.\debug.cpp(256) : 0x93e00000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x91f01000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x93e11000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x81e07000 0x001ae000 "\SystemRoot\system32\DRIVERS\snp2uvc.sys"
.\debug.cpp(256) : 0x81fb5000 0x0000e000 "\SystemRoot\system32\DRIVERS\STREAM.SYS"
.\debug.cpp(256) : 0x81fc3000 0x00007000 "\SystemRoot\system32\DRIVERS\sncduvc.SYS"
.\debug.cpp(256) : 0x81fca000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x9ada0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x9add0000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x81fd5000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x91feb000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0x8cbb6000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x81ff0000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x98c14000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x98c5a000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x98c6a000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x98c7d000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x98d02000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x98d1b000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x98d2d000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x98d50000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x98d8b000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x98dbe000 0x0000f000 "\SystemRoot\system32\drivers\npf.sys"
.\debug.cpp(256) : 0x9de3a000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x9ded1000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x9dedb000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x9defc000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x9df09000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x9df5a000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x9dfad000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x9dfb8000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x9dfcb000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x9dfd2000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xad66a000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0x76ee0000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x475e0000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77120000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00ab0000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x10000000 0x0022d000 "\Program Files\DAEMON Tools Lite\Engine.dll"
.\debug.cpp(256) : 0x770d0000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x76e00000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(256) : 0x77050000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x76db0000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x76ce0000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x76ba0000 0x00135000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x77030000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x76ad0000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x76930000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x76910000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x76870000 0x000a0000 "\Windows\System32\advapi32.dll"
.\debug.cpp(256) : 0x76840000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x767b0000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x765b0000 0x001f9000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x76550000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x764f0000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x77020000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x764e0000 0x00005000 "\Windows\System32\psapi.dll"
.\debug.cpp(256) : 0x76430000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x76330000 0x000f4000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x76320000 0x00006000 "\Windows\System32\nsi.dll"
.\debug.cpp(256) : 0x76270000 0x000a1000 "\Windows\System32\rpcrt4.dll"
.\debug.cpp(256) : 0x76110000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x76070000 0x0009d000 "\Windows\System32\usp10.dll"
.\debug.cpp(256) : 0x75fe0000 0x00083000 "\Windows\System32\clbcatq.dll"
.\debug.cpp(256) : 0x75f90000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x75340000 0x00c49000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x75330000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x752a0000 0x00084000 "\Windows\System32\comctl32.dll"
.\debug.cpp(256) : 0x75280000 0x00012000 "\Windows\System32\devobj.dll"
.\debug.cpp(256) : 0x75250000 0x0002d000 "\Windows\System32\wintrust.dll"
.\debug.cpp(256) : 0x75130000 0x0011c000 "\Windows\System32\crypt32.dll"
.\debug.cpp(256) : 0x75100000 0x00027000 "\Windows\System32\cfgmgr32.dll"
.\debug.cpp(256) : 0x750b0000 0x0004a000 "\Windows\System32\KernelBase.dll"
.\debug.cpp(256) : 0x750a0000 0x0000c000 "\Windows\System32\msasn1.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :              Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanBh"
.\debug.cpp(400) :              Destination="\Device\NPF_NdisWanBh"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) :              Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d7f7bce&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#4&3335f3d6&0&00B0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :              Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) :              Destination="\Device\AgileVPN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{522EB546-CFD0-46DF-841A-ACD904E69F5D}"
.\debug.cpp(400) :              Destination="\Device\NDMP20"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :              Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116&MI_00#6&23871ea2&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{EA45D462-5023-44F3-8B37-6533983ED8B3}"
.\debug.cpp(400) :              Destination="\Device\NPF_{EA45D462-5023-44F3-8B37-6533983ED8B3}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{01C21647-D87C-4597-977E-CB66BE5067B6}"
.\debug.cpp(400) :              Destination="\Device\NDMP3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :              Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AB9&SUBSYS_1D171043&REV_B1#3&267a616a&0&58#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0432a195-0b6d-11df-a2c3-90e6ba0f8336}"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) :              Destination="\Device\ATKACPI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{4AF8FEBD-F5C3-476D-88A2-EB2748CCF485}"
.\debug.cpp(400) :              Destination="\Device\NPF_{4AF8FEBD-F5C3-476D-88A2-EB2748CCF485}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2a062092&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000069"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :              Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&ace7d69&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) :              Destination="\Device\avgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) :              Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) :              Destination="\Device\ProcessManagement"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :              Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) :              Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{D944D3C4-F77E-4B82-B79B-0D96376B07B0}"
.\debug.cpp(400) :              Destination="\Device\NPF_{D944D3C4-F77E-4B82-B79B-0D96376B07B0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{7EE62A88-76DB-4120-BEB7-0B989D99F3D2}"
