VIRY.CZ

Muzete mi prosim nekdo poradit? Nedari se mi spustit system WinXP. Ve chvili kdy ma "naskocit" samotne nacitani systemu, se mi to zastavi na cerne obrazovce. Kdyz zkusim nouzovy rezim, tak se nacitani souboru zastavi u nuobqak.sys a dale se nic nedeje. Zkusil jsem system opravit pomoci instalacniho CD, ale po dokonceni kopirovani souboru nenastala zadna zmena. Je nejaka jina moznost, ktera by se dala jeste zkusit? Predem diky...

LOG (druhy PC) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:38, on 4. 8. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Trans] C:\Program Files\Trans\trans.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [system_tray] shutdown -r -f -t 0
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Služba Google Update (gupdate1caf07255dc939c) (gupdate1caf07255dc939c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: rpcnetp - Unknown owner - C:\WINDOWS\System32\rpcnetp.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 9519 bytes

Zdravim
prosim vloz sem
Stiahnes>>RSIT >>logy vloz sem,

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-08-04 18:30:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 120 GB (81%) free of 147 GB
Total RAM: 1022 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:30:12, on 4. 8. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ComboFix23459C\CF11286.cfxxe
C:\ComboFix23459C\mbr.cfxxe
C:\WINDOWS\explorer.exe
F:\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Trans] C:\Program Files\Trans\trans.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [system_tray] shutdown -r -f -t 0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Služba Google Update (gupdate1caf07255dc939c) (gupdate1caf07255dc939c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: rpcnetp - Unknown owner - C:\WINDOWS\System32\rpcnetp.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 9383 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{752B43E6-B86D-40EC-A2D7-1CADB49EE03A}.job
C:\WINDOWS\tasks\Vyčištění disku.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-30 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-01-25 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-19 774233]
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2007-03-02 933888]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-03-21 7585792]
"nwiz"=nwiz.exe /install []
"TPWAUDAP"=C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [2006-09-06 54824]
"PMHandler"=C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe [2007-03-16 31840]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-08-30 89542]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-30 149280]
"Lexmark X6100 Series"=C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe [2003-09-23 57344]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Trans"=C:\Program Files\Trans\trans.exe [2010-06-22 2896824]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2009-09-18 2412032]
"system_tray"=shutdown -r -f -t 0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2006-07-12 1397760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ATFUS]
C:\WINDOWS\system32\FpWinLogonNp.dll [2007-02-27 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2007-12-14 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\WINDOWS\system32\LMabcoms.exe"="C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-08-04 18:30:09 ----D---- C:\rsit
2010-08-04 18:29:25 ----D---- C:\WINDOWS\temp
2010-08-04 18:29:23 ----A---- C:\ComboFix.txt
2010-08-04 18:24:20 ----A---- C:\Boot.bak
2010-08-04 18:24:14 ----RASHD---- C:\cmdcons
2010-08-04 18:23:22 ----D---- C:\ComboFix23459C
2010-08-04 18:15:39 ----D---- C:\WINDOWS\CSC
2010-08-04 18:08:31 ----A---- C:\WINDOWS\zip.exe
2010-08-04 18:08:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-04 18:08:31 ----A---- C:\WINDOWS\SWSC.exe
2010-08-04 18:08:31 ----A---- C:\WINDOWS\SWREG.exe
2010-08-04 18:08:31 ----A---- C:\WINDOWS\sed.exe
2010-08-04 18:08:31 ----A---- C:\WINDOWS\PEV.exe
2010-08-04 18:08:31 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-04 18:08:31 ----A---- C:\WINDOWS\MBR.exe
2010-08-04 18:08:31 ----A---- C:\WINDOWS\grep.exe
2010-08-04 18:08:26 ----D---- C:\WINDOWS\ERDNT
2010-08-04 18:08:26 ----D---- C:\ComboFix2
2010-08-04 18:07:32 ----D---- C:\Qoobox
2010-08-04 17:59:38 ----D---- C:\Documents and Settings\Administrator.LENOVO3000N200\Data aplikací\Malwarebytes
2010-08-04 17:59:30 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-04 17:59:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-04 17:59:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-08-04 17:59:29 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-04 17:29:27 ----SH---- C:\WINDOWS\S3646007D.tmp
2010-08-04 17:23:53 ----D---- C:\WINDOWS\ERUNT
2010-08-04 17:23:18 ----D---- C:\SDFix
2010-08-04 17:19:58 ----D---- C:\WINDOWS\rundll16.exe
2010-08-04 17:19:58 ----AD---- C:\WINDOWS\logo1_.exe
2010-08-04 17:03:20 ----D---- C:\WINDOWS\RUNDL132.EXE
2010-08-04 17:03:20 ----AD---- C:\WINDOWS\VDLL.DLL
2010-08-04 17:03:20 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-08-04 17:03:20 ----AD---- C:\WINDOWS\logo_1.exe
2010-08-04 16:55:51 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-08-04 16:55:50 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-08-04 16:55:49 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-08-04 16:55:47 ----A---- C:\WINDOWS\system32\T.COM
2010-08-04 16:55:47 ----A---- C:\WINDOWS\R.COM
2010-08-04 16:55:44 ----D---- C:\Program Files\Common Files\MicroWorld
2010-08-04 16:55:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-08-04 16:28:23 ----D---- C:\Program Files\Trend Micro
2010-08-04 08:32:26 ----ASH---- C:\Documents and Settings\Administrator.LENOVO3000N200\Data aplikací\desktop.ini
2010-08-04 08:32:25 ----SD---- C:\Documents and Settings\Administrator.LENOVO3000N200\Data aplikací\Microsoft
2010-08-04 08:26:57 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-03 14:57:37 ----A---- C:\WINDOWS\system32\rpcnetp.dll
2010-08-03 14:56:47 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2010-08-03 08:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 22:01:54 ----D---- C:\Program Files\GRETECH
2010-08-02 21:20:31 ----D---- C:\found.001
2010-08-02 21:16:43 ----A---- C:\WINDOWS\system32\unrar.dll
2010-08-02 21:16:42 ----A---- C:\WINDOWS\avisplitter.ini
2010-08-02 21:16:41 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-08-02 21:16:40 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-08-02 21:16:40 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-08-02 21:16:40 ----A---- C:\WINDOWS\system32\dpl100.dll
2010-08-02 21:16:40 ----A---- C:\WINDOWS\system32\divx.dll
2010-08-02 21:16:39 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-08-02 21:16:39 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-08-02 21:16:35 ----D---- C:\Program Files\K-Lite Codec Pack
2010-07-22 18:56:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Vodafone
2010-07-22 18:56:27 ----D---- C:\Program Files\Vodafone
2010-07-15 12:38:00 ----D---- C:\Program Files\Trans
2010-07-15 12:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

