Mebroot v operační paměti a MBR sektor 1. fyzickeho disku

Zpráva

XaToS · #1 Příspěvek od **XaToS** » 23 črc 2010 10:41

Zakladám nové téma, prosím o pomoc.

Můžete mi prosím poradit, zkoušel jsem nabootovat Win7 z DVD a FixMbr a FixBoot, ale nulový výsledek.

#2 Příspěvek od **stell** » 23 črc 2010 10:51

Zdravim
Stiahnes>>RSIT >>logy vloz sem,
Kolko OS-mas nainstalovane?/

bootkit_remover
stiahni na plochu -rozbal na plochu a spust,[win-7]-pravy klik a spust ako administrator.otvori sa ti okno.
klikni pravym tlacitkom mys do cierného okna,zvolit Vybrat vse, stisknout CTRL+C a tu na foru CTRL+V. takto vloz do svojho prispevku log.

XaToS · #3 Příspěvek od **XaToS** » 23 črc 2010 10:58

Only Win 7... čistě naistralovaný

.\debug.cpp(238) : Debug log started at 23.07.2010 - 09:57:12
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x8280a000 0x00410000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x82c1a000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80bc3000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x82e3b000 0x0000b000 "\SystemRoot\system32\mcupdate_AuthenticAMD.dll"
.\debug.cpp(256) : 0x82e46000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x82e57000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x82e5f000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x82ea1000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x82f4c000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x82fbd000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x86a2a000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x86a72000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0x86a7b000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x86a83000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x86aad000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x86ab8000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x86ac9000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x86ad9000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x86b24000 0x00007000 "\SystemRoot\system32\DRIVERS\pciide.sys"
.\debug.cpp(256) : 0x86b2b000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x86b39000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x86b4f000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x86b58000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x86b7b000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x86b84000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x86bb8000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x86c0d000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x86d3c000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x86d67000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x86d7a000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x86dd7000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x86de5000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x86e28000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x86edf000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x86f1d000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x87035000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8717e000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x871af000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x871b8000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x871f7000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x87000000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x86f42000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8702d000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x86f52000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x86f84000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x86f95000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x86e00000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x86e1f000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x86fec000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x86ff3000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x86bc9000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x86dee000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x86c00000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x86bea000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x86bf2000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x86a00000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x86a0b000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x82fcb000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x86a19000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8b400000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8b45a000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8b48c000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x8b493000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8b4b2000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x8b4c3000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8b4d1000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x8b4eb000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x8b4fe000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8b50e000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x8b54f000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x8b559000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x8b563000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x8b56f000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x8b5d3000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x8b5eb000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x82e00000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x82e21000 0x00012000 "\SystemRoot\system32\DRIVERS\amdk8.sys"
.\debug.cpp(256) : 0x82fe2000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x8b81c000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x8b867000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8c200000 0x003fa000 "\SystemRoot\system32\drivers\RTKVAC.SYS"
.\debug.cpp(256) : 0x8b881000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x8b8b0000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x8b8c9000 0x00034000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0x8b8fd000 0x00061000 "\SystemRoot\system32\DRIVERS\netr61.sys"
.\debug.cpp(256) : 0x8b95e000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x8b968000 0x00055000 "\SystemRoot\system32\DRIVERS\nvm62x32.sys"