.\debug.cpp(400) :              Destination="\Device\NPF_{7EE62A88-76DB-4120-BEB7-0B989D99F3D2}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) :              Destination="\Device\Video5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) :              Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) :              Destination="\Device\SPDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :              Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{B43A5A77-EFD7-4A66-8B97-BDDBC7C935D0}"
.\debug.cpp(400) :              Destination="\Device\NPF_{B43A5A77-EFD7-4A66-8B97-BDDBC7C935D0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanIpv6"
.\debug.cpp(400) :              Destination="\Device\NPF_NdisWanIpv6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA9&SUBSYS_1D171043&REV_B1#3&267a616a&0&31#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) :              Destination="\Device\TeredoTun"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) :              Destination="\Device\PEAuth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{C6E1F540-7B39-4FDB-8AD0-BAAC12F76C4D}"
.\debug.cpp(400) :              Destination="\Device\NPF_{C6E1F540-7B39-4FDB-8AD0-BAAC12F76C4D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) :              Destination="\Device\NPF_{E28D896F-9EA8-433A-9C10-66C97C19A921}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :              Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) :              Destination="\Device\vwififlt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_ST950032&Prod_5AS#4&2889a776&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
.\debug.cpp(400) :              Destination="\Device\NDMP23"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{633E5986-5E90-4C27-A4F8-523389EAADF1}"
.\debug.cpp(400) :              Destination="\Device\NPF_{633E5986-5E90-4C27-A4F8-523389EAADF1}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxNetFlt"
.\debug.cpp(400) :              Destination="\Device\VBoxNetFlt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :              Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :              Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) :              Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0c220ecd-ee70-11de-b4b7-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :              Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) :              Destination="\Device\NDMP17"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{77DB83D7-3C6F-4945-A113-F1366913928E}"
.\debug.cpp(400) :              Destination="\Device\NDMP8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :              Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6D464834-60D0-489C-90D2-65F9C68B6046}"
.\debug.cpp(400) :              Destination="\Device\NDMP22"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :              Destination="\Device\00000082"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :              Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) :              Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{73bc5944-ed9f-11de-88aa-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :              Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{FBBB2132-F956-46BA-9779-CFF8874409A5}"
.\debug.cpp(400) :              Destination="\Device\NPF_{FBBB2132-F956-46BA-9779-CFF8874409A5}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :              Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :              Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{0c220ec0-ee70-11de-b4b7-806e6f6e6963}#0000003D2628F200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{0c220ec0-ee70-11de-b4b7-806e6f6e6963}#0000000000007E00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) :              Destination="\Device\IPSECDOSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116&MI_00#6&23871ea2&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :              Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D944D3C4-F77E-4B82-B79B-0D96376B07B0}"
.\debug.cpp(400) :              Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NvAdminDevice"
.\debug.cpp(400) :              Destination="\Device\NvAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :              Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DAF254EE-0E6B-4913-AAB9-116639E7921A}"
.\debug.cpp(400) :              Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4AF8FEBD-F5C3-476D-88A2-EB2748CCF485}"
.\debug.cpp(400) :              Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{01C21647-D87C-4597-977E-CB66BE5067B6}"
.\debug.cpp(400) :              Destination="\Device\NPF_{01C21647-D87C-4597-977E-CB66BE5067B6}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{64FD6A92-DAC5-408A-B323-81055B0FC764}"
.\debug.cpp(400) :              Destination="\Device\NPF_{64FD6A92-DAC5-408A-B323-81055B0FC764}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :              Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_01#4&1184cc98&0&00A8#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxUSBMon"
.\debug.cpp(400) :              Destination="\Device\VBoxUSBMon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) :              Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00E#6&5bcf65e&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\00000085"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GT10N#4&2889a776&0&010100#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000075"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00E#6&5bcf65e&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000085"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C00E#5&237753d&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) :              Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
.\debug.cpp(400) :              Destination="\Device\NPF_{E2F8A220-AF88-446C-9A55-453E58DD3A33}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) :              Destination="\Device\00000066"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{ABBE29E9-F55B-49AD-9E1E-E7FB0F37D449}"
.\debug.cpp(400) :              Destination="\Device\NPF_{ABBE29E9-F55B-49AD-9E1E-E7FB0F37D449}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LGD01DD#5&12b9f7fb&0&UID33554704#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) :              Destination="\Device\00000082"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPA000#4&5d18f2df&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA7&SUBSYS_1D171043&REV_B1#3&267a616a&0&30#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{80EA241B-D56F-4143-ABD7-ACAFA911A8F4}"
.\debug.cpp(400) :              Destination="\Device\NPF_{80EA241B-D56F-4143-ABD7-ACAFA911A8F4}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#4&3335f3d6&0&00B0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ETD"
.\debug.cpp(400) :              Destination="\Device\ETD"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) :              Destination="\Device\nativewifip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0653&SUBSYS_202D1043&REV_A1#4&6d1634d&0&0060#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1a65ddc9&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) :              Destination="\Device\NDMP18"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{73bc5945-ed9f-11de-88aa-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{522EB546-CFD0-46DF-841A-ACD904E69F5D}"
