Problem mit Programmen: minimiren sich von selbst. HijackThis Log auswerten.

#16 lade Dir das Tool Bootkit Remover herunter

das ist RAR (Dateiformat), also Entpacke die Datei auf Deinen Desktop
- Vista User rechter Mausklick und wähle "Ausführen als Administrator
Doppelklick in dem ordner auf remove.exe
- Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Rechter Mausklick auf dem Bildschirm und klicke auf Select All
Drücke Strg + C (an der Tastatur) zum Kopieren der Daten
Öffne dein Notepad und drücke Strg + V die Daten einfügen

Poste dann bitte den Inhalt des Logfiles

#17 Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
__________
Wer Rechtschreibfehler findet, kann sie behalten.
Fan von Swisstreasure!

#18 Schau einmal ob Du auf dem Desktop ein Logfile von Combofix hast.

#19

Code

.\debug.cpp(238) : Debug log started at 08.08.2010 - 23:37:34
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f78000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f67000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0b8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f48000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba5ac000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb9f22000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba671000 0x00001000 "amdide.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f0a000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xba0d8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9eea000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9ed8000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xb9ec1000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9e34000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9e07000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xb9ded000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba2a8000 0x0000a000 "\SystemRoot\System32\DRIVERS\processr.sys"
.\debug.cpp(256) : 0xb7871000 0x00534000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys"
.\debug.cpp(256) : 0xb785d000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xb7835000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb781b000 0x0001a000 "\SystemRoot\System32\DRIVERS\Rtenicxp.sys"
.\debug.cpp(256) : 0xba3f0000 0x00005000 "\SystemRoot\System32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xb77f7000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba3f8000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xba2b8000 0x0000b000 "\SystemRoot\System32\Drivers\Imapi.SYS"
.\debug.cpp(256) : 0xba2c8000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba2d8000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb77d4000 0x00023000 "\SystemRoot\System32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba2e8000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xba564000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xb77c0000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xba6d5000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba2f8000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xba568000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb77a9000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba308000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba318000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba400000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb7798000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba118000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba408000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba410000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb7768000 0x00030000 "\SystemRoot\System32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xba128000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba418000 0x00007000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba420000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba5c2000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb76e2000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xba584000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xba178000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xba5cc000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba188000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xab436000 0x0001b000 "\SystemRoot\system32\drivers\AtiHdmi.sys"
.\debug.cpp(256) : 0xab412000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba1b8000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xaa15d000 0x005cd000 "\SystemRoot\system32\drivers\RtkHDAud.sys"
.\debug.cpp(256) : 0xba5d4000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba7bf000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba5d6000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba458000 0x00007000 "\SystemRoot\System32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xba460000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba5d8000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba5da000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba468000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba470000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xb7758000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xaa102000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xaa0a9000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xaa047000 0x0003a000 "\SystemRoot\System32\Drivers\avgtdix.sys"
.\debug.cpp(256) : 0xaa021000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xba1e8000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xba588000 0x00003000 "\SystemRoot\System32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xba1f8000 0x00009000 "\SystemRoot\System32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xaa00a000 0x00017000 "\SystemRoot\System32\Drivers\usbVM31b.sys"
.\debug.cpp(256) : 0xba208000 0x0000d000 "\SystemRoot\System32\Drivers\STREAM.SYS"
.\debug.cpp(256) : 0xba478000 0x00008000 "\SystemRoot\System32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xba58c000 0x00003000 "\SystemRoot\System32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xaa74a000 0x00004000 "\SystemRoot\System32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xa9fe2000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xa9fc0000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xba218000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xa9f95000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xa9f25000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xba228000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xba480000 0x00006000 "\SystemRoot\System32\Drivers\avgmfx86.sys"
