Asi rootkit

Zpráva

Mikka · #1 Příspěvek od **Mikka** » 27 lis 2010 17:28

Combofix mi pořád hlásí, že našel přitomnost rootkitu, ale nedokáže ho odstranit ani na 3. pokus. Mám čerstvě nainstalovanej win XP. Antivir (avast) jsem nainstaloval pár min po prvním připojení k internetu a teď jsem ho odinstaloval s podezřením, že je napadenej virem - hlasil, že je combofix zavirovanej a po spuštění win 2 min. nefungoval a odinstalování trvalo mnohem dýl něž by mělo. Všechno je cca 2 min. po spuštění takový zabržděný... Zatím jsem nainstaloval jen samý ověřený programy, tak nechápu jak se sem ten rootkit dostal.
Děkuju za rady

Tog z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2010-11-27 17:19:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 213 GB (96%) free of 221 GB
Total RAM: 510 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:19:01, on 27.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

--
End of file - 2715 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"ose"=3
"NMSAccess"=2
"JavaQuickStarterService"=2
"idsvc"=3
"ATI Smart"=2
"Ati HotKey Poller"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-27 17:18:21 ----D---- C:\rsit
2010-11-27 17:18:21 ----D---- C:\Program Files\trend micro
2010-11-27 17:14:27 ----D---- C:\WINDOWS\temp
2010-11-27 17:14:26 ----A---- C:\ComboFix.txt
2010-11-27 17:01:52 ----D---- C:\Qoobox
2010-11-27 16:45:35 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-27 15:52:57 ----D---- C:\Program Files\Unlocker
2010-11-27 15:35:59 ----A---- C:\WINDOWS\zip.exe
2010-11-27 15:35:59 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-27 15:35:59 ----A---- C:\WINDOWS\SWSC.exe
2010-11-27 15:35:59 ----A---- C:\WINDOWS\SWREG.exe
2010-11-27 15:35:59 ----A---- C:\WINDOWS\sed.exe
2010-11-27 15:35:59 ----A---- C:\WINDOWS\PEV.exe
2010-11-27 15:35:59 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-27 15:35:59 ----A---- C:\WINDOWS\MBR.exe
2010-11-27 15:35:59 ----A---- C:\WINDOWS\grep.exe
2010-11-27 15:35:55 ----D---- C:\WINDOWS\ERDNT
2010-11-27 14:10:17 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-11-27 14:10:16 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-11-27 13:59:49 ----D---- C:\WINDOWS\system32\XPSViewer
2010-11-27 13:59:46 ----D---- C:\Program Files\MSBuild
2010-11-27 13:59:36 ----D---- C:\Program Files\Reference Assemblies
2010-11-27 13:59:01 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-11-27 13:59:01 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-11-27 13:59:01 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-11-27 13:46:16 ----D---- C:\WINDOWS\ie8updates
2010-11-27 13:30:13 ----D---- C:\WINDOWS\pss
2010-11-27 13:13:37 ----D---- C:\WINDOWS\WBEM
2010-11-27 13:12:02 ----HDC---- C:\WINDOWS\ie8
2010-11-27 13:03:57 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-11-27 13:03:46 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-11-27 13:03:40 ----D---- C:\Program Files\Windows Media Connect 2
2010-11-27 13:02:44 ----D---- C:\WINDOWS\system32\LogFiles
2010-11-27 13:02:44 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-11-27 13:01:29 ----D---- C:\WINDOWS\system32\URTTEMP
2010-11-27 12:58:31 ----D---- C:\Documents and Settings\Admin\Data aplikací\Canneverbe Limited
2010-11-27 12:57:04 ----D---- C:\Program Files\CDBurnerXP
2010-11-27 12:57:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
2010-11-27 12:48:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-11-26 18:29:10 ----RSD---- C:\WINDOWS\assembly
2010-11-26 18:28:41 ----D---- C:\WINDOWS\system32\en-US
2010-11-26 18:28:36 ----D---- C:\Program Files\Microsoft.NET
2010-11-26 18:28:34 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-26 18:27:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-11-26 18:27:38 ----D---- C:\Program Files\Common Files\Java
2010-11-26 18:27:26 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-26 18:27:26 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-26 18:27:26 ----A---- C:\WINDOWS\system32\java.exe
2010-11-26 18:27:26 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-11-26 18:27:12 ----D---- C:\Program Files\Java
2010-11-26 18:27:07 ----D---- C:\Documents and Settings\Admin\Data aplikací\Sun
2010-11-26 18:26:34 ----D---- C:\Program Files\Common Files\Skype
2010-11-26 18:26:30 ----RD---- C:\Program Files\Skype
2010-11-26 18:26:30 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2010-11-26 18:26:17 ----A---- C:\WINDOWS\ODBC.INI
2010-11-26 18:26:13 ----A---- C:\WINDOWS\system32\mdimon.dll
2010-11-26 18:25:30 ----D---- C:\Program Files\Common Files\DESIGNER
2010-11-26 18:25:17 ----D---- C:\WINDOWS\SHELLNEW
2010-11-26 18:25:16 ----D---- C:\Program Files\Microsoft Office
2010-11-26 18:19:55 ----D---- C:\WINDOWS\Prefetch
2010-11-26 18:17:54 ----A---- C:\WINDOWS\system32\h323log.txt
2010-11-26 18:16:28 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-11-26 18:16:23 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2010-11-26 18:15:57 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-11-26 18:15:07 ----A---- C:\WINDOWS\system32\usbui.dll
2010-11-26 18:14:57 ----A---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2010-11-26 18:13:57 ----SHD---- C:\WINDOWS\Installer
2010-11-26 18:13:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-26 18:13:56 ----D---- C:\Program Files\Common Files\ODBC