======List of files/folders modified in the last 1 months======

2010-08-04 18:29:25 ----D---- C:\WINDOWS
2010-08-04 18:28:39 ----A---- C:\WINDOWS\system.ini
2010-08-04 18:27:38 ----D---- C:\WINDOWS\system32\drivers
2010-08-04 18:27:12 ----D---- C:\WINDOWS\system32
2010-08-04 18:27:11 ----D---- C:\WINDOWS\AppPatch
2010-08-04 18:27:10 ----D---- C:\Program Files\Common Files
2010-08-04 18:25:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-04 18:24:20 ----RASH---- C:\boot.ini
2010-08-04 18:15:35 ----D---- C:\WINDOWS\Minidump
2010-08-04 18:14:13 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-04 18:13:35 ----RD---- C:\Program Files\Skype
2010-08-04 17:59:29 ----RD---- C:\Program Files
2010-08-04 17:56:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-04 17:30:41 ----D---- C:\WINDOWS\Prefetch
2010-08-04 08:32:24 ----D---- C:\Documents and Settings
2010-08-04 08:30:52 ----HD---- C:\WINDOWS\inf
2010-08-03 14:21:25 ----A---- C:\WINDOWS\system32\agremove.exe
2010-08-03 11:02:37 ----D---- C:\Program Files\Mozilla Firefox
2010-08-03 08:01:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-03 07:41:47 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-02 21:16:35 ----SHD---- C:\WINDOWS\Installer
2010-08-02 21:16:35 ----D---- C:\Config.Msi
2010-08-02 21:16:34 ----D---- C:\WINDOWS\WinSxS
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-15 12:02:21 ----A---- C:\WINDOWS\imsins.BAK
2010-07-15 10:06:05 ----A---- C:\WINDOWS\lexstat.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 ElbyVCD;ElbyVCD; C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 22016]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2009-05-14 277784]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]
R1 PMHler;PMHler; C:\WINDOWS\system32\drivers\PMHler.sys [2006-05-24 10240]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1.LEN\LOCALS~1\Temp\catchme.sys []
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys [2009-06-19 10496]
R3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-19 193088]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-03-25 21393]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
S2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-03-29 12416]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-08-30 1161152]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-10-30 329901]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-30 30459]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-13 862922]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-30 149123]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-10-30 67672]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\DOCUME~1\ADMINI~1.LEN\LOCALS~1\Temp\EverestDriver.sys []
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [2009-07-23 112640]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-07-23 102528]
S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys [2009-07-23 100480]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
S3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys [2009-06-19 12032]
S3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys [2009-06-19 12928]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1.LEN\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-10-10 9216]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-10-10 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-10-10 138240]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-10-10 12800]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-03-21 3684512]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [2006-11-11 266295]
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-04-16 647168]
S2 FingerprintServer;Fingerprint Server; C:\WINDOWS\system32\FpLogonServ.exe [2007-01-19 61440]
S2 FNF5SVC;Fn+F5 Service; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832]
S2 gupdate1caf07255dc939c;Služba Google Update (gupdate1caf07255dc939c); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10 133104]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-30 153376]
S2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-09-23 303104]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-03-21 143426]
S2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2007-03-16 57344]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-04-16 327680]
S2 rpcnetp;rpcnetp; C:\WINDOWS\System32\rpcnetp.exe [2010-08-04 17408]
S2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-04-16 983040]
S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
S2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 lmab_device;lmab_device; C:\WINDOWS\system32\LMabcoms.exe [2005-06-14 491520]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