.\debug.cpp(256) : 0xa9ef1000 0x00034000 "\SystemRoot\System32\Drivers\avgldx86.sys"
.\debug.cpp(256) : 0xba158000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xa9eb1000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xba624000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xaa736000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba398000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba7fe000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00051000 "\SystemRoot\System32\ati2dvag.dll"
.\debug.cpp(256) : 0xbf063000 0x0008d000 "\SystemRoot\System32\ati2cqag.dll"
.\debug.cpp(256) : 0xbf0f0000 0x00073000 "\SystemRoot\System32\atikvmag.dll"
.\debug.cpp(256) : 0xbf163000 0x0004a000 "\SystemRoot\System32\atiok3x2.dll"
.\debug.cpp(256) : 0xbf1ad000 0x003ee000 "\SystemRoot\System32\ati3duag.dll"
.\debug.cpp(256) : 0xbf59b000 0x00262000 "\SystemRoot\System32\ativvaxx.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xa7b98000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa7813000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xba618000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xa770a000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xa763b000 0x00057000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa738e000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xa758b000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa72a0000 0x00009000 "\??\C:\WINDOWS\system32\FsUsbExDisk.SYS"
.\debug.cpp(256) : 0xba604000 0x00002000 "\SystemRoot\system32\drivers\MSPQM.sys"
.\debug.cpp(256) : 0xba63a000 0x00002000 "\SystemRoot\system32\drivers\MSPCLOCK.sys"
.\debug.cpp(256) : 0xa6532000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b8000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_12cf&Pid_0047#6&1d00777&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\00000073"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :              Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :              Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2B492E8B-6450-4EE1-8B8A-98426D1C8F82}"
.\debug.cpp(400) :              Destination="\Device\{2B492E8B-6450-4EE1-8B8A-98426D1C8F82}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_73021462&REV_00#3&267a616a&0&91#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :              Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) :              Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :              Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#4&338acb6f&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) :              Destination="\Device\0000005a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) :              Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :              Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) :              Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627302&REV_1000#4&2e9f9ccc&0&0301#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\0000006f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :              Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0b0c&MI_01&Col04#7&f8edc69&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) :              Destination="\Device\ParallelVdm0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0b0c&MI_00#7&275268ae&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) :              Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :              Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0471&Pid_0325#5&2a6080be&0&1#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0471&Pid_0325#5&2a6080be&0&1#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) :              Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM2"
.\debug.cpp(400) :              Destination="\Device\Serial1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :              Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0b0c&MI_01&Col01#7&f8edc69&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\00000077"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) :              Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :              Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0471&Pid_0325#5&2a6080be&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) :              Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D57846F0-A29A-4E6F-A50D-50EB69B0387D}"
.\debug.cpp(400) :              Destination="\Device\{D57846F0-A29A-4E6F-A50D-50EB69B0387D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627302&REV_1000#4&2e9f9ccc&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000006f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :              Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgTdi"
.\debug.cpp(400) :              Destination="\Device\AvgTdi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :              Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_302C1462&REV_02#4&2bb7b23&0&0028#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0023"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{86DB7BBD-30DA-470D-A952-CE9383F1233D}"
.\debug.cpp(400) :              Destination="\Device\{86DB7BBD-30DA-470D-A952-CE9383F1233D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature1Offset7E00Length1FFF580A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-H652L_______________0603____#5&1f11d39b&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP3T0L0-10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FsUsbExDisk"
.\debug.cpp(400) :              Destination="\Device\FsUsbExDisk"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :              Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :              Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_73021462&REV_00#3&267a616a&0&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4F0919D7-E646-4140-BF13-F5E7C11073EC}"
.\debug.cpp(400) :              Destination="\Device\{4F0919D7-E646-4140-BF13-F5E7C11073EC}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000030"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Avg7Rs"