2010-11-26 18:13:56 ----A---- C:\WINDOWS\ODBCINST.INI
2010-11-26 18:13:53 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-11-26 18:13:52 ----RD---- C:\Program Files
2010-11-26 18:13:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-26 18:13:52 ----D---- C:\Program Files\Common Files
2010-11-26 18:13:48 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-11-26 18:13:48 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-11-26 18:13:48 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-11-26 18:13:46 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-11-26 18:13:46 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-11-26 18:13:46 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-11-26 18:13:46 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-11-26 18:13:46 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-11-26 18:13:45 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-11-26 18:13:45 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-11-26 18:13:45 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-11-26 18:13:45 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-11-26 18:13:45 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-11-26 18:13:45 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-11-26 18:13:45 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-11-26 18:13:42 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-11-26 18:13:42 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-11-26 18:13:42 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-11-26 18:13:42 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-11-26 18:13:42 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-11-26 18:13:42 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-11-26 18:13:42 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-11-26 18:13:40 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-11-26 18:13:40 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-11-26 18:13:40 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-11-26 18:13:40 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-11-26 18:13:40 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-11-26 18:13:36 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-11-26 18:13:36 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-11-26 18:13:36 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-11-26 18:13:36 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-11-26 18:13:35 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-11-26 18:13:35 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-11-26 18:13:35 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-11-26 18:13:35 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-11-26 18:13:35 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-11-26 18:13:35 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-11-26 18:13:34 ----A---- C:\WINDOWS\system32\irclass.dll
2010-11-26 18:13:34 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-11-26 18:13:34 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-11-26 18:13:33 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-11-26 18:13:33 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-11-26 18:13:30 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-11-26 18:13:30 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-11-26 18:13:30 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-11-26 18:13:30 ----A---- C:\WINDOWS\system32\batt.dll
2010-11-26 18:13:29 ----A---- C:\WINDOWS\notepad.exe
2010-11-26 18:13:28 ----A---- C:\WINDOWS\system32\storprop.dll
2010-11-26 18:13:20 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-11-26 18:13:19 ----RA---- C:\WINDOWS\SET21.tmp
2010-11-26 18:13:16 ----RA---- C:\WINDOWS\SET8.tmp
2010-11-26 18:13:13 ----RA---- C:\WINDOWS\SET4.tmp
2010-11-26 18:13:12 ----RA---- C:\WINDOWS\SET3.tmp
2010-11-26 18:13:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-26 18:13:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-26 18:13:00 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-11-26 18:12:31 ----SHD---- C:\System Volume Information
2010-11-26 18:12:31 ----D---- C:\Documents and Settings
2010-11-26 18:11:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-11-26 18:10:37 ----SH---- C:\boot.ini
2010-11-26 18:08:59 ----N---- C:\WINDOWS\system32\msxml6r.dll
2010-11-26 18:08:59 ----A---- C:\WINDOWS\system32\msxml6.dll
2010-11-26 18:08:26 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2010-11-26 18:08:26 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-11-26 18:08:25 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2010-11-26 18:08:25 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2010-11-26 18:08:24 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-11-26 18:08:24 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-11-26 18:08:24 ----N---- C:\WINDOWS\system32\credssp.dll
2010-11-26 18:08:24 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-11-26 18:08:24 ----N---- C:\WINDOWS\system32\azroles.dll