.\debug.cpp(400) :              Destination="\Device\NPF_{522EB546-CFD0-46DF-841A-ACD904E69F5D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) :              Destination="\Device\NPF_{483C9FF8-503D-414B-B402-E4C1F1F568CB}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :              Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) :              Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) :              Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Intel(R)_Core(TM)2_Duo_CPU_____T6500__@_2.10GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000057"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA6&SUBSYS_1D171043&REV_B1#3&267a616a&0&21#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :              Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) :              Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0653&SUBSYS_202D1043&REV_A1#4&6d1634d&0&0060#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) :              Destination="\Device\NPF_{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) :              Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) :              Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{ABBE29E9-F55B-49AD-9E1E-E7FB0F37D449}"
.\debug.cpp(400) :              Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{8a66bc63-97e2-11df-8891-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) :              Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) :              Destination="\Device\WwanProt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :              Destination="\Device\NDMP14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{0c220ec0-ee70-11de-b4b7-806e6f6e6963}#00000002EE1AF400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) :              Destination="\Device\ASYNCMAC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ETD0001#4&2a062092&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000006a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :              Destination="\Device\RaidPort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) :              Destination="\Device\WANARPV6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\00000084"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{80EA241B-D56F-4143-ABD7-ACAFA911A8F4}"
.\debug.cpp(400) :              Destination="\Device\NDMP21"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Intel(R)_Core(TM)2_Duo_CPU_____T6500__@_2.10GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA5&SUBSYS_1D171043&REV_B1#3&267a616a&0&20#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{2f3e4dc3-3dd9-47ea-8aa4-8155ec2c643e}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxNetAdp"
.\debug.cpp(400) :              Destination="\Device\VBoxNetAdp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EA45D462-5023-44F3-8B37-6533983ED8B3}"
.\debug.cpp(400) :              Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ONMNOLC&Prod_6Z8HAVGP&Rev_1.03#5&36e5972&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\afahscnz1Port1Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :              Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) :              Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116#CN1316-S30B-MI033-VS-R03.02.04#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :              Destination="\Device\Scsi\afahscnz1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FBBB2132-F956-46BA-9779-CFF8874409A5}"
.\debug.cpp(400) :              Destination="\Device\NDMP19"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) :              Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{633E5986-5E90-4C27-A4F8-523389EAADF1}"
.\debug.cpp(400) :              Destination="\Device\NDMP7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_01#4&1184cc98&0&00A8#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) :              Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LGD01DD#5&12b9f7fb&0&UID33554704#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) :              Destination="\Device\00000082"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&338a96ac&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#4&3335f3d6&0&00B0#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanIp"
.\debug.cpp(400) :              Destination="\Device\NPF_NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) :              Destination="\Device\NPF_{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ONMNOLC&Prod_6Z8HAVGP&Rev_1.03#5&36e5972&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\afahscnz1Port1Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) :              Destination="\Device\NDMP16"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) :              Destination="\Device\NDMP15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :              Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :              Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GT10N#4&2889a776&0&010100#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000075"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :              Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) :              Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :              Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :              Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA3&SUBSYS_1D171043&REV_B1#3&267a616a&0&1D#{8ad261ed-6aec-4b95-b844-552766d76ef9}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B43A5A77-EFD7-4A66-8B97-BDDBC7C935D0}"
.\debug.cpp(400) :              Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxDrv"
.\debug.cpp(400) :              Destination="\Device\VBoxDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) :              Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) :              Destination="\Device\00000066"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{D37D6C3F-20C4-4912-A475-0AD1DC0A645B}"
.\debug.cpp(400) :              Destination="\Device\NPF_{D37D6C3F-20C4-4912-A475-0AD1DC0A645B}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) :              Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) :              Destination="\Device\avipbb"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{77DB83D7-3C6F-4945-A113-F1366913928E}"
.\debug.cpp(400) :              Destination="\Device\NPF_{77DB83D7-3C6F-4945-A113-F1366913928E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{DAF254EE-0E6B-4913-AAB9-116639E7921A}"
.\debug.cpp(400) :              Destination="\Device\NPF_{DAF254EE-0E6B-4913-AAB9-116639E7921A}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) :              Destination="\Device\NPF_{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116&MI_00#6&23871ea2&0&0000#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"
.\debug.cpp(400) :              Destination="\Device\00000080"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 2e060ce1d43e9295787d38be56932990
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1153) :  --------------------------------------------
.\boot_cleaner.cpp(1197) :    465 GB  \\.\PhysicalDrive0  Unknown boot code
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1217) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1220) :
.\boot_cleaner.cpp(1242) : Done;