hm,ako vidim spustal si vsetko mozne,MWAV,Combofix,Malwarebytes,,no dobre

Odinstaluj programy:
C:\PROGRA~1\SPYBOT
C:\Program Files\ICQ6Toolbar
\Program Files\Trans\trans.exe
co sa nebude dat nechaj tak,

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
odstrani aj combofix.

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

stiahnes na plochu spustis.
http://download.bleepingcomputer.com/grinler/rkill.com.

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)

- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

ComboFix 10-08-03.04 - Administrator . 08. 2010 19:07:01.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.768 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator.LENOVO3000N200\Plocha\ComboFix2.exe
AV: avast! antivirus 4.8.1368 [VPS 100803-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-04 do 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-04 16:23 . 2010-08-04 16:29 -------- d-----w- C:\ComboFix23459C
2010-08-04 16:21 . 2010-08-04 16:21 -------- d-sh--w- c:\documents and settings\Administrator.LENOVO3000N200\PrivacIE
2010-08-04 16:08 . 2010-08-04 16:14 -------- d-----w- C:\ComboFix2
2010-08-04 15:59 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 15:59 . 2010-08-04 16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 15:59 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 15:23 . 2010-08-04 15:23 -------- d-----w- c:\windows\ERUNT
2010-08-04 15:23 . 2010-08-04 15:35 -------- d-----w- C:\SDFix
2010-08-04 15:03 . 2010-08-04 15:03 5153350 ----a-w- c:\windows\REGBK00.ZIP
2010-08-04 14:28 . 2010-08-04 16:58 -------- d-----w- c:\program files\Trend Micro
2010-08-04 06:27 . 2010-08-04 06:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-03 12:57 . 2010-08-04 16:49 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-08-03 12:56 . 2010-08-04 16:57 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-03 09:30 . 2010-08-03 09:30 156 ----a-w- c:\windows\z.reg
2010-08-02 20:01 . 2010-08-02 20:01 -------- d-----w- c:\program files\GRETECH
2010-08-02 19:20 . 2010-08-02 19:20 -------- d-----w- C:\found.001
2010-08-02 19:16 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-02 19:16 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-02 19:16 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-08-02 19:16 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-02 19:16 . 2010-03-10 19:29 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-08-02 19:16 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\divx.dll
2010-08-02 19:16 . 2010-07-14 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-02 19:16 . 2010-08-02 19:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-22 16:56 . 2010-07-22 16:56 -------- d-----w- c:\program files\Vodafone
2010-07-15 10:38 . 2010-07-15 11:00 -------- d-----w- c:\program files\Trans

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 16:13 . 2008-03-29 16:12 -------- d-----r- c:\program files\Skype
2010-08-04 16:06 . 2008-04-01 10:52 441282 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-08-04 15:29 . 2010-08-04 15:29 0 --sh--w- c:\windows\S3646007D.tmp
2010-08-03 12:21 . 2009-07-17 09:45 44544 ----a-w- c:\windows\system32\agremove.exe
2010-07-02 15:49 . 2009-10-26 16:41 -------- d-----w- c:\program files\ICQ6.5
2010-06-30 07:01 . 2006-03-02 11:00 78250 ----a-w- c:\windows\system32\perfc005.dat
2010-06-30 07:01 . 2006-03-02 11:00 429262 ----a-w- c:\windows\system32\perfh005.dat
2010-06-14 14:31 . 2008-03-25 12:35 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-10 18:57 . 2010-05-10 18:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2004-10-01 14:00 . 2008-03-26 07:43 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2009-05-14 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"system_tray"="shutdown -r -f -t 0" [X]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-21 7585792]
"nwiz"="nwiz.exe" [2007-03-21 1622016]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-03-16 31840]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-30 149280]
"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Trans"="c:\program files\Trans\trans.exe" [2010-06-22 2896824]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-02-27 16:26 131072 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 15:36 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
2002-11-02 06:33 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-07-12 09:58 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [13. 1. 2009 13:40 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [13. 1. 2009 13:40 5248]
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28. 11. 2002 12:43 22016]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26. 4. 2007 11:21 302000]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24. 5. 2006 12:48 10240]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [19. 6. 2009 13:59 10496]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5. 10. 2008 13:37 114768]
S1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26. 4. 2007 11:21 72624]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5. 10. 2008 13:37 20560]
S2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [19. 1. 2007 16:16 61440]
S2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [9. 4. 2007 11:24 54832]
S2 gupdate1caf07255dc939c;Služba Google Update (gupdate1caf07255dc939c);c:\program files\Google\Update\GoogleUpdate.exe [10. 5. 2010 20:55 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26. 10. 2009 18:43 222456]
S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [3. 8. 2010 14:56 17408]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26. 4. 2007 11:21 1234480]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18. 9. 2009 17:48 9216]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\ADMINI~1.LEN\LOCALS~1\Temp\EverestDriver.sys --> c:\docume~1\ADMINI~1.LEN\LOCALS~1\Temp\EverestDriver.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [27. 4. 2010 19:05 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [29. 4. 2010 18:00 100480]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [19. 6. 2009 13:59 12032]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [19. 6. 2009 13:59 12928]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4. 8. 2010 17:59 38224]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 18:55]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 18:55]