2010-11-26 18:08:23 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-11-26 18:08:23 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-11-26 18:08:23 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-11-26 18:08:23 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-11-26 18:08:23 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-11-26 18:08:23 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-11-26 18:08:23 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-11-26 18:08:23 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-11-26 18:08:22 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-11-26 18:08:22 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-11-26 18:08:22 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-11-26 18:08:22 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-11-26 18:08:22 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-11-26 18:08:22 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-11-26 18:08:22 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-11-26 18:08:22 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-11-26 18:08:21 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2010-11-26 18:08:18 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-11-26 18:08:17 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-11-26 18:08:17 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-11-26 18:08:17 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-11-26 18:08:17 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-11-26 18:08:17 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-11-26 18:08:16 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-11-26 18:08:16 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-11-26 18:08:16 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2010-11-26 18:08:15 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-11-26 18:08:15 ----N---- C:\WINDOWS\system32\mssha.dll
2010-11-26 18:08:15 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-11-26 18:08:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-11-26 18:08:14 ----N---- C:\WINDOWS\system32\napstat.exe
2010-11-26 18:08:14 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-11-26 18:08:14 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-11-26 18:08:14 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2010-11-26 18:08:13 ----N---- C:\WINDOWS\system32\qagent.dll
2010-11-26 18:08:13 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2010-11-26 18:08:13 ----N---- C:\WINDOWS\system32\onex.dll
2010-11-26 18:08:13 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\slserv.exe
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\slrundll.exe
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\slgen.dll
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\slextspk.dll
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\slcoinst.dll
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\setupn.exe
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\s3gnb.dll
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\qutil.dll
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-11-26 18:08:12 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-11-26 18:08:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-11-26 18:08:09 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2010-11-26 18:08:09 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2010-11-26 18:08:09 ----N---- C:\WINDOWS\system32\verclsid.exe
2010-11-26 18:08:09 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-11-26 18:08:09 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-11-26 18:08:08 ----N---- C:\WINDOWS\system32\wmphoto.dll
2010-11-26 18:08:08 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-11-26 18:08:05 ----N---- C:\WINDOWS\slrundll.exe
2010-11-26 18:08:05 ----A---- C:\WINDOWS\system32\xmllite.dll
2010-11-26 18:08:03 ----D---- C:\WINDOWS\system32\cs-cz
2010-11-26 18:08:00 ----D---- C:\WINDOWS\l2schemas
2010-11-26 18:07:57 ----D---- C:\WINDOWS\system32\cs
2010-11-26 18:07:56 ----D---- C:\WINDOWS\system32\bits
2010-11-26 18:04:25 ----D---- C:\WINDOWS\ServicePackFiles
2010-11-26 18:03:48 ----D---- C:\Program Files\QuickTime
2010-11-26 18:03:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-11-26 18:03:14 ----D---- C:\Program Files\Common Files\Apple
2010-11-26 18:02:58 ----D---- C:\Program Files\Apple Software Update
2010-11-26 18:02:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-11-26 18:02:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-26 18:02:47 ----RSD---- C:\WINDOWS\Fonts
2010-11-26 18:02:47 ----RD---- C:\WINDOWS\Web
2010-11-26 18:02:47 ----HD---- C:\WINDOWS\inf
2010-11-26 18:02:47 ----D---- C:\WINDOWS\WinSxS
2010-11-26 18:02:47 ----D---- C:\WINDOWS\twain_32
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\wins
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\wbem
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\usmt
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\spool
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\ShellExt
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\Setup
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\ras
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\oobe
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\npp
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\mui
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\inetsrv
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\IME
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\icsxml
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\ias