cosinus 05.08.2010 21:01

Hast Du für den Fall der Fälle eine Win7-DVD zur Hand? Wäre wichtig!


Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:
Code:

remover.exe fix \\.\PhysicalDrive0

Dwza 05.08.2010 22:15

jetzt hab ich hier falsch editiert.... unten ncohmal die zusammenfassung als jemand anderes hier mitliest

cosinus 05.08.2010 22:17

Deswegen hab ich extra mit Fettschrift gefragt, ob Du eine Win7-DVD hast!! :balla:
Du kannst so ohne weiteres nicht mehr den MBR wiederherstellen, nur noch mit der Win7-DVD!

Dwza 05.08.2010 22:24

pc geht nicht mehr....
hab alles gemacht... dann kam auf einmal recovery irgendwas... das wollte ich aber nicht machen weil er sagte das dann alle meine daten weg sind und ich habe keine sicherung davon gemacht....
nun komm ich net mehr in windows rein.

meldung mit
Status 0x000000e

Info: FEhler bei Startauswahl. Zugriff auf ein erforderliches Gerät nicht möglich.

drüber steht noch cd einlegen, landauswählen und computer reparieren....

finde aber meine cd irgendwie nicht.... such hier grade alles ab :(

Dwza 05.08.2010 22:36

so ich hab jetzt meine cd gefunden. aber so wie der liebe gott es will, will er nicht von ihr starten ^^ naja ich meld mich wenn ich es hinbekommen habe.

cosinus 05.08.2010 23:23

Hab von Larusso folgenden Baustein bekommen. Dank an Larusso :)


Downloade Dir bitte das Vista RE.iso.

Brenne diese Iso mit einem Image Programm deiner Wahl.
Solltest Du soetwas nicht haben, hier eines mit Anleitung und download.

Wenn Du die CD hast, versuch bitte zu allerst davon zu booten.
Es sollte dann folgendes am Desktop stehen.
Code:

Systemreparatur
Systemwiederherstellung
Windows Complete PC-Wiederherstellunh
Windows-Speicherdiagnosetool
Eingabeaufforderung

Gib bitte eine Rückmeldung.
Dann machen wir weiter :)

Dwza 06.08.2010 02:11

werd ich morgen auf der arbeit mal brennen. kann ich das auch mit meinem w7 verwenden ja ?
ps: ich bedanke mich an dieser stelle schon mal für die ganzen mühen ^^

cosinus 06.08.2010 09:35

Für den Fall der Fälle gibt es auch Win7-Recovery => Windows 7 Recovery Disk (32-Bit) - Download - PCFreunde.de

Dwza 06.08.2010 11:17

sind dann meine ganzen Daten weg ?
oder bin ich mit der cd noch auf der sicheren seite ?

und ich wunder mich grade... ist die wirklich nur 11,5kb groß ?

Larusso 06.08.2010 11:43

*kurz

Die Vista rc iso ist ein bisschen größer. Soviel ich weiß um die 140 MB

*wieder weg

Dwza 06.08.2010 13:10

ja das hab ich gesehen. die hab ich auch runter geladen.
die W7RCD hab ich net gezogen. es gibt auch welche die was im net gepostet haben wo die cd auch zwischen 100 und 200 mb ist... aber leider sind alle downloadlinks tot. immer aus urheberrechtlichen gründen würde die datei gelöscht bla bla. und eigentlich ist das doch freeware so ne recovery cd oder ?
naja was auch immer sie ist, ne W7RCD finde ich leider nicht und werde es dann wohl zwangsläufig mit der VistaRCD versuchen.

cosinus 06.08.2010 13:27

Die 11.5 kB Datei ist nur die torrent-Datei!
Lad Dir bitte das Vista-ISO wenns mit dem von Win7 nicht geht.

Dwza 06.08.2010 18:37

so, hab die recovery cd gemacht und damit gestartet und juhu, pc läuft schon mal wieder :) ist das problem jetzt schon behoben oder haben ich noch garnichts richtiges zur bekämpfung des trojaners gemacht ?

hab nochmal nen mbrcheck gemacht und das kam bei raus:

Zitat:

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Error reading raw MBR!





Done! Press ENTER to exit...

mir ist aufgefallen, in meinem ersten MBRCheck hatte ich noch ein Laufwerk G:
das war son recovery laufwerk... bin mir aber nicht sicher wo das her ist oder ob das immer schon
da war. wenn ich vermuten würde dann würde ich sagen nein, es war voher nicht da und ist jetzt auch wieder weg.
kann es sein dass das der trojaner war ????

cosinus 06.08.2010 21:07

Zitat:

465 GB \\.\PhysicalDrive0 Error reading raw MBR!
Immer noch kann er den MBR nicht lesen. Du hast auf jeden Fall die remover.exe per Rechtsklick => Als Administrator ausführen gestartet?

Im Zeifel bitte mal die UAC deaktivieren und nochmal machen => http://www.trojaner-board.de/72647-b...ktivieren.html

Dwza 09.08.2010 02:50

also meine benutzerkontensteuerung war schon die ganze zeit deaktiviert und ich habe es auch als administrator ausgeführt.

cosinus 09.08.2010 09:23

Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

Zur Kontrolle remover.exe nochmal ausführen und das Log posten.

Dwza 10.08.2010 19:31

so, gemacht :D und ich habe auch seit geraumer zeit keinen sound mehr im hintergrund.

remover.exe LOG
Code:

.\debug.cpp(238) : Debug log started at 10.08.2010 - 18:29:03
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows 7  (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82c38000 0x00410000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x82c01000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80bc2000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x83225000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8329d000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x832ae000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x832b6000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x832f8000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8c41f000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8c490000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8c49e000 0x000f3000 "\SystemRoot\System32\Drivers\spaz.sys"
.\debug.cpp(256) : 0x8c591000 0x00009000 "\SystemRoot\System32\Drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x8c59a000 0x00026000 "\SystemRoot\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0x833a3000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x8c5c0000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x8c5c8000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x8c5d3000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x8c400000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x8c411000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x833eb000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x83200000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x8c632000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8c67d000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8c693000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x8c69c000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x8c6bf000 0x0000a000 "\SystemRoot\system32\DRIVERS\msahci.sys"
.\debug.cpp(256) : 0x8c6c9000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8c6d7000 0x00037000 "\SystemRoot\system32\DRIVERS\nvstor32.sys"
.\debug.cpp(256) : 0x8c70e000 0x00047000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x8c755000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x8c75e000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8c792000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8c822000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8c951000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8c97c000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8c98f000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x8c9ec000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8c800000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8ca26000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8cadd000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8cb1b000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8cc29000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8cd72000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8cda3000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x8cdac000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x8cdeb000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8cb40000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8cc00000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8cc10000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8cb6d000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8cc18000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8cb9f000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8cbdf000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8ca00000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8ca07000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8ca0e000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8c7da000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8c809000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8ca1a000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8c816000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8c600000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x8c608000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8c613000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x90c12000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x90c29000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x90c34000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x90c8e000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x90cc0000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x90cc7000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x90ce6000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x90cf7000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x90d34000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x90d47000 0x00009000 "\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys"
.\debug.cpp(256) : 0x90d50000 0x0001d000 "\SystemRoot\system32\DRIVERS\VBoxDrv.sys"
.\debug.cpp(256) : 0x90d6d000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x90d7d000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x90d83000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x90dc4000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x90dce000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x90dd8000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x91415000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x91479000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x91491000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x9149f000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0x914c1000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0x914c3000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x914e4000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x914f6000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x9150e000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x9151b000 0x0001b000 "\SystemRoot\system32\DRIVERS\ETD.sys"
.\debug.cpp(256) : 0x91536000 0x00009000 "\SystemRoot\system32\DRIVERS\VBoxMouse.sys"
.\debug.cpp(256) : 0x9153f000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x9154c000 0x00009000 "\SystemRoot\system32\DRIVERS\nvsmu.sys"
.\debug.cpp(256) : 0x91555000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x9155f000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x915aa000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x915b9000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x915d8000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x93a01000 0x00afa000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
.\debug.cpp(256) : 0x944fb000 0x00002000 "\SystemRoot\system32\DRIVERS\nvBridge.kmd"
.\debug.cpp(256) : 0x944fd000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x945b4000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x90d05000 0x00025000 "\SystemRoot\system32\DRIVERS\Rt86win7.sys"
.\debug.cpp(256) : 0x92222000 0x0012d000 "\SystemRoot\system32\DRIVERS\athr.sys"
.\debug.cpp(256) : 0x9234f000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x92359000 0x00039000 "\SystemRoot\System32\Drivers\ar60huiy.SYS"
.\debug.cpp(256) : 0x92392000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0x9239b000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x9239f000 0x00008000 "\SystemRoot\system32\DRIVERS\ATKACPI.sys"
.\debug.cpp(256) : 0x923a7000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x923b4000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x923c6000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x923de000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x92200000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x915de000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x923e9000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x90de4000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x9502d000 0x00017000 "\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys"
.\debug.cpp(256) : 0x95044000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x9504e000 0x0001a000 "\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys"
.\debug.cpp(256) : 0x95068000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x9506a000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x9509e000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x950ac000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x950f0000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x95101000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x95151000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x95180000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x95199000 0x00013000 "\SystemRoot\system32\drivers\nvhda32v.sys"
.\debug.cpp(256) : 0x82690000 0x0024a000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x951ac000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x951b6000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x951c3000 0x0000a000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"
.\debug.cpp(256) : 0x8c7a3000 0x00037000 "\SystemRoot\System32\Drivers\dump_nvstor32.sys"
.\debug.cpp(256) : 0x951cd000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x951de000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x951f5000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x8da39000 0x001ae000 "\SystemRoot\system32\DRIVERS\snp2uvc.sys"
.\debug.cpp(256) : 0x8dbe7000 0x0000e000 "\SystemRoot\system32\DRIVERS\STREAM.SYS"
.\debug.cpp(256) : 0x8dbf5000 0x00007000 "\SystemRoot\system32\DRIVERS\sncduvc.SYS"
.\debug.cpp(256) : 0x8da00000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x828f0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x82920000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x8da0b000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x95000000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0x8cbc4000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x8da26000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x9ca34000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x9ca7a000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x9ca8a000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x9caa1000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x9cb26000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x9cb3f000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x9cb51000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x9cb74000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x9cbaf000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x9cbe2000 0x0000f000 "\SystemRoot\system32\drivers\npf.sys"