2010-08-04 c:\windows\Tasks\User_Feed_Synchronization-{752B43E6-B86D-40EC-A2D7-1CADB49EE03A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-08-02 c:\windows\Tasks\Vyčištění disku.job
- c:\windows\system32\cleanmgr.exe [2008-04-14 14:00]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 19:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Celkový čas: 2010-08-04 19:11:00
ComboFix-quarantined-files.txt 2010-08-04 17:10

Před spuštěním: Volných bajtů: 129 535 787 008
Po spuštění: Volných bajtů: 129 498 177 536

- - End Of File - - 76F1CD8E0AB872CBCFDD3691DE7E19C0

ok
otestuj na www.virustotal.com
c:\windows\system32\rpcnetp.dll
c:\windows\system32\rpcnetp.exe
c:\program files\Trans\trans.exe
klik-prochazet-najdes subor-odosles-link z testu vloz sem
a posielas dalsi subor.atd,

http://www.virustotal.com/cs/analisis/3 ... 1280943550

http://www.virustotal.com/cs/analisis/2 ... 1280943613

http://www.virustotal.com/cs/analisis/0 ... 1280943658

pravy klik na plochu-nova-zlozka-pomenuj-SWReg
stiahni a vloz do zlozky-SWREG-
SWReg

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

@echo off
swreg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s >>log.txt
Notepad log.txt

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:swreg.bat
Typ súboru tak tam vyberies *všetky súbory
A ulož ho tiez do zlozky swreg
otvor zlozku a spust subor swreg.bat-log vloz sem.
bootkit_remover
stiahni na plochu -rozbal na plochu a spust,program bleskove prebehne-stlac klaves okno sa ti zatvori-na ploche sa vytvori log-obsach vloz sem.