.\debug.cpp(400) :              Destination="\Device\Avg7Rs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :              Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :              Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&23b92da6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_73021462&REV_00#3&267a616a&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :              Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-H652L_______________0603____#5&1f11d39b&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP3T0L0-10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) :              Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :              Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :              Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0b0c&MI_01&Col02#7&f8edc69&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\00000078"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) :              Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) :              Destination="\Device\USBFDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_2#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :              Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAviLdr"
.\debug.cpp(400) :              Destination="\Device\AvgAviLdrDev"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0471&Pid_0325#5&2a6080be&0&1#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DA9089A1-BE21-4250-85C1-BA2363E98495}"
.\debug.cpp(400) :              Destination="\Device\{DA9089A1-BE21-4250-85C1-BA2363E98495}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0b0c&MI_00#7&275268ae&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\00000076"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\00000059"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&c10e4e7&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-H652L_______________0603____#5&1f11d39b&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP3T0L0-10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_73021462&REV_00#3&267a616a&0&92#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4291a4aa-2fc2-11df-999a-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_73021462&REV_00#3&267a616a&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :              Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0b0c&MI_01&Col03#7&f8edc69&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) :              Destination="\Device\00000079"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HDP725050GLA360_________________GM4OA5CA#5&3163361&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&ade832b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9440&SUBSYS_24401682&REV_00#4&92b7792&0&0010#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :              Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_12cf&Pid_0047#6&1d00777&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000073"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&356f1c15&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) :              Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&a90c548&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4399&SUBSYS_73021462&REV_00#3&267a616a&0&A5#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RealTekCard"
.\debug.cpp(400) :              Destination="\Device\RealTekCard"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4291a4ab-2fc2-11df-999a-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627302&REV_1000#4&2e9f9ccc&0&0301#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :              Destination="\Device\0000006f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4D90F27B-2DB5-4D3D-A302-16888545085E}"
.\debug.cpp(400) :              Destination="\Device\{4D90F27B-2DB5-4D3D-A302-16888545085E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :              Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&14072bd2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_0b0c#5&2a6080be&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_12cf&Pid_0047#5&306facf1&0&3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) :              Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) :              Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :              Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) :              Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) :              Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) :              Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) :              Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) :              Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0b0c&MI_01&Col04#7&f8edc69&0&0003#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\00000059"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FE37E2E0-B169-4652-8E44-340DAEE73411}"
.\debug.cpp(400) :              Destination="\Device\{FE37E2E0-B169-4652-8E44-340DAEE73411}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_2#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) :              Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :              Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature1Offset1FFF588800Length1FFFD60A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627302&REV_1000#4&2e9f9ccc&0&0301#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000006f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627302&REV_1000#4&2e9f9ccc&0&0301#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000006f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :              Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :              Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&304f8e65&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :              Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :              Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000033"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :              Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4291a4ad-2fc2-11df-999a-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000032"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0471&Pid_0325#5&2a6080be&0&1#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&2514e5d&0&0001#{dba43692-ad00-48aa-b1a7-ffa99a04ee17}"
.\debug.cpp(400) :              Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) :              Destination="\Device\DmControl\DmInfo"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1151) : 
.\boot_cleaner.cpp(1152) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1153) :  --------------------------------------------
.\boot_cleaner.cpp(1197) :    465 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) : 
.\boot_cleaner.cpp(1242) : Done;