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\export
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\drivers\disdn
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\drivers
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\dhcp
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\config
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\3com_dmi
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\3076
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\2052
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\1054
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\1042
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\1041
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\1037
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\1033
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\1031
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\1029
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\1028
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32\1025
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system32
2010-11-26 18:02:47 ----D---- C:\WINDOWS\system
2010-11-26 18:02:47 ----D---- C:\WINDOWS\security
2010-11-26 18:02:47 ----D---- C:\WINDOWS\Resources
2010-11-26 18:02:47 ----D---- C:\WINDOWS\repair
2010-11-26 18:02:47 ----D---- C:\WINDOWS\Provisioning
2010-11-26 18:02:47 ----D---- C:\WINDOWS\pchealth
2010-11-26 18:02:47 ----D---- C:\WINDOWS\PeerNet
2010-11-26 18:02:47 ----D---- C:\WINDOWS\mui
2010-11-26 18:02:47 ----D---- C:\WINDOWS\msapps
2010-11-26 18:02:47 ----D---- C:\WINDOWS\msagent
2010-11-26 18:02:47 ----D---- C:\WINDOWS\Media
2010-11-26 18:02:47 ----D---- C:\WINDOWS\java
2010-11-26 18:02:47 ----D---- C:\WINDOWS\ime
2010-11-26 18:02:47 ----D---- C:\WINDOWS\Help
2010-11-26 18:02:47 ----D---- C:\WINDOWS\Driver Cache
2010-11-26 18:02:47 ----D---- C:\WINDOWS\Debug
2010-11-26 18:02:47 ----D---- C:\WINDOWS\Cursors
2010-11-26 18:02:47 ----D---- C:\WINDOWS\Connection Wizard
2010-11-26 18:02:47 ----D---- C:\WINDOWS\Config
2010-11-26 18:02:47 ----D---- C:\WINDOWS\AppPatch
2010-11-26 18:02:47 ----D---- C:\WINDOWS\addins
2010-11-26 18:02:47 ----D---- C:\WINDOWS
2010-11-26 18:02:46 ----ASH---- C:\pagefile.sys
2010-11-26 18:01:55 ----D---- C:\Program Files\Microsoft Silverlight
2010-11-26 18:00:43 ----A---- C:\WINDOWS\system32\unrar.dll
2010-11-26 18:00:42 ----A---- C:\WINDOWS\avisplitter.ini
2010-11-26 18:00:40 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-11-26 18:00:40 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-11-26 18:00:40 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-11-26 18:00:40 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-11-26 18:00:40 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-11-26 18:00:38 ----D---- C:\Program Files\K-Lite Codec Pack
2010-11-26 17:59:00 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2010-11-26 17:59:00 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2010-11-26 17:59:00 ----D---- C:\WINDOWS\network diagnostic
2010-11-26 17:58:59 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2010-11-26 17:58:59 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2010-11-26 17:58:59 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2010-11-26 17:58:59 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2010-11-26 17:58:59 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2010-11-26 17:58:59 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2010-11-26 17:58:59 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2010-11-26 17:58:59 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2010-11-26 17:58:59 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2010-11-26 17:58:58 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2010-11-26 17:58:57 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2010-11-26 17:58:56 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2010-11-26 17:58:56 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2010-11-26 17:58:55 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2010-11-26 17:58:55 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2010-11-26 17:58:55 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2010-11-26 17:58:55 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2010-11-26 17:58:55 ----N---- C:\WINDOWS\system32\drivers\hdaudbus.sys
2010-11-26 17:58:54 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2010-11-26 17:58:52 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2010-11-26 17:58:52 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2010-11-26 17:58:52 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2010-11-26 17:58:52 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2010-11-26 17:58:52 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2010-11-26 17:58:52 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2010-11-26 17:58:51 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2010-11-26 17:58:51 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2010-11-26 17:58:51 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2010-11-26 17:58:51 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2010-11-26 17:58:51 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2010-11-26 17:58:51 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2010-11-26 17:58:51 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2010-11-26 17:58:51 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2010-11-26 17:58:51 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2010-11-26 17:58:50 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2010-11-26 17:58:49 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2010-11-26 17:58:06 ----D---- C:\Documents and Settings\Admin\Data aplikací\ICQ