.\debug.cpp(256) : 0x8c621000 0x00491000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x8cab2000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x8cb69000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x8cba2000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0x8cbad000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x8cbb7000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0x8cbcf000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x8cbe7000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8c600000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8c60d000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x8b9bd000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x8b9cf000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x8cbf4000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x91011000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x91033000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x9104b000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x91062000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x91079000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x91083000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x91085000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x91093000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x910d7000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x91e90000 0x0024a000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x910e8000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x910f2000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x920f0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x92120000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x910fd000 0x00040000 "\SystemRoot\system32\DRIVERS\udfs.sys"
.\debug.cpp(256) : 0x9113d000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0x91148000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x9114a000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x91161000 0x00009000 "\SystemRoot\system32\DRIVERS\LVUSBSta.sys"
.\debug.cpp(256) : 0x8be2c000 0x00272000 "\SystemRoot\system32\DRIVERS\LV302V32.SYS"
.\debug.cpp(256) : 0x8c09e000 0x00014000 "\SystemRoot\system32\drivers\usbaudio.sys"
.\debug.cpp(256) : 0x8c0b2000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x8c0bf000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x8c0ca000 0x00009000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x8c0d3000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x8c0e4000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x8c0ff000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x8c119000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x8c129000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x8c16f000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x8c17f000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x9116a000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x8c192000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x8c1ab000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x8c1bd000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x94030000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x9406b000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x94086000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
.\debug.cpp(256) : 0x9408d000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x94124000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x9412e000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x9414f000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x9415c000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x941ab000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x77830000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x47980000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77a70000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00f90000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x77a20000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x76be0000 0x00c49000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x779c0000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x76a80000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x77970000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x76880000 0x001f9000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x76850000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x767d0000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x76720000 0x000a1000 "\Windows\System32\rpcrt4.dll"
.\debug.cpp(256) : 0x76710000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x76640000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x765e0000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x76530000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x76490000 0x000a0000 "\Windows\System32\advapi32.dll"
.\debug.cpp(256) : 0x76480000 0x00006000 "\Windows\System32\nsi.dll"
.\debug.cpp(256) : 0x76470000 0x00005000 "\Windows\System32\psapi.dll"
.\debug.cpp(256) : 0x762d0000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x761d0000 0x000f4000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x761b0000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x76070000 0x00135000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x75fe0000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x75f40000 0x0009d000 "\Windows\System32\usp10.dll"
.\debug.cpp(256) : 0x75f30000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x75ee0000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x75ec0000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x75e30000 0x00083000 "\Windows\System32\clbcatq.dll"
.\debug.cpp(256) : 0x75d50000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(256) : 0x75c80000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x75c50000 0x0002d000 "\Windows\System32\wintrust.dll"
.\debug.cpp(256) : 0x75c20000 0x00027000 "\Windows\System32\cfgmgr32.dll"
.\debug.cpp(256) : 0x75c00000 0x00012000 "\Windows\System32\devobj.dll"
.\debug.cpp(256) : 0x75bb0000 0x0004a000 "\Windows\System32\KernelBase.dll"
.\debug.cpp(256) : 0x75a90000 0x0011c000 "\Windows\System32\crypt32.dll"
.\debug.cpp(256) : 0x75a00000 0x00084000 "\Windows\System32\comctl32.dll"
.\debug.cpp(256) : 0x759f0000 0x0000c000 "\Windows\System32\msasn1.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination="\Device\AgileVPN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1ca22904&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{06aeab4e-93f0-11df-b03e-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&2e2bdba3&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination="\Device\ProcessManagement"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) : Destination="\Device\NDMP6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_005B&SUBSYS_71251462&REV_A3#3&2411e6fe&1&11#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination="\Device\ParallelVdm0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination="\Device\Video5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0FE83E7F-2B10-4FB1-AF76-741B99B00A10}"