Das hier zufällig? sorry dass es jetzt erst ankommt, hab es übersehen, chef.
__________
Wer Rechtschreibfehler findet, kann sie behalten.
Fan von Swisstreasure!

#20 Ne Sollte hier sein:

C:\ComboFix.txt

#21 Das hier?? Bittesehr

Code

ComboFix 10-08-04.05 - Jazzy 05.08.2010  10:37:15.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1043.18.2047.1546 [GMT 2:00]
ausgeführt von:: C:\Documents and Settings\Jazzy\Bureaublad\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-05 bis 2010-08-05  ))))))))))))))))))))))))))))))
.

2010-08-02 21:28:20 . 2010-08-02 21:28:20    --------    d-----w-    C:\Documents and Settings\Jazzy\Application Data\Malwarebytes
2010-08-02 21:27:36 . 2010-08-02 21:27:36    --------    d-----w-    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-02 21:27:36 . 2010-04-29 13:39:38    38224    ----a-w-    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-02 21:27:35 . 2010-08-02 21:27:39    --------    d-----w-    C:\Program Files\Malwarebytes' Anti-Malware
2010-08-02 21:27:35 . 2010-04-29 13:39:26    20952    ----a-w-    C:\WINDOWS\system32\drivers\mbam.sys
2010-08-02 21:13:57 . 2010-08-02 21:13:58    --------    d-----w-    C:\WINDOWS\system32\Adobe
2010-08-02 18:52:31 . 2010-08-02 18:51:18    77312    ----a-w-    C:\WINDOWS\system32\mbr.exe
2010-07-30 23:34:39 . 2010-07-30 23:34:39    --------    d-s---w-    C:\Documents and Settings\LocalService\UserData
2010-07-28 14:58:24 . 2010-07-28 14:58:24    --------    d-----w-    C:\Documents and Settings\LocalService\Local Settings\Application Data\DVDVideoSoft
2010-07-28 00:40:05 . 2010-07-28 00:40:05    --------    d-----w-    C:\Documents and Settings\Jazzy\Application Data\AVG9
2010-07-27 06:47:47 . 2010-07-27 06:47:47    --------    d-----r-    C:\Documents and Settings\NetworkService\Favorieten
2010-07-27 06:47:43 . 2010-07-27 06:47:44    --------    d-----r-    C:\Documents and Settings\LocalService\Favorieten
2010-07-26 19:57:57 . 2010-07-26 19:57:57    --------    d-----w-    C:\Documents and Settings\Jazzy\Application Data\DVDVideoSoftIEHelpers
2010-07-21 08:00:36 . 2010-07-21 08:00:36    921440    ----a-w-    C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 08:00:36 . 2010-07-21 08:00:36    4368224    ----a-w-    C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-21 08:00:36 . 2010-07-21 08:00:36    1615200    ----a-w-    C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 08:00:36 . 2010-07-21 08:00:36    1373536    ----a-w-    C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-21 08:00:36 . 2010-07-21 08:00:36    1107296    ----a-w-    C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-16 09:56:00 . 2010-07-16 09:56:00    242896    ----a-w-    C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 09:56:00 . 2010-07-16 09:56:00    216200    ----a-w-    C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 09:55:06 . 2010-07-16 09:55:06    12536    ----a-w-    C:\WINDOWS\system32\avgrsstx.dll
2010-07-16 09:51:41 . 2010-07-16 09:51:41    813336    ----a-w-    C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 09:51:41 . 2010-07-16 09:51:41    624920    ----a-w-    C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 09:51:41 . 2010-07-16 09:51:41    1690464    ----a-w-    C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 09:51:41 . 2010-07-16 09:51:41    1038688    ----a-w-    C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-14 06:43:48 . 2010-06-14 14:31:20    744448    -c----w-    C:\WINDOWS\system32\dllcache\helpsvc.exe
2010-07-09 13:24:21 . 2010-08-05 07:46:11    0    ----a-w-    C:\Documents and Settings\Gast\Local Settings\Application Data\prvlcl.dat
2010-07-06 20:47:11 . 2010-07-06 20:47:11    --------    d-----w-    C:\Documents and Settings\Jazzy\Local Settings\Application Data\VT_Software