.\debug.cpp(256) : 0x9fa13000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x9faaa000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x9fab4000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x9fad5000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x9fae2000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x9fb31000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x9fb82000 0x0002a000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x77010000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x47a60000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77250000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00370000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x10000000 0x0022d000 "\Program Files\DAEMON Tools Lite\Engine.dll"
.\debug.cpp(256) : 0x771a0000 0x000a0000 "\Windows\System32\advapi32.dll"
.\debug.cpp(256) : 0x76f90000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x77160000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x77150000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x76340000 0x00c49000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x762e0000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x76250000 0x00083000 "\Windows\System32\clbcatq.dll"
.\debug.cpp(256) : 0x761b0000 0x0009d000 "\Windows\System32\usp10.dll"
.\debug.cpp(256) : 0x760e0000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x76090000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x76030000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x76010000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x75ed0000 0x00135000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x75e20000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x75c20000 0x001f9000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x75ac0000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x759c0000 0x000f4000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x758e0000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(256) : 0x758d0000 0x00006000 "\Windows\System32\nsi.dll"
.\debug.cpp(256) : 0x758c0000 0x00005000 "\Windows\System32\psapi.dll"
.\debug.cpp(256) : 0x758a0000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x75890000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x75840000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x75770000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x756c0000 0x000a1000 "\Windows\System32\rpcrt4.dll"
.\debug.cpp(256) : 0x75630000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x75490000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x75460000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x75430000 0x00027000 "\Windows\System32\cfgmgr32.dll"
.\debug.cpp(256) : 0x75410000 0x00012000 "\Windows\System32\devobj.dll"
.\debug.cpp(256) : 0x753e0000 0x0002d000 "\Windows\System32\wintrust.dll"
.\debug.cpp(256) : 0x75350000 0x00084000 "\Windows\System32\comctl32.dll"
.\debug.cpp(256) : 0x75230000 0x0011c000 "\Windows\System32\crypt32.dll"
.\debug.cpp(256) : 0x751e0000 0x0004a000 "\Windows\System32\KernelBase.dll"
.\debug.cpp(256) : 0x751d0000 0x0000c000 "\Windows\System32\msasn1.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{9bb2eaa4-a180-11df-982f-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :              Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanBh"
.\debug.cpp(400) :              Destination="\Device\NPF_NdisWanBh"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) :              Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d7f7bce&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#4&3335f3d6&0&00B0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :              Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) :              Destination="\Device\AgileVPN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{522EB546-CFD0-46DF-841A-ACD904E69F5D}"
.\debug.cpp(400) :              Destination="\Device\NDMP20"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :              Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116&MI_00#6&23871ea2&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{EA45D462-5023-44F3-8B37-6533983ED8B3}"
.\debug.cpp(400) :              Destination="\Device\NPF_{EA45D462-5023-44F3-8B37-6533983ED8B3}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{01C21647-D87C-4597-977E-CB66BE5067B6}"
.\debug.cpp(400) :              Destination="\Device\NDMP3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :              Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AB9&SUBSYS_1D171043&REV_B1#3&267a616a&0&58#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0432a195-0b6d-11df-a2c3-90e6ba0f8336}"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) :              Destination="\Device\ATKACPI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{4AF8FEBD-F5C3-476D-88A2-EB2748CCF485}"
.\debug.cpp(400) :              Destination="\Device\NPF_{4AF8FEBD-F5C3-476D-88A2-EB2748CCF485}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2a062092&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000069"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :              Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&ace7d69&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) :              Destination="\Device\avgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) :              Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) :              Destination="\Device\ProcessManagement"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :              Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) :              Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{D944D3C4-F77E-4B82-B79B-0D96376B07B0}"
.\debug.cpp(400) :              Destination="\Device\NPF_{D944D3C4-F77E-4B82-B79B-0D96376B07B0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) :              Destination="\Device\Video5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) :              Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :              Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{B43A5A77-EFD7-4A66-8B97-BDDBC7C935D0}"
.\debug.cpp(400) :              Destination="\Device\NPF_{B43A5A77-EFD7-4A66-8B97-BDDBC7C935D0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanIpv6"
.\debug.cpp(400) :              Destination="\Device\NPF_NdisWanIpv6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA9&SUBSYS_1D171043&REV_B1#3&267a616a&0&31#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) :              Destination="\Device\TeredoTun"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) :              Destination="\Device\SPDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) :              Destination="\Device\PEAuth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{C6E1F540-7B39-4FDB-8AD0-BAAC12F76C4D}"
.\debug.cpp(400) :              Destination="\Device\NPF_{C6E1F540-7B39-4FDB-8AD0-BAAC12F76C4D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) :              Destination="\Device\NPF_{E28D896F-9EA8-433A-9C10-66C97C19A921}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :              Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) :              Destination="\Device\vwififlt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{633E5986-5E90-4C27-A4F8-523389EAADF1}"
.\debug.cpp(400) :              Destination="\Device\NPF_{633E5986-5E90-4C27-A4F8-523389EAADF1}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_ST950032&Prod_5AS#4&2889a776&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxNetFlt"
.\debug.cpp(400) :              Destination="\Device\VBoxNetFlt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :              Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :              Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) :              Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0c220ecd-ee70-11de-b4b7-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :              Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) :              Destination="\Device\NDMP17"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{77DB83D7-3C6F-4945-A113-F1366913928E}"
.\debug.cpp(400) :              Destination="\Device\NDMP8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :              Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :              Destination="\Device\00000082"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :              Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) :              Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :              Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{FBBB2132-F956-46BA-9779-CFF8874409A5}"
.\debug.cpp(400) :              Destination="\Device\NPF_{FBBB2132-F956-46BA-9779-CFF8874409A5}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :              Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :              Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{0c220ec0-ee70-11de-b4b7-806e6f6e6963}#0000003D2628F200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) :              Destination="\Device\IPSECDOSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116&MI_00#6&23871ea2&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :              Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D944D3C4-F77E-4B82-B79B-0D96376B07B0}"
.\debug.cpp(400) :              Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NvAdminDevice"
.\debug.cpp(400) :              Destination="\Device\NvAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :              Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) :              Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DAF254EE-0E6B-4913-AAB9-116639E7921A}"
.\debug.cpp(400) :              Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4AF8FEBD-F5C3-476D-88A2-EB2748CCF485}"
.\debug.cpp(400) :              Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{01C21647-D87C-4597-977E-CB66BE5067B6}"