2010-11-26 17:57:41 ----D---- C:\Program Files\ICQ7.2
2010-11-26 17:55:26 ----A---- C:\WINDOWS\002564_.tmp
2010-11-26 17:51:57 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2010-11-26 17:51:30 ----D---- C:\Documents and Settings\Admin\Data aplikací\DAEMON Tools Lite
2010-11-26 17:51:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-11-26 17:51:14 ----D---- C:\WINDOWS\EHome
2010-11-26 17:50:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-11-26 17:49:36 ----D---- C:\Program Files\Common Files\Adobe
2010-11-26 17:49:36 ----D---- C:\Program Files\Adobe
2010-11-26 17:49:27 ----D---- C:\Documents and Settings\Admin\Data aplikací\Macromedia
2010-11-26 17:49:27 ----D---- C:\Documents and Settings\Admin\Data aplikací\Adobe
2010-11-26 17:45:08 ----D---- C:\Program Files\Alwil Software
2010-11-26 17:45:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-11-26 17:43:35 ----A---- C:\WINDOWS\system32\wpa.bak
2010-11-26 17:41:25 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-11-26 17:40:14 ----D---- C:\Program Files\ATI Technologies
2010-11-26 17:38:58 ----D---- C:\Program Files\CCleaner
2010-11-26 17:37:51 ----D---- C:\WINDOWS\system32\PreInstall
2010-11-26 17:37:51 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-11-26 17:36:37 ----D---- C:\Documents and Settings\Admin\Data aplikací\Mozilla
2010-11-26 17:36:32 ----D---- C:\Program Files\Mozilla Firefox
2010-11-26 17:34:15 ----D---- C:\Program Files\AMD
2010-11-26 17:34:15 ----A---- C:\WINDOWS\system32\drivers\AmdK8.sys
2010-11-26 17:33:41 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-11-26 17:32:37 ----D---- C:\Program Files\Marvell
2010-11-26 17:32:00 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-11-26 17:31:58 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-11-26 17:31:57 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2010-11-26 17:31:52 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-11-26 17:31:51 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-11-26 17:31:50 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-11-26 17:31:49 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-11-26 17:31:48 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-11-26 17:31:46 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2010-11-26 17:31:45 ----A---- C:\WINDOWS\system32\drivers\mspqm.sys
2010-11-26 17:31:43 ----A---- C:\WINDOWS\system32\drivers\mspclock.sys
2010-11-26 17:31:38 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-11-26 17:31:38 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2010-11-26 17:31:37 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-11-26 17:31:35 ----RA---- C:\WINDOWS\avrack.ini
2010-11-26 17:31:35 ----D---- C:\Program Files\Realtek Sound Manager
2010-11-26 17:31:35 ----D---- C:\Program Files\AvRack
2010-11-26 17:31:34 ----D---- C:\Program Files\Realtek AC97
2010-11-26 17:31:32 ----RA---- C:\WINDOWS\system32\RTLCPL.EXE
2010-11-26 17:31:32 ----RA---- C:\WINDOWS\system32\RTLCPAPI.dll
2010-11-26 17:31:32 ----RA---- C:\WINDOWS\system32\ChCfg.exe
2010-11-26 17:31:32 ----RA---- C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010-11-26 17:31:32 ----RA---- C:\WINDOWS\SOUNDMAN.EXE
2010-11-26 17:31:31 ----RA---- C:\WINDOWS\alcupd.exe
2010-11-26 17:31:31 ----RA---- C:\WINDOWS\alcrmv.exe
2010-11-26 17:31:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-26 17:31:22 ----D---- C:\Program Files\Common Files\InstallShield
2010-11-26 17:30:53 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-11-26 17:30:42 ----A---- C:\WINDOWS\IsUninst.exe
2010-11-26 17:30:20 ----A---- C:\WINDOWS\system32\drivers\ASACPI.sys
2010-11-26 17:30:19 ----D---- C:\Documents and Settings\Admin\Data aplikací\WinRAR
2010-11-26 17:29:47 ----D---- C:\Program Files\WinRAR
2010-11-26 17:28:59 ----D---- C:\Documents and Settings\Admin\Data aplikací\Identities
2010-11-26 17:28:59 ----A---- C:\WINDOWS\system32\drivers\usbstor.sys
2010-11-26 17:28:57 ----HD---- C:\Program Files\Uninstall Information
2010-11-26 17:28:52 ----ASH---- C:\Documents and Settings\Admin\Data aplikací\desktop.ini
2010-11-26 17:28:51 ----SD---- C:\Documents and Settings\Admin\Data aplikací\Microsoft
2010-11-26 17:28:09 ----D---- C:\WINDOWS\SoftwareDistribution
2010-11-26 17:28:08 ----SD---- C:\WINDOWS\system32\Microsoft
2010-11-26 17:28:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-26 17:25:22 ----D---- C:\WINDOWS\system32\xircom
2010-11-26 17:25:22 ----D---- C:\Program Files\xerox
2010-11-26 17:25:22 ----D---- C:\Program Files\microsoft frontpage
2010-11-26 17:25:05 ----RASH---- C:\MSDOS.SYS
2010-11-26 17:25:05 ----RASH---- C:\IO.SYS
2010-11-26 17:25:05 ----A---- C:\WINDOWS\control.ini
2010-11-26 17:25:05 ----A---- C:\CONFIG.SYS
2010-11-26 17:25:05 ----A---- C:\AUTOEXEC.BAT
2010-11-26 17:24:47 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-11-26 17:24:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-26 17:24:09 ----RD---- C:\WINDOWS\Offline Web Pages