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 07:46:11 . 2010-03-15 19:20:36    0    ----a-w-    C:\Documents and Settings\Jazzy\Local Settings\Application Data\prvlcl.dat
2010-08-04 22:51:38 . 2010-03-23 17:09:57    1    ----a-w-    C:\Documents and Settings\Jazzy\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-04 22:28:15 . 2010-03-20 14:47:23    --------    d-----w-    C:\Program Files\Warcraft III
2010-08-01 17:18:16 . 2010-06-17 13:40:26    --------    d-----w-    C:\Documents and Settings\Gast\Application Data\Skype
2010-08-01 15:44:05 . 2010-06-17 13:43:44    --------    d-----w-    C:\Documents and Settings\Gast\Application Data\skypePM
2010-07-30 22:04:35 . 2010-04-01 20:33:23    --------    d-----w-    C:\Documents and Settings\Jazzy\Application Data\skypePM
2010-07-30 20:54:35 . 2010-04-01 20:31:31    --------    d-----w-    C:\Documents and Settings\Jazzy\Application Data\Skype
2010-07-26 19:57:56 . 2010-03-25 21:31:36    --------    d-----w-    C:\Program Files\Common Files\DVDVideoSoft
2010-07-26 17:02:23 . 2010-06-15 12:09:49    --------    d-----w-    C:\Documents and Settings\Jazzy\Application Data\PriceGong
2010-07-19 21:15:00 . 2010-03-15 19:36:41    --------    d-----w-    C:\Program Files\Messenger Plus! Live
2010-07-17 14:04:11 . 2010-04-01 15:23:23    --------    d-----w-    C:\Documents and Settings\Jazzy\Application Data\BitTorrent
2010-07-16 09:55:12 . 2010-03-15 18:43:13    243024    ----a-w-    C:\WINDOWS\system32\drivers\avgtdix.sys
2010-07-16 09:52:40 . 2010-03-15 18:43:10    216400    ----a-w-    C:\WINDOWS\system32\drivers\avgldx86.sys
2010-07-09 07:24:31 . 2010-03-15 17:24:32    --------    d-----w-    C:\Documents and Settings\All Users\Application Data\NOS
2010-07-06 05:30:47 . 2010-07-06 05:30:47    --------    d-----w-    C:\Documents and Settings\Gast\Application Data\PC Suite
2010-07-05 15:14:06 . 2010-04-25 18:12:53    --------    d---a-w-    C:\Documents and Settings\All Users\Application Data\TEMP
2010-06-26 19:31:06 . 2010-06-26 19:31:06    --------    d-----w-    C:\Documents and Settings\Gast\Application Data\NCH Swift Sound
2010-06-24 17:56:28 . 2010-03-15 17:24:36    2568656    ----a-w-    C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-06-23 13:34:21 . 2001-09-07 12:00:00    85978    ----a-w-    C:\WINDOWS\system32\perfc013.dat
2010-06-23 13:34:21 . 2001-09-07 12:00:00    498792    ----a-w-    C:\WINDOWS\system32\perfh013.dat
2010-06-21 17:20:36 . 2010-06-21 17:19:37    --------    d-----w-    C:\Program Files\Project64 1.6
2010-06-21 17:19:41 . 2010-06-21 17:19:41    8854    ----a-r-    C:\Documents and Settings\Jazzy\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-06-21 17:19:41 . 2010-06-21 17:19:41    40960    ----a-r-    C:\Documents and Settings\Jazzy\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-06-21 17:19:41 . 2010-06-21 17:19:41    40960    ----a-r-    C:\Documents and Settings\Jazzy\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-06-17 14:08:31 . 2010-06-17 14:08:31    50354    ----a-w-    C:\Documents and Settings\Jazzy\Application Data\Facebook\uninstall.exe
2010-06-17 14:08:31 . 2010-06-17 14:08:30    --------    d-----w-    C:\Documents and Settings\Jazzy\Application Data\Facebook
2010-06-17 13:43:10 . 2010-06-17 13:43:10    --------    d-----w-    C:\Documents and Settings\Gast\Application Data\PriceGong
2010-06-17 13:39:30 . 2010-06-17 13:39:30    19080    ----a-w-    C:\Documents and Settings\Gast\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-17 13:39:29 . 2010-06-17 13:39:29    --------    d-----w-    C:\Documents and Settings\Gast\Application Data\ATI
2010-06-15 12:07:34 . 2010-03-15 00:04:26    --------    d-----w-    C:\Documents and Settings\Jazzy\Application Data\MSN6
2010-06-15 11:35:28 . 2010-03-25 21:31:36    --------    d-----w-    C:\Program Files\DVDVideoSoft
2010-06-14 14:31:20 . 2010-03-14 23:16:12    744448    ----a-w-    C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-09 10:45:12 . 2010-06-09 10:45:12    5591040    ----a-w-    C:\Documents and Settings\Jazzy\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-06 10:17:37 . 2010-06-06 10:17:37    --------    d-----w-    C:\Documents and Settings\Jazzy\Application Data\EPSON
2010-06-03 13:58:59 . 2010-03-15 18:43:09    29584    ----a-w-    C:\WINDOWS\system32\drivers\avgmfx86.sys
.