.\debug.cpp(400) :              Destination="\Device\NPF_{01C21647-D87C-4597-977E-CB66BE5067B6}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{64FD6A92-DAC5-408A-B323-81055B0FC764}"
.\debug.cpp(400) :              Destination="\Device\NPF_{64FD6A92-DAC5-408A-B323-81055B0FC764}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :              Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_01#4&1184cc98&0&00A8#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxUSBMon"
.\debug.cpp(400) :              Destination="\Device\VBoxUSBMon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) :              Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GT10N#4&2889a776&0&010100#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000075"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) :              Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
.\debug.cpp(400) :              Destination="\Device\NPF_{E2F8A220-AF88-446C-9A55-453E58DD3A33}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) :              Destination="\Device\00000066"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{ABBE29E9-F55B-49AD-9E1E-E7FB0F37D449}"
.\debug.cpp(400) :              Destination="\Device\NPF_{ABBE29E9-F55B-49AD-9E1E-E7FB0F37D449}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LGD01DD#5&12b9f7fb&0&UID33554704#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) :              Destination="\Device\00000082"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNPA000#4&5d18f2df&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA7&SUBSYS_1D171043&REV_B1#3&267a616a&0&30#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{80EA241B-D56F-4143-ABD7-ACAFA911A8F4}"
.\debug.cpp(400) :              Destination="\Device\NPF_{80EA241B-D56F-4143-ABD7-ACAFA911A8F4}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ETD"
.\debug.cpp(400) :              Destination="\Device\ETD"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) :              Destination="\Device\nativewifip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0653&SUBSYS_202D1043&REV_A1#4&6d1634d&0&0060#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1a65ddc9&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#4&3335f3d6&0&00B0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) :              Destination="\Device\NDMP18"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8FAE1D24-E447-43CF-8259-F03C7F546FFD}"
.\debug.cpp(400) :              Destination="\Device\NDMP22"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{522EB546-CFD0-46DF-841A-ACD904E69F5D}"
.\debug.cpp(400) :              Destination="\Device\NPF_{522EB546-CFD0-46DF-841A-ACD904E69F5D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) :              Destination="\Device\NPF_{483C9FF8-503D-414B-B402-E4C1F1F568CB}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :              Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{7AF75B9F-7668-448B-A825-6266AE3E8493}"
.\debug.cpp(400) :              Destination="\Device\NPF_{7AF75B9F-7668-448B-A825-6266AE3E8493}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) :              Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) :              Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Intel(R)_Core(TM)2_Duo_CPU_____T6500__@_2.10GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000057"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA6&SUBSYS_1D171043&REV_B1#3&267a616a&0&21#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :              Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) :              Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0653&SUBSYS_202D1043&REV_A1#4&6d1634d&0&0060#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) :              Destination="\Device\NPF_{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) :              Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) :              Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{ABBE29E9-F55B-49AD-9E1E-E7FB0F37D449}"
.\debug.cpp(400) :              Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) :              Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) :              Destination="\Device\WwanProt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :              Destination="\Device\NDMP14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{0c220ec0-ee70-11de-b4b7-806e6f6e6963}#00000002EE1AF400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{0c220ec0-ee70-11de-b4b7-806e6f6e6963}#0000000000007E00#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ETD0001#4&2a062092&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000006a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :              Destination="\Device\RaidPort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) :              Destination="\Device\WANARPV6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\00000084"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{80EA241B-D56F-4143-ABD7-ACAFA911A8F4}"
.\debug.cpp(400) :              Destination="\Device\NDMP21"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23_-_Intel(R)_Core(TM)2_Duo_CPU_____T6500__@_2.10GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA5&SUBSYS_1D171043&REV_B1#3&267a616a&0&20#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0006&SUBSYS_10DE0101&REV_1000#4&384413be&0&0201#{2f3e4dc3-3dd9-47ea-8aa4-8155ec2c643e}"
.\debug.cpp(400) :              Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxNetAdp"
.\debug.cpp(400) :              Destination="\Device\VBoxNetAdp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EA45D462-5023-44F3-8B37-6533983ED8B3}"
.\debug.cpp(400) :              Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ONMNOLC&Prod_6Z8HAVGP&Rev_1.03#5&36e5972&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\ar60huiy1Port1Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :              Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) :              Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116#CN1316-S30B-MI033-VS-R03.02.04#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :              Destination="\Device\Scsi\ar60huiy1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FBBB2132-F956-46BA-9779-CFF8874409A5}"
.\debug.cpp(400) :              Destination="\Device\NDMP19"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) :              Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{633E5986-5E90-4C27-A4F8-523389EAADF1}"
.\debug.cpp(400) :              Destination="\Device\NDMP7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) :              Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LGD01DD#5&12b9f7fb&0&UID33554704#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) :              Destination="\Device\00000082"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&338a96ac&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#4&3335f3d6&0&00B0#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_01#4&1184cc98&0&00A8#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_NdisWanIp"
.\debug.cpp(400) :              Destination="\Device\NPF_NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) :              Destination="\Device\NPF_{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SUN_VBOXNETFLTMP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{9bb2eaa3-a180-11df-982f-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ONMNOLC&Prod_6Z8HAVGP&Rev_1.03#5&36e5972&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Scsi\ar60huiy1Port1Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10431503&REV_1001#4&384413be&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) :              Destination="\Device\NDMP16"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) :              Destination="\Device\NDMP15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :              Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :              Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GT10N#4&2889a776&0&010100#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000075"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :              Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) :              Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :              Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :              Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0AA3&SUBSYS_1D171043&REV_B1#3&267a616a&0&1D#{8ad261ed-6aec-4b95-b844-552766d76ef9}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B43A5A77-EFD7-4A66-8B97-BDDBC7C935D0}"
.\debug.cpp(400) :              Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VBoxDrv"
.\debug.cpp(400) :              Destination="\Device\VBoxDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) :              Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) :              Destination="\Device\00000066"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{D37D6C3F-20C4-4912-A475-0AD1DC0A645B}"
.\debug.cpp(400) :              Destination="\Device\NPF_{D37D6C3F-20C4-4912-A475-0AD1DC0A645B}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) :              Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) :              Destination="\Device\avipbb"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{77DB83D7-3C6F-4945-A113-F1366913928E}"
.\debug.cpp(400) :              Destination="\Device\NPF_{77DB83D7-3C6F-4945-A113-F1366913928E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{DAF254EE-0E6B-4913-AAB9-116639E7921A}"
.\debug.cpp(400) :              Destination="\Device\NPF_{DAF254EE-0E6B-4913-AAB9-116639E7921A}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NPF_{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) :              Destination="\Device\NPF_{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A116&MI_00#6&23871ea2&0&0000#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"
.\debug.cpp(400) :              Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000047"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1153) :  --------------------------------------------
.\boot_cleaner.cpp(1197) :    465 GB  \\.\PhysicalDrive0  OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;