.\debug.cpp(238) : Debug log started at 04.08.2010 - 19:00:27
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00228000 "\WINDOWS\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x806ff000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7aa3000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf79b3000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf7554000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf7aa5000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf752e000 0x00026000 "d347bus.sys"
.\debug.cpp(256) : 0xf751d000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf75a3000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf75b3000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf75c3000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf79b7000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xf79bb000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xf7b6b000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf7823000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf75d3000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf74fe000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf7aa7000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xf74d8000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xf79bf000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xf7b6c000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xf782b000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf75e3000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf741a000 0x000be000 "iaStor.sys"
.\debug.cpp(256) : 0xf7402000 0x00018000 " "
.\debug.cpp(256) : 0xf7aa9000 0x00002000 "d347prt.sys"
.\debug.cpp(256) : 0xf73ea000 0x00018000 "\WINDOWS\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0xf7833000 0x00006000 "ElbyVCD.sys"
.\debug.cpp(256) : 0xf75f3000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf7603000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf73ca000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf73b8000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf73a1000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf738e000 0x00013000 "WudfPf.sys"
.\debug.cpp(256) : 0xf7301000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf72d4000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf72ba000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf7a6f000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xf7923000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xf71e5000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf7953000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf71bd000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xf6fa2000 0x0021b000 "\SystemRoot\system32\DRIVERS\NETw4x32.sys"
.\debug.cpp(256) : 0xf6f77000 0x0002b000 "\SystemRoot\system32\DRIVERS\b57xp32.sys"
.\debug.cpp(256) : 0xf7623000 0x0000f000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys"
.\debug.cpp(256) : 0xf6f63000 0x00014000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys"
.\debug.cpp(256) : 0xf6f12000 0x00051000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys"
.\debug.cpp(256) : 0xf7633000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf786b000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf6ee2000 0x00030000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xf7ab5000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf78ab000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf7643000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf7281000 0x00004000 "\SystemRoot\System32\Drivers\ElbyCDFL.sys"
.\debug.cpp(256) : 0xf7653000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf7663000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf6e97000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xf7903000 0x00007000 "\SystemRoot\System32\Drivers\incdrm.SYS"
.\debug.cpp(256) : 0xf7913000 0x00008000 "\SystemRoot\System32\DRIVERS\InCDPass.sys"
.\debug.cpp(256) : 0xf7673000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf726d000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf6e80000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf7683000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf7693000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf796b000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf6e6f000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf76a3000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf7993000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf79a3000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf6e3f000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xf76b3000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf7abb000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf6de1000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf7245000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf723d000 0x00003000 "\SystemRoot\system32\drivers\PMHler.sys"
.\debug.cpp(256) : 0xf7a77000 0x00003000 "\SystemRoot\system32\DRIVERS\lgbtbus.sys"
.\debug.cpp(256) : 0xf76c3000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf76d3000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf7ac5000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf7b70000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf7ac9000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf798b000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf6cb5000 0x00014000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf7acd000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xf6c4c000 0x00049000 "\SystemRoot\system32\drivers\fwdrv.sys"
.\debug.cpp(256) : 0xf792b000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xf7933000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xf6dd9000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xf6c39000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xf6be0000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xf6bba000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xf7713000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
.\debug.cpp(256) : 0xf6b92000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xf6b70000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf7723000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xf6b45000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xf6ad5000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf78fb000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xf6d41000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xf69ef000 0x000be000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xf7285000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xf78f3000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf7bc7000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbff70000 0x00003000 "\SystemRoot\System32\framebuf.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xf669b000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xf64c8000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xf78eb000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xf629c000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0x7c900000 0x000b1000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination="\Device\Scsi\d347prt1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#d347prt#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000055"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_1307&Pid_0163#f5e643a567b6d8#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_OCZ&Prod_&Rev_1.0#f5e643a567b6d8&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000095"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_382D17AA&REV_05#4&3b3a03b5&0&34F0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0023"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________TX07____#334d373352393431353720302020202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2ffe84ea&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________TX07____#334d373352393431353720302020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&370689c4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________TX07____#334d373352393431353720302020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_384617AA&REV_03#3&b1bfb68&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04f2&Pid_b013#SN0001#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{892A33B1-9DC1-4D03-9710-76E61D90F58B}"
.\debug.cpp(400) : Destination="\Device\{892A33B1-9DC1-4D03-9710-76E61D90F58B}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{87ED42F9-5C6D-474D-BD0B-BD239957DE15}"
.\debug.cpp(400) : Destination="\Device\{87ED42F9-5C6D-474D-BD0B-BD239957DE15}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&bc62aa2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1713&SUBSYS_386117AA&REV_02#4&1b09a299&0&00E3#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0026"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bfa5d8f2-fa6d-11dc-a379-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&3b28dea0&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FWDRV"
.\debug.cpp(400) : Destination="\Device\FWDRV"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
.\debug.cpp(400) : Destination="\Device\ASWTDI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{45619d34-9fd4-11df-a56a-b7492e09e16a}"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d534896c-e270-11dd-a23d-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0005#{508a919c-d155-4cf7-863e-de014cbb1b90}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_384317AA&REV_03#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\d347bus"
.\debug.cpp(400) : Destination="\Device\d347bus"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DR3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_384817AA&REV_03#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_384517AA&REV_03#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000057"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination="\Device\USBFDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7d134975-4131-11de-b538-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination="\Device\USBFDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bfa5d8ee-fa6d-11dc-a379-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1600BEVS-08RST2___________________08.01G08#4&14c782b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IAAStorageDevice-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&2ffe84ea&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MrwR00000000"
.\debug.cpp(400) : Destination="\Device\MrwR00000000"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BA5F76AE-F2BB-40EF-8EE3-5A7B49C1327E}"
.\debug.cpp(400) : Destination="\Device\{BA5F76AE-F2BB-40EF-8EE3-5A7B49C1327E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MrwR00000001"
.\debug.cpp(400) : Destination="\Device\MrwR00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{39F51F63-779E-401D-B330-FD7B3C5A50B8}"
.\debug.cpp(400) : Destination="\Device\{39F51F63-779E-401D-B330-FD7B3C5A50B8}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{31E1A565-E481-4A37-B08A-308714546FC0}"
.\debug.cpp(400) : Destination="\Device\{31E1A565-E481-4A37-B08A-308714546FC0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7d134974-4131-11de-b538-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureAD709FB2Offset168583E00Length23DABD4400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_384717AA&REV_03#3&b1bfb68&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1393e1fa&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\iaStor0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PMEBIoDispatch"
.\debug.cpp(400) : Destination="\Device\PMEBIoDispatch"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0FBD9A1-BAC1-45C7-AD69-AD0079DB0DB0}"
.\debug.cpp(400) : Destination="\Device\{C0FBD9A1-BAC1-45C7-AD69-AD0079DB0DB0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7cd9720&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0#2&12b1de20&0&000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\d347prt1Port3Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&316d41cb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCDPASS_REAL_DEVICE00000000"
.\debug.cpp(400) : Destination="\Device\INCDPASS_REAL_DEVICE00000000"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F6D6B09B-644F-48D9-B4BD-4D6CEE091A41}"
.\debug.cpp(400) : Destination="\Device\{F6D6B09B-644F-48D9-B4BD-4D6CEE091A41}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4230&SUBSYS_11118086&REV_61#4&29e2c51b&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0025"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0843&SUBSYS_382B17AA&REV_01#4&3b3a03b5&0&32F0#{ba39d8e2-30c9-11d4-b3cd-d916bda91711}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0#2&12b1de20&0&000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\d347prt1Port3Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCDPASS_REAL_DEVICE00000001"
.\debug.cpp(400) : Destination="\Device\INCDPASS_REAL_DEVICE00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&e68e7ad&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0592&SUBSYS_382C17AA&REV_0A#4&3b3a03b5&0&33F0#{d2d3b8e3-2400-448c-8c0d-79abecfcfda3}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&298794d8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&3b28dea0&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination="\Device\SynTP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_384917AA&REV_03#3&b1bfb68&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination="\Device\DmControl\DmInfo"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{17BAF32F-0FE8-4ED7-AB4F-00FC8663A755}"
.\debug.cpp(400) : Destination="\Device\{17BAF32F-0FE8-4ED7-AB4F-00FC8663A755}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{29441FBE-B9D8-4716-AC9C-F1B86B03AA33}"
.\debug.cpp(400) : Destination="\Device\{29441FBE-B9D8-4716-AC9C-F1B86B03AA33}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_384417AA&REV_03#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`68583e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: ee7fe9f24bc949ea3a78cf7064fbe50b
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 149 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1217) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1220) :
.\boot_cleaner.cpp(1242) : Done;