.\debug.cpp(400) : Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0ae62eff-963a-11df-a293-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{06aeab52-93f0-11df-b03e-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination="\Device\TeredoTun"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_75851462&REV_A2#3&2411e6fe&1&20#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{19D79084-1473-4A36-8C30-6D81056915B5}"
.\debug.cpp(400) : Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{30EA78B2-E2D4-4934-9E22-CAB364C4F159}"
.\debug.cpp(400) : Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination="\Device\SPDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&362239fd&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde2Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination="\Device\PEAuth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST380215A_______________________________3.AAC___#5&1d4dd9f6&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) : Destination="\Device\vwififlt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_08DA&MI_00#6&384ef336&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000063"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#3&2411e6fe&1#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000005a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#Default_Monitor#5&28d2ab91&0&UID268435456#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination="\Device\00000060"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#3&2411e6fe&1#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination="\Device\00000059"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0057&SUBSYS_71251462&REV_A3#3&2411e6fe&1&50#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{06aeab53-93f0-11df-b03e-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_03F0&PID_1504#HU16R6R064BI#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) : Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&ded7187&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde1Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LogiUSBSta"
.\debug.cpp(400) : Destination="\Device\LogiUSBSta"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_75851462&REV_A2#3&2411e6fe&1&20#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DR1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination="\Device\IPSECDOSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_03F0&PID_1504#HU16R6R064BI#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_005A&SUBSYS_71251462&REV_A2#3&2411e6fe&1&10#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&ded7187&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde1Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_08DA&MI_00#6&384ef336&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000063"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_08DA#5&19124716&0&8#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{06aeab4f-93f0-11df-b03e-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{06aeab4e-93f0-11df-b03e-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-4167B_______________DL10____#5&30078a9b&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination="\Device\nativewifip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) : Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1814&DEV_0301&SUBSYS_25611814&REV_00#4&22a608f1&0&4048#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1ca22904&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_5E4B&SUBSYS_0530174B&REV_00#4&1501045f&0&0070#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_08DA&MI_01#6&384ef336&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000064"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) : Destination="\Device\NDMP7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0057&SUBSYS_71251462&REV_A3#3&2411e6fe&1&50#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk1Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_5E4B&SUBSYS_0530174B&REV_00#4&1501045f&0&0070#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) : Destination="\Device\WwanProt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&2411e6fe&1#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000005b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2a5a399&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_75851462&REV_A2#3&2411e6fe&1&20#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#Default_Monitor#5&28d2ab91&0&UID268435456#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination="\Device\00000060"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination="\Device\WANARPV6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000065"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskMaxtor_2B020H1__________________________WAH21PB0#5&1d4dd9f6&0&1.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T1L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0059&SUBSYS_75851462&REV_A2#3&2411e6fe&1&20#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_08DA&MI_00#6&384ef336&0&0000#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"
.\debug.cpp(400) : Destination="\Device\00000063"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination="\Device\NDMP8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-4167B_______________DL10____#5&30078a9b&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_08DA&MI_01#6&384ef336&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000064"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1814&DEV_0301&SUBSYS_25611814&REV_00#4&22a608f1&0&4048#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_31_-_AMD_Athlon(tm)_64_Processor_3000+#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{fcddfe21-9631-11df-b62a-001109dce6b1}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1814&DEV_0301&SUBSYS_25611814&REV_00#4&22a608f1&0&4048#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) : Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&362239fd&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde2Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&19676a84&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F46C2264-7B63-455C-8300-2C9AF9098911}"
.\debug.cpp(400) : Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5858229F-1EC9-46C0-8463-AFC95E51056F}"
.\debug.cpp(400) : Destination="\Device\NDMP3"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
.\boot_cleaner.cpp(424) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;