2010-11-26 17:24:09 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-11-26 17:24:04 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-11-26 17:24:01 ----HD---- C:\Program Files\WindowsUpdate
2010-11-26 17:23:56 ----D---- C:\Program Files\Online Services
2010-11-26 17:23:32 ----D---- C:\WINDOWS\system32\DirectX
2010-11-26 17:22:54 ----A---- C:\WINDOWS\system32\atrace.dll
2010-11-26 17:22:49 ----A---- C:\WINDOWS\system32\desktop.ini
2010-11-26 17:22:49 ----A---- C:\WINDOWS\desktop.ini
2010-11-26 17:22:35 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-11-26 17:22:34 ----A---- C:\WINDOWS\system32\acctres.dll
2010-11-26 17:22:33 ----D---- C:\Program Files\Common Files\Services
2010-11-26 17:22:27 ----SD---- C:\WINDOWS\Tasks
2010-11-26 17:22:27 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-11-26 17:22:25 ----D---- C:\Program Files\Common Files\MSSoap
2010-11-26 17:22:16 ----D---- C:\WINDOWS\srchasst
2010-11-26 17:22:14 ----D---- C:\WINDOWS\system32\Macromed
2010-11-26 17:22:09 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-11-26 17:22:09 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-11-26 17:22:09 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-11-26 17:22:08 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-11-26 17:22:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-11-26 17:22:07 ----A---- C:\WINDOWS\system32\wups.dll
2010-11-26 17:22:07 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-11-26 17:22:07 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-11-26 17:22:07 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-11-26 17:22:06 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-11-26 17:22:06 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-11-26 17:22:06 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-11-26 17:22:06 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-11-26 17:21:58 ----D---- C:\Program Files\Movie Maker
2010-11-26 17:21:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-11-26 17:21:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-11-26 17:21:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-11-26 17:21:51 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-11-26 17:21:44 ----A---- C:\WINDOWS\system32\fltmc.exe
2010-11-26 17:21:44 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-11-26 17:21:43 ----A---- C:\WINDOWS\system32\drivers\fltmgr.sys
2010-11-26 17:21:42 ----D---- C:\WINDOWS\system32\Restore
2010-11-26 17:21:42 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-11-26 17:21:42 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-11-26 17:21:42 ----A---- C:\WINDOWS\system32\srclient.dll
2010-11-26 17:21:42 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-11-26 17:21:41 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-11-26 17:21:41 ----A---- C:\WINDOWS\system32\ils.dll
2010-11-26 17:21:40 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-11-26 17:21:40 ----A---- C:\WINDOWS\system32\msconf.dll
2010-11-26 17:21:40 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-11-26 17:21:40 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-11-26 17:21:34 ----D---- C:\Program Files\NetMeeting
2010-11-26 17:21:34 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-11-26 17:21:34 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-11-26 17:21:31 ----A---- C:\WINDOWS\system32\inetres.dll
2010-11-26 17:21:30 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-11-26 17:21:26 ----D---- C:\Program Files\Outlook Express
2010-11-26 17:21:26 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-11-26 17:21:26 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-11-26 17:21:26 ----A---- C:\WINDOWS\system32\mstask.dll
2010-11-26 17:21:25 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-11-26 17:21:25 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-11-26 17:21:24 ----A---- C:\WINDOWS\system32\isign32.dll
2010-11-26 17:21:24 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-11-26 17:21:12 ----D---- C:\Program Files\Common Files\System
2010-11-26 17:21:10 ----D---- C:\Program Files\Internet Explorer
2010-11-26 17:20:57 ----D---- C:\Program Files\ComPlus Applications
2010-11-26 17:20:54 ----A---- C:\WINDOWS\vbaddin.ini
2010-11-26 17:20:54 ----A---- C:\WINDOWS\vb.ini
2010-11-26 17:20:49 ----D---- C:\WINDOWS\Registration
2010-11-26 17:20:22 ----D---- C:\Program Files\Windows Media Player
2010-11-26 17:20:16 ----D---- C:\Program Files\Messenger
2010-11-26 17:20:09 ----D---- C:\Program Files\MSN Gaming Zone
2010-11-26 17:20:09 ----A---- C:\WINDOWS\system32\write.exe
2010-11-26 17:19:54 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-11-26 17:19:54 ----A---- C:\WINDOWS\system32\hticons.dll
2010-11-26 17:19:53 ----A---- C:\WINDOWS\system32\avwav.dll
2010-11-26 17:19:53 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-11-26 17:19:53 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-11-26 17:19:52 ----A---- C:\WINDOWS\system32\winchat.exe
2010-11-26 17:19:39 ----A---- C:\WINDOWS\system32\getuname.dll
2010-11-26 17:19:38 ----A---- C:\WINDOWS\system32\charmap.exe
2010-11-26 17:19:38 ----A---- C:\WINDOWS\system32\calc.exe
2010-11-26 17:19:37 ----A---- C:\WINDOWS\system32\winmine.exe