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-18
Flags REG_DWORD 12 (0xc)
State REG_DWORD 0 (0x0)
RefCount REG_DWORD 1 (0x1)
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 9 (0x9)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -1014919028 (0xc381908c)
ProfileLoadTimeHigh REG_DWORD 30094342 (0x1cb3406)
RefCount REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 9 (0x9)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -1028981528 (0xc2aafce8)
ProfileLoadTimeHigh REG_DWORD 30094342 (0x1cb3406)
RefCount REG_DWORD 2 (0x2)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1202660629-1844823847-839522115-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Honza
Sid REG_BINARY 0105000000000005150000001525af4727c7f56d43170a32eb030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 669583142 (0x27e90726)
ProfileLoadTimeHigh REG_DWORD 30094323 (0x1cb33f3)
RefCount REG_DWORD 1 (0x1)
RunLogonScriptSync REG_DWORD 0 (0x0)
OptimizedLogonStatus REG_DWORD 11 (0xb)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1202660629-1844823847-839522115-1004
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LogMeInRemoteUser
Sid REG_BINARY 0105000000000005150000001525af4727c7f56d43170a32ec030000
Flags REG_DWORD 1 (0x1)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -1755341250 (0x975f9e3e)
ProfileLoadTimeHigh REG_DWORD 29922499 (0x1c894c3)
RefCount REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1202660629-1844823847-839522115-1005
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Supervisor
Sid REG_BINARY 0105000000000005150000001525af4727c7f56d43170a32ed030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 1150970336 (0x449a69e0)
ProfileLoadTimeHigh REG_DWORD 29922134 (0x1c89356)
RefCount REG_DWORD 1 (0x1)
RunLogonScriptSync REG_DWORD 0 (0x0)
OptimizedLogonStatus REG_DWORD 11 (0xb)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1202660629-1844823847-839522115-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Veronika
Sid REG_BINARY 0105000000000005150000001525af4727c7f56d43170a32ee030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -2113356528 (0x8208bd10)
ProfileLoadTimeHigh REG_DWORD 30094342 (0x1cb3406)
RefCount REG_DWORD 1 (0x1)
RunLogonScriptSync REG_DWORD 0 (0x0)
OptimizedLogonStatus REG_DWORD 11 (0xb)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1202660629-1844823847-839522115-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator.LENOVO3000N200
Sid REG_BINARY 0105000000000005150000001525af4727c7f56d43170a32f4010000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -119606528 (0xf8def300)
ProfileLoadTimeHigh REG_DWORD 30094342 (0x1cb3406)
RefCount REG_DWORD 1 (0x1)
RunLogonScriptSync REG_DWORD 0 (0x0)
OptimizedLogonStatus REG_DWORD 11 (0xb)

Tieto ucty vsetky poznas??
Supervisor
LogMeInRemoteUser
Veronika
Administrator.LENOVO3000N200
\Honza

LogMeInRemoteUser ne
a je to skryty ucet

klik-start-klik spustit-vloz do okna prikaz:
"%userprofile%\plocha\remover.exe" fix \\.\PhysicalDrive0
enter

Vytvor novy.bat LogMeIn.bat

@echo off
net user LogMeInRemoteUser>"%userprofile%\plocha\log.txt"
start notepad "%userprofile%\plocha\log.txt"
cls

log vloz sem.

spust znova bootkitremover a log vloz tiez sem.