XaToS · #4 Příspěvek od **XaToS** » 23 črc 2010 10:59

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kancelar at 2010-07-23 11:56:24
Microsoft Windows 7 Ultimate
System drive C: has 56 GB (73%) free of 76 GB
Total RAM: 1024 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:34, on 23.7.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\system32\taskhost.exe
C:\Users\Kancelar\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Kancelar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

--
End of file - 3501 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-23 11:56:25 ----D---- C:\Program Files\trend micro
2010-07-23 11:56:24 ----D---- C:\rsit
2010-07-23 11:51:58 ----D---- C:\Users\Kancelar\AppData\Roaming\Media Player Classic
2010-07-20 21:27:11 ----D---- C:\Windows\Minidump
2010-07-20 21:02:08 ----A---- C:\Windows\system32\MRT.exe
2010-07-20 19:52:31 ----A---- C:\Windows\ntbtlog.txt
2010-07-20 19:37:56 ----N---- C:\Windows\system32\MpSigStub.exe
2010-07-20 19:26:39 ----D---- C:\Users\Kancelar\AppData\Roaming\ESET
2010-07-20 19:24:00 ----D---- C:\Users\Kancelar\AppData\Roaming\Macromedia
2010-07-20 19:23:54 ----D---- C:\Windows\system32\Macromed
2010-07-20 19:21:03 ----D---- C:\Poker
2010-07-20 19:17:33 ----D---- C:\Program Files\Common Files\logishrd
2010-07-20 19:13:48 ----A---- C:\Windows\system32\RaCoInst.dll
2010-07-20 19:13:48 ----A---- C:\Windows\system32\drivers\netr61.sys
2010-07-20 19:13:47 ----D---- C:\ProgramData\Ovislink Driver
2010-07-20 19:13:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-20 19:13:21 ----D---- C:\Users\Kancelar\AppData\Roaming\InstallShield
2010-07-20 19:13:13 ----D---- C:\Users\Kancelar\AppData\Roaming\WinRAR
2010-07-20 19:11:16 ----A---- C:\Windows\system32\msonpmon.dll
2010-07-20 19:09:20 ----D---- C:\Program Files\Microsoft Works
2010-07-20 19:08:52 ----D---- C:\Program Files\Microsoft Visual Studio
2010-07-20 19:08:52 ----D---- C:\Program Files\Common Files\DESIGNER
2010-07-20 19:08:12 ----D---- C:\Windows\PCHEALTH
2010-07-20 19:08:12 ----D---- C:\Program Files\Microsoft.NET
2010-07-20 19:06:03 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-07-20 19:05:20 ----D---- C:\Program Files\Microsoft Office
2010-07-20 19:05:19 ----D---- C:\ProgramData\Microsoft Help
2010-07-20 19:04:36 ----RHD---- C:\MSOCache
2010-07-20 14:14:17 ----D---- C:\Windows\Panther
2010-07-20 13:58:32 ----D---- C:\Program Files\WinRAR
2010-07-20 13:58:11 ----A---- C:\Windows\system32\unrar.dll
2010-07-20 13:58:10 ----A---- C:\Windows\avisplitter.ini
2010-07-20 13:58:09 ----A---- C:\Windows\system32\yv12vfw.dll
2010-07-20 13:58:09 ----A---- C:\Windows\system32\xvidvfw.dll
2010-07-20 13:58:09 ----A---- C:\Windows\system32\xvidcore.dll
2010-07-20 13:58:09 ----A---- C:\Windows\system32\dpl100.dll
2010-07-20 13:58:08 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-07-20 13:58:08 ----A---- C:\Windows\system32\ff_vfw.dll
2010-07-20 13:58:08 ----A---- C:\Windows\system32\divx.dll
2010-07-20 13:58:05 ----D---- C:\Program Files\K-Lite Codec Pack
2010-07-20 13:56:51 ----D---- C:\Users\Kancelar\AppData\Roaming\Adobe
2010-07-20 13:56:27 ----D---- C:\ProgramData\Adobe
2010-07-20 13:56:19 ----D---- C:\Program Files\Common Files\Adobe
2010-07-20 13:56:19 ----D---- C:\Program Files\Adobe
2010-07-20 13:47:37 ----SHD---- C:\Windows\Installer
2010-07-20 13:47:37 ----D---- C:\Program Files\ATI
2010-07-20 13:47:13 ----D---- C:\Program Files\ATI Technologies
2010-07-20 13:46:32 ----D---- C:\ATI
2010-07-20 13:28:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-20 13:23:11 ----D---- C:\Users\Kancelar\AppData\Roaming\Identities
2010-07-20 13:22:27 ----SD---- C:\Users\Kancelar\AppData\Roaming\Microsoft
2010-07-20 13:22:27 ----D---- C:\Users\Kancelar\AppData\Roaming\Media Center Programs
2010-07-20 13:22:15 ----SHD---- C:\Recovery
2010-07-20 13:22:15 ----SHD---- C:\ProgramData\Šablony
2010-07-20 13:22:15 ----SHD---- C:\ProgramData\Plocha
2010-07-20 13:22:15 ----SHD---- C:\ProgramData\Oblíbené položky
2010-07-20 13:22:15 ----SHD---- C:\ProgramData\Nabídka Start
2010-07-20 13:22:15 ----SHD---- C:\ProgramData\Dokumenty
2010-07-20 13:22:15 ----SHD---- C:\ProgramData\Data aplikací
2010-07-20 13:18:35 ----D---- C:\Windows\SoftwareDistribution
2010-07-20 13:15:14 ----D---- C:\Windows\Prefetch
2010-07-20 13:15:05 ----ASH---- C:\pagefile.sys
2010-07-20 13:15:04 ----SHD---- C:\System Volume Information
2010-07-20 13:15:04 ----ASH---- C:\hiberfil.sys
2010-07-20 12:47:41 ----D---- C:\UCTO2008
2010-07-20 12:47:33 ----D---- C:\UCTO2007
2010-07-20 12:47:25 ----D---- C:\UCTO2006
2010-07-20 12:47:16 ----D---- C:\UCTO2005
2010-07-20 12:47:08 ----D---- C:\UCTO2004
2010-07-20 12:46:56 ----D---- C:\UCTO2003
2010-07-20 12:46:49 ----D---- C:\UCTO2002
2010-07-20 12:46:40 ----D---- C:\UCTO2001
2010-07-20 12:46:32 ----D---- C:\UCTO2000
2010-07-20 12:46:23 ----D---- C:\UCTO99
2010-07-20 12:46:11 ----D---- C:\KBcertifikat