2010-11-26 17:19:37 ----A---- C:\WINDOWS\system32\sol.exe
2010-11-26 17:19:36 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-11-26 17:19:36 ----A---- C:\WINDOWS\system32\freecell.exe
2010-11-26 17:19:35 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-11-26 17:19:35 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-11-26 17:19:35 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-11-26 17:19:35 ----A---- C:\WINDOWS\system32\tskill.exe
2010-11-26 17:19:35 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-11-26 17:19:35 ----A---- C:\WINDOWS\system32\tscon.exe
2010-11-26 17:19:35 ----A---- C:\WINDOWS\system32\shadow.exe
2010-11-26 17:19:35 ----A---- C:\WINDOWS\system32\reset.exe
2010-11-26 17:19:34 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-11-26 17:19:34 ----A---- C:\WINDOWS\system32\regini.exe
2010-11-26 17:19:34 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-11-26 17:19:34 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-11-26 17:19:34 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-11-26 17:19:34 ----A---- C:\WINDOWS\system32\msg.exe
2010-11-26 17:19:34 ----A---- C:\WINDOWS\system32\logoff.exe
2010-11-26 17:19:33 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-11-26 17:19:33 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-11-26 17:19:32 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-11-26 17:19:31 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-11-26 17:19:31 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-11-26 17:19:31 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-11-26 17:19:31 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-11-26 17:19:30 ----A---- C:\WINDOWS\system32\stclient.dll
2010-11-26 17:19:30 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-11-26 17:19:30 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-11-26 17:19:22 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-11-26 17:19:20 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-11-26 17:19:19 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-11-26 17:19:19 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-11-26 17:19:19 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-11-26 17:19:17 ----D---- C:\Program Files\Windows NT
2010-11-26 17:19:17 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-11-26 17:19:17 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-11-26 17:19:16 ----A---- C:\WINDOWS\system32\spider.exe
2010-11-26 17:19:16 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-11-26 17:19:16 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-11-26 17:19:15 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-11-26 17:19:15 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-11-26 17:19:14 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-11-26 17:19:14 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-11-26 17:19:14 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-11-26 17:19:14 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-11-26 17:19:14 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-11-26 17:19:14 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-11-26 17:19:13 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-11-26 17:19:13 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-11-26 17:19:13 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-11-26 17:19:12 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-11-26 17:19:12 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-11-26 17:19:12 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-11-26 17:19:12 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-11-26 17:19:12 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-11-26 17:19:12 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-11-26 17:19:10 ----D---- C:\WINDOWS\system32\MsDtc
2010-11-26 17:19:10 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-11-26 17:19:09 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-11-26 17:19:09 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-11-26 17:19:09 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-11-26 17:19:09 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-11-26 17:19:08 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-11-26 17:19:08 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-11-26 17:19:07 ----D---- C:\WINDOWS\system32\Com
2010-11-26 17:19:07 ----A---- C:\WINDOWS\system32\colbact.dll
2010-11-26 17:19:07 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-11-26 17:19:07 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-11-26 17:19:07 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-11-26 17:19:07 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-11-26 17:19:06 ----A---- C:\WINDOWS\system32\comuid.dll
2010-11-26 17:19:06 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-11-26 17:19:05 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-11-26 17:18:59 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-11-26 17:18:59 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-11-26 17:18:59 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-11-26 17:18:59 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-11-26 17:18:55 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-11-26 17:18:55 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 months======