.\debug.cpp(238) : Debug log started at 04.08.2010 - 19:44:23
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00228000 "\WINDOWS\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x806ff000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7aa3000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf79b3000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf7554000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf7aa5000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf752e000 0x00026000 "d347bus.sys"
.\debug.cpp(256) : 0xf751d000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf75a3000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf75b3000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf75c3000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf79b7000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xf79bb000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xf7b6b000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf7823000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf75d3000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf74fe000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf7aa7000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xf74d8000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xf79bf000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xf7b6c000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xf782b000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf75e3000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf741a000 0x000be000 "iaStor.sys"
.\debug.cpp(256) : 0xf7402000 0x00018000 " "
.\debug.cpp(256) : 0xf7aa9000 0x00002000 "d347prt.sys"
.\debug.cpp(256) : 0xf73ea000 0x00018000 "\WINDOWS\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0xf7833000 0x00006000 "ElbyVCD.sys"
.\debug.cpp(256) : 0xf75f3000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf7603000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf73ca000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf73b8000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf73a1000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf738e000 0x00013000 "WudfPf.sys"
.\debug.cpp(256) : 0xf7301000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf72d4000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf72ba000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf7a6f000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xf7923000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xf71e5000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf7953000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf71bd000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xf6fa2000 0x0021b000 "\SystemRoot\system32\DRIVERS\NETw4x32.sys"
.\debug.cpp(256) : 0xf6f77000 0x0002b000 "\SystemRoot\system32\DRIVERS\b57xp32.sys"
.\debug.cpp(256) : 0xf7623000 0x0000f000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys"
.\debug.cpp(256) : 0xf6f63000 0x00014000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys"
.\debug.cpp(256) : 0xf6f12000 0x00051000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys"
.\debug.cpp(256) : 0xf7633000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf786b000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf6ee2000 0x00030000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xf7ab5000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf78ab000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf7643000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf7281000 0x00004000 "\SystemRoot\System32\Drivers\ElbyCDFL.sys"
.\debug.cpp(256) : 0xf7653000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf7663000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf6e97000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xf7903000 0x00007000 "\SystemRoot\System32\Drivers\incdrm.SYS"
.\debug.cpp(256) : 0xf7913000 0x00008000 "\SystemRoot\System32\DRIVERS\InCDPass.sys"
.\debug.cpp(256) : 0xf7673000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf726d000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf6e80000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf7683000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf7693000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf796b000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf6e6f000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf76a3000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf7993000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf79a3000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf6e3f000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xf76b3000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf7abb000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf6de1000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf7245000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf723d000 0x00003000 "\SystemRoot\system32\drivers\PMHler.sys"
.\debug.cpp(256) : 0xf7a77000 0x00003000 "\SystemRoot\system32\DRIVERS\lgbtbus.sys"
.\debug.cpp(256) : 0xf76c3000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf76d3000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf7ac5000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf7b70000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf7ac9000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf798b000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf6cb5000 0x00014000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf7acd000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xf6c4c000 0x00049000 "\SystemRoot\system32\drivers\fwdrv.sys"
.\debug.cpp(256) : 0xf792b000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xf7933000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xf6dd9000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xf6c39000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xf6be0000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xf6bba000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xf7713000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
.\debug.cpp(256) : 0xf6b92000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xf6b70000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf7723000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xf6b45000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xf6ad5000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf78fb000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xf6d41000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xf69ef000 0x000be000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xf7285000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xf78f3000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf7bc7000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbff70000 0x00003000 "\SystemRoot\System32\framebuf.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xf669b000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xf64c8000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xf629c000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0xf795b000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0x7c900000 0x000b1000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination="\Device\Scsi\d347prt1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#d347prt#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000055"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_1307&Pid_0163#f5e643a567b6d8#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_OCZ&Prod_&Rev_1.0#f5e643a567b6d8&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000098"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_382D17AA&REV_05#4&3b3a03b5&0&34F0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0023"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________TX07____#334d373352393431353720302020202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2ffe84ea&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________TX07____#334d373352393431353720302020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&370689c4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________TX07____#334d373352393431353720302020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_384617AA&REV_03#3&b1bfb68&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04f2&Pid_b013#SN0001#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{892A33B1-9DC1-4D03-9710-76E61D90F58B}"