======List of files/folders modified in the last 1 months======

2010-07-23 11:56:25 ----RD---- C:\Program Files
2010-07-23 11:54:28 ----D---- C:\Windows\Temp
2010-07-23 11:53:05 ----HD---- C:\ProgramData
2010-07-23 11:52:59 ----D---- C:\Windows\system32\drivers
2010-07-23 11:52:58 ----D---- C:\Windows\system32\DriverStore
2010-07-23 11:52:58 ----D---- C:\Windows\system32\catroot
2010-07-23 11:52:57 ----D---- C:\Windows\inf
2010-07-23 11:14:41 ----D---- C:\Windows\System32
2010-07-23 10:59:00 ----D---- C:\Windows\system32\config
2010-07-23 10:25:54 ----SD---- C:\ProgramData\Microsoft
2010-07-20 22:56:46 ----D---- C:\Windows\system32\LogFiles
2010-07-20 21:43:14 ----D---- C:\Windows\winsxs
2010-07-20 21:27:11 ----D---- C:\Windows
2010-07-20 21:26:07 ----D---- C:\Windows\system32\cs-CZ
2010-07-20 21:26:07 ----D---- C:\Windows\AppPatch
2010-07-20 21:07:19 ----D---- C:\Windows\system32\catroot2
2010-07-20 21:06:32 ----D---- C:\Windows\Microsoft.NET
2010-07-20 21:06:28 ----RSD---- C:\Windows\assembly
2010-07-20 21:02:09 ----D---- C:\Windows\debug
2010-07-20 19:48:02 ----D---- C:\Windows\Logs
2010-07-20 19:23:56 ----D---- C:\Windows\Downloaded Program Files
2010-07-20 19:17:33 ----D---- C:\Windows\twain_32
2010-07-20 19:17:33 ----D---- C:\Program Files\Common Files
2010-07-20 19:09:15 ----D---- C:\Program Files\Common Files\microsoft shared
2010-07-20 19:09:09 ----D---- C:\Program Files\MSBuild
2010-07-20 19:08:49 ----D---- C:\Windows\ShellNew
2010-07-20 19:08:30 ----RSD---- C:\Windows\Fonts
2010-07-20 19:05:44 ----A---- C:\Windows\win.ini
2010-07-20 19:05:43 ----D---- C:\Program Files\Common Files\System
2010-07-20 19:00:31 ----D---- C:\Windows\system32\drivers\UMDF
2010-07-20 13:55:13 ----D---- C:\Windows\system32\wdi
2010-07-20 13:48:24 ----D---- C:\Windows\system32\restore
2010-07-20 13:36:07 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-20 13:27:40 ----D---- C:\Windows\system32\wbem
2010-07-20 13:24:18 ----D---- C:\Windows\rescache
2010-07-20 13:22:59 ----SHD---- C:\$Recycle.Bin
2010-07-20 13:22:26 ----RD---- C:\Users
2010-07-20 13:22:15 ----D---- C:\Program Files\Windows NT
2010-07-20 13:18:28 ----D---- C:\Windows\system32\sysprep
2010-07-20 13:15:59 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 4450816]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBSta.sys [2008-07-26 41752]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
R3 rt61x86;RT61 Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr61.sys [2009-12-31 370688]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 733184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

XaToS · #5 Příspěvek od **XaToS** » 23 črc 2010 11:06

Je to správně?