leider ist aber der MBRChecker.exe immernoch erfolglos ^^

gleiches resultat wie vorher...
Code:

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0



      Size  Device Name          MBR Status

  --------------------------------------------

    465 GB  \\.\PhysicalDrive0  Error reading raw MBR!





Done!  Press ENTER to exit...

vllt geht die exe einach nicht bei mir ?
habe alles, trotz abgestellter benutzerverwaltung, als admin ausgeführt.

Dwza 13.08.2010 21:17

so ich warte jetzt schon seit knapp 4 tagen... soll ich noch was weiter machen ?
auf jeden fall hab ich seit 4 tagen keine musik mehr gehört. :D

cosinus 14.08.2010 15:16

Sry ich hab Deinen Strang übersehen :schmoll:

Der MBR ist auf jeden Fall wieder ok, da wür den über die Recovery-Disc neu geschrieben haben.

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Dwza 21.08.2010 17:59

SUPERAntiSpywareLog:
Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/21/2010 at 04:51 PM

Application Version : 4.41.1000

Core Rules Database Version : 5388
Trace Rules Database Version: 3200

Scan type      : Complete Scan
Total Scan Time : 01:36:09

Memory items scanned      : 846
Memory threats detected  : 0
Registry items scanned    : 10490
Registry threats detected : 0
File items scanned        : 178076
File threats detected    : 19

Adware.Tracking Cookie
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@msnportal.112.2o7[1].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@content.yieldmanager[1].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@ad.yieldmanager[2].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@serving-sys[1].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@atdmt[1].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@adfarm1.adition[1].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@adcentriconline[2].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@mediaplex[1].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@doubleclick[1].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@bs.serving-sys[3].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@tradedoubler[1].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@apmebf[1].txt
        C:\Users\Dwza\AppData\Roaming\Microsoft\Windows\Cookies\dwza@adtech[1].txt
        cdn4.specificclick.net [ C:\Users\Dwza\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XQSF426J ]
        files.youporn.com [ C:\Users\Dwza\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XQSF426J ]
        imagesrv.adition.com [ C:\Users\Dwza\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XQSF426J ]
        media1.break.com [ C:\Users\Dwza\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XQSF426J ]
        secure-us.imrworldwide.com [ C:\Users\Dwza\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XQSF426J ]
        media.zedmobil.de [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WVAEG78B ]


Dwza 22.08.2010 07:43

und hier noch mein Maleware :D

Code:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4457

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.08.2010 21:51:00
mbam-log-2010-08-21 (21-51-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 322737
Laufzeit: 1 Stunde(n), 48 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


cosinus 22.08.2010 18:44

Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131