.\debug.cpp(400) : Destination="\Device\{892A33B1-9DC1-4D03-9710-76E61D90F58B}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{87ED42F9-5C6D-474D-BD0B-BD239957DE15}"
.\debug.cpp(400) : Destination="\Device\{87ED42F9-5C6D-474D-BD0B-BD239957DE15}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&bc62aa2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1713&SUBSYS_386117AA&REV_02#4&1b09a299&0&00E3#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0026"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bfa5d8f2-fa6d-11dc-a379-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&3b28dea0&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FWDRV"
.\debug.cpp(400) : Destination="\Device\FWDRV"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
.\debug.cpp(400) : Destination="\Device\ASWTDI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d534896c-e270-11dd-a23d-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{45619d34-9fd4-11df-a56a-b7492e09e16a}"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0005#{508a919c-d155-4cf7-863e-de014cbb1b90}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_384317AA&REV_03#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\d347bus"
.\debug.cpp(400) : Destination="\Device\d347bus"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DR5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination="\Device\CdRom1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_384817AA&REV_03#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_384517AA&REV_03#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000057"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination="\Device\USBFDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7d134975-4131-11de-b538-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination="\Device\USBFDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bfa5d8ee-fa6d-11dc-a379-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1600BEVS-08RST2___________________08.01G08#4&14c782b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IAAStorageDevice-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&2ffe84ea&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MrwR00000000"
.\debug.cpp(400) : Destination="\Device\MrwR00000000"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BA5F76AE-F2BB-40EF-8EE3-5A7B49C1327E}"
.\debug.cpp(400) : Destination="\Device\{BA5F76AE-F2BB-40EF-8EE3-5A7B49C1327E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MrwR00000001"
.\debug.cpp(400) : Destination="\Device\MrwR00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{39F51F63-779E-401D-B330-FD7B3C5A50B8}"
.\debug.cpp(400) : Destination="\Device\{39F51F63-779E-401D-B330-FD7B3C5A50B8}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{31E1A565-E481-4A37-B08A-308714546FC0}"
.\debug.cpp(400) : Destination="\Device\{31E1A565-E481-4A37-B08A-308714546FC0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7d134974-4131-11de-b538-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureAD709FB2Offset168583E00Length23DABD4400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_384717AA&REV_03#3&b1bfb68&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1393e1fa&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\iaStor0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PMEBIoDispatch"
.\debug.cpp(400) : Destination="\Device\PMEBIoDispatch"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0FBD9A1-BAC1-45C7-AD69-AD0079DB0DB0}"
.\debug.cpp(400) : Destination="\Device\{C0FBD9A1-BAC1-45C7-AD69-AD0079DB0DB0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7cd9720&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0#2&12b1de20&0&000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\d347prt1Port3Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&316d41cb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCDPASS_REAL_DEVICE00000000"
.\debug.cpp(400) : Destination="\Device\INCDPASS_REAL_DEVICE00000000"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F6D6B09B-644F-48D9-B4BD-4D6CEE091A41}"
.\debug.cpp(400) : Destination="\Device\{F6D6B09B-644F-48D9-B4BD-4D6CEE091A41}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4230&SUBSYS_11118086&REV_61#4&29e2c51b&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0025"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0843&SUBSYS_382B17AA&REV_01#4&3b3a03b5&0&32F0#{ba39d8e2-30c9-11d4-b3cd-d916bda91711}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0#2&12b1de20&0&000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\d347prt1Port3Path0Target0Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCDPASS_REAL_DEVICE00000001"
.\debug.cpp(400) : Destination="\Device\INCDPASS_REAL_DEVICE00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&e68e7ad&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0592&SUBSYS_382C17AA&REV_0A#4&3b3a03b5&0&33F0#{d2d3b8e3-2400-448c-8c0d-79abecfcfda3}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&298794d8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&3b28dea0&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination="\Device\SynTP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_384917AA&REV_03#3&b1bfb68&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination="\Device\DmControl\DmInfo"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{17BAF32F-0FE8-4ED7-AB4F-00FC8663A755}"
.\debug.cpp(400) : Destination="\Device\{17BAF32F-0FE8-4ED7-AB4F-00FC8663A755}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{29441FBE-B9D8-4716-AC9C-F1B86B03AA33}"
.\debug.cpp(400) : Destination="\Device\{29441FBE-B9D8-4716-AC9C-F1B86B03AA33}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_384417AA&REV_03#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0011"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`68583e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;

U§ivatelsk‚ jm‚no LogMeInRemoteUser
Jm‚no a pýˇjmenˇ
Koment ý Account for remote control
Koment ý u§ivatele
SmŘrov‚ źˇslo zemŘ 000 (Věchozˇ syst‚mov‚ nastavenˇ)
éźet je aktivnˇ Ano
éźet vyprçel Nikdy

Heslo bylo naposledy nastaveno 7/7/2008 11:24 AM
Heslo vyprçˇ Nikdy
Heslo lze mŘnit 7/7/2008 11:24 AM
Heslo je vy§adov no Ano
U§ivatel smˇ mŘnit heslo Ano

Pracovnˇ stanice byla povolena Vçe
Pýihlaçovacˇ skript
Profil u§ivatele
Domovskě adres ý
Naposledy pýihl çen 4/2/2008 3:15 PM

Povolen‚ pýihlaçovacˇ hodiny Vçe

¬lenstvˇ v mˇstnˇch skupin ch *Administrators
¬lenstvˇ v glob lnˇch skupin ch *None
Pýˇkaz byl ŁspŘçnŘ dokonźen.

VIRY.CZ

Prosim o radu a omrknuti logu... diky

Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky

Re: Prosim o radu a omrknuti logu... diky