(((((((((((((((((((((((((((((   SnapShot@2010-08-03_18.44.01   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-05 08:36:23 . 2010-08-05 08:36:23    16384              C:\WINDOWS\Temp\Perflib_Perfdata_794.dat
+ 2010-03-14 23:18:43 . 2010-08-05 08:33:51    32768              C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-14 23:18:43 . 2010-08-03 18:37:47    32768              C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-14 23:18:43 . 2010-08-05 08:33:51    32768              C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2010-03-14 23:18:43 . 2010-08-03 18:37:47    32768              C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2010-03-14 23:18:43 . 2010-08-05 08:33:51    16384              C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2010-03-14 23:18:43 . 2010-08-03 18:37:47    16384              C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "C:\Program Files\DVDVideoSoft\tbDVD1.dll" [2010-06-15 11:35:32 2736736]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-06-15 11:35:32    2736736    ----a-w-    C:\Program Files\DVDVideoSoft\tbDVD1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "C:\Program Files\DVDVideoSoft\tbDVD1.dll" [2010-06-15 11:35:32 2736736]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 15:44:14 3883840]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-24 19:05:14 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="C:\PROGRA~1\AVG\AVG9\avgtray.exe" [2010-07-16 09:55:28 2065760]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 16:11:14 61440]
"NPSStartup"="" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-13 04:53:16 19521056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 17:02:53 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 00:58:38 256280]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TrayMin300.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\TrayMin300.exe.lnk
backup=C:\WINDOWS\pss\TrayMin300.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jazzy^Menu Start^Programma's^Opstarten^OpenOffice.org 3.2.lnk]
path=C:\Documents and Settings\Jazzy\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jazzy^Menu Start^Programma's^Opstarten^Warkeys Update.lnk]
path=C:\Documents and Settings\Jazzy\Menu Start\Programma's\Opstarten\Warkeys Update.lnk
backup=C:\WINDOWS\pss\Warkeys Update.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06:33    976832    ----a-w-    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42:51    36272    ----a-w-    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-03-16 22:03:44    102400    ----a-w-    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
2004-06-09 14:37:02    40960    ----a-w-    C:\WINDOWS\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01:00    180736    ----a-w-    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53:36    421888    ----a-w-    C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21:52    246504    ----a-w-    C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-24 19:05:14    204288    ------w-    C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [15.03.2010 20:43:10 216400]
R1 AvgTdiX;AVG Free Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [15.03.2010 20:43:13 243024]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [16.07.2010 11:52:42 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [16.07.2010 11:54:49 308136]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [16.03.2010 23:38:31 233472]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [16.03.2010 23:38:31 36608]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [16.03.2010 00:01:17 1691480]
S3 PciCon;PciCon;\??\D:\PciCon.sys --> D:\PciCon.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [16.03.2010 23:44:04 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [16.03.2010 23:44:04 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [16.03.2010 23:44:04 121856]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners

2010-07-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34:12 . 2008-07-30 10:34:12]

2010-03-22 C:\WINDOWS\Tasks\mixpadSevenDaysInit.job
- C:\Program Files\NCH Swift Sound\MixPad\mixpad.exe [2010-03-22 21:18:42 . 2010-03-22 21:18:42]

2010-05-16 C:\WINDOWS\Tasks\mixpadShakeIcon.job
- C:\Program Files\NCH Swift Sound\MixPad\mixpad.exe [2010-03-22 21:18:42 . 2010-03-22 21:18:42]

2010-07-30 C:\WINDOWS\Tasks\wavepadShakeIcon.job
- C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-22 21:18:32 . 2010-03-22 21:18:32]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube to Mp3 Converter - C:\Documents and Settings\Jazzy\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - C:\Documents and Settings\Jazzy\Application Data\Mozilla\Firefox\Profiles\dltujjz7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: C:\Documents and Settings\Jazzy\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

__________
Wer Rechtschreibfehler findet, kann sie behalten.
Fan von Swisstreasure!

#22 Genau das wollte ich Wie läuft das System?

#23 Jetzt läuft es wieder wie geschmiert.

Danke dass du dir die Zeit genommen hast mein Problem zu beseitigen
du warst mir ne verdammt große Hilfe
Ich bin dir sehr, sehr dankbar dafür

Liebe Grüße
Ervin
__________
Wer Rechtschreibfehler findet, kann sie behalten.
Fan von Swisstreasure!

#24 Schritt 1

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
• IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.

Schritt 2

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.



• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.