#6 Příspěvek od **stell** » 23 črc 2010 11:13

Takze mas tam 1-disk c:\ 60GB??nerozdeleny?/este prosim vloz sem screenshot z diskmanagment.

XaToS · #7 Příspěvek od **XaToS** » 23 črc 2010 11:16

Mám 2 disky, nerozdelene, C: system, D: zaloha

#8 Příspěvek od **stell** » 23 črc 2010 11:26

MBR sektor 1. fyzickeho disk
Takto-Mebrota mas na disku D:\zaloha
takze bootkit remover to nezaznamenal,takze ,bud to skusime opravit,alebo formatujes,a odstranis aj particiu..no ,,,ako ty chces,

XaToS · #9 Příspěvek od **XaToS** » 23 črc 2010 11:29

Ahá, ok, já ten disk formatoval dnes rano, a ty soubory, to je vlastne zaloha C:, protoze jsem cetl, ze nez se zacnu prat s haveti, mam zalohovat.. Ok, jak mam disk naformatovat, aby mebroot zmizel?

#10 Příspěvek od **stell** » 23 črc 2010 11:39

takto,skus to cez diskmngmt,[pravy klik],neviem ako je vo win-7-ale,popozeram sa na nete.
Ale treba odstranit aj particie,,ale ak mas tam len zalohu tak ,mozeme to skusit opravit,,ak si za,

XaToS · #11 Příspěvek od **XaToS** » 23 črc 2010 11:42

No tak jde o to, že to muzu naformatovat i s tim partici a disk bude cisty a zalohu z C: mam behem 5 min opet nahranou... Toto odstrani Mebroot z toho disku ze, ale pak stejne potrebuji odstranit z te operacni pameti, to bude asi horsi, hmm? Takze kdyz mi poradis jak na ten format, nebo jestli je rychlejsi to zkusit si stim nejak pohrat, zalezi na tobe, ty vis co je lepsi a rychlejsi

#12 Příspěvek od **stell** » 23 črc 2010 11:59

Takto,,Mebroot v operacnej pamati je infikovany MBR-sector disku D:
takze skus nabootovat na inst DVD-prikazovy riadok a zadaj prikaz
bootrec /fixmbr \device\harddisk1
no uvidime ci tento prikaz bude fungovat,vo win 7

XaToS · #13 Příspěvek od **XaToS** » 23 črc 2010 12:16

Tak tento prikaz nejede

XaToS · #14 Příspěvek od **XaToS** » 23 črc 2010 12:17

Kdyz ten disk vyndam z PC, bouchnu do nej kladivem a uz ho nevratim, nebude problem vyresen?? Je to stara 20GB, ma doslouzino, tak si myslim, ze by to nebylo na skodu...

#15 Příspěvek od **stell** » 23 črc 2010 12:21

ja mam podobne ako ty,,ale xp-no davno som odstranoval particie,,robil som to takto.
boot na recovery konzole-prikaz diskpart-odstranil som particiu D:-tlacitko d-a hned som vytvoril particiu novu, klaves C-potom uz len format a hotovo,,no skoda ze nemam win 7 aby som to odskusal,,ale podla mna na win 7 by si to mal zvladnut cez prikazovy riadok,alebo cez diskmgmt.msc-pravy klik na D:,,
takto ak sa ti to podari aj tak musime spustit combofix,,ale vidim ti tam program UCTO-a toto combofix odrovna preto zazalohuj UCTO-ak to budes mat tak napis.

VIRY.CZ

Mebroot v operační paměti a MBR sektor 1. fyzickeho disku

Mebroot v operační paměti a MBR sektor 1. fyzickeho disku

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk

Re: Mebroot v operační paměti a MBR sektor 1. fyzickeho disk