2010-11-27 17:13:00 ----A---- C:\WINDOWS\system.ini
2010-11-27 17:03:32 ----A---- C:\WINDOWS\win.ini
2010-11-26 17:24:40 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-26 691696]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-06-16 180480]
S3 mbr;mbr; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys []
S3 pwnoqfob;pwnoqfob; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\pwnoqfob.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-26 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

Mikka · #2 Příspěvek od **Mikka** » 27 lis 2010 17:40

ComboFix 10-11-26.07 - Admin 27.11.2010 17:09:11.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.510.316 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-27 do 2010-11-27 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:52 . 2006-03-02 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2006-03-02 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-06-20 20:42 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"NMSAccess"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.11.2010 17:51 691696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\5xfa7x23.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\5xfa7x23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 17:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-11-27 17:14:25
ComboFix-quarantined-files.txt 2010-11-27 16:14
ComboFix2.txt 2010-11-27 15:18

Před spuštěním: Volných bajtů: 222 952 488 960
Po spuštění: Volných bajtů: 222 935 986 176

- - End Of File - - 2A907406E2FCB5C60245468FC78AB330

Mikka · #3 Příspěvek od **Mikka** » 27 lis 2010 17:55

A právě teď se objevila modrá obrazovka se souborem pwnoqfob.sys - teď jsu v nouzovém režimu

#4 Příspěvek od **motji** » 27 lis 2010 19:27

Dobrý večer

Co Vám hlásilo, že je combofix napadený virem?

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
C:\DOCUME~1\Admin\LOCALS~1\Temp\pwnoqfob.sys

Driver::
pwnoqfob

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Mikka · #5 Příspěvek od **Mikka** » 27 lis 2010 19:49

Avast mi hlasil v combofixu vira a bylo to konkretne v souboru catchme.sys

ComboFix 10-11-26.07 - Admin 27.11.2010 19:41:29.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.510.324 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PWNOQFOB

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-27 do 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 16:33 . 2010-11-27 16:34 -------- d-----w- C:\totalcmd
2010-11-27 16:18 . 2010-11-27 16:18 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:52 . 2006-03-02 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2006-03-02 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-06-20 20:42 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"NMSAccess"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.11.2010 17:51 691696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\5xfa7x23.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\5xfa7x23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 19:46
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1812)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\MICROS~3\OFFICE11\MCPS.DLL
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Celkový čas: 2010-11-27 19:48:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-27 18:48
ComboFix2.txt 2010-11-27 17:44
ComboFix3.txt 2010-11-27 17:22

Před spuštěním: Volných bajtů: 223 069 564 928
Po spuštění: Volných bajtů: 223 016 996 864

- - End Of File - - 321876E01DF28606BA3891C7AC46F4FB

#6 Příspěvek od **motji** » 27 lis 2010 21:07

To je v pořádku, falešná detekce na combofix.

Teď to s počítačem vypadá jak? combofix opět hlásil rootkita?

Mikka · #7 Příspěvek od **Mikka** » 27 lis 2010 21:52

Tady je vysledek trochu starší verze combofixu a taky tam je vir stejne jako u nejnovejsi http://www.virustotal.com/file-scan/rep ... 1290890811 tak nevim co s tim je, jestli jen falesnej poplach a rootkita to hlasi porad

#8 Příspěvek od **motji** » 27 lis 2010 23:56

Ten combofix opravdu zavirovaný není, je to falešná detekce antiviru, nemusíte se bát

.

A s tím rootkitem - prověříme to, ale je možné, že je to také falešná detekce, nebylo by to poprvé v poslední době.

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC

Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde [/quote]

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Mikka · #9 Příspěvek od **Mikka** » 28 lis 2010 13:35

Žádna virtuální jednotka už není nainstalovaná

SPTD odinstalováno

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:00 on 28/11/2010 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-28 13:11:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AADS-00S9B0 rev.01.00A01
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pwnoqfob.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAE62DBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAE62D9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAE62DB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-28 13:09:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AADS-00S9B0 rev.01.00A01
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pwnoqfob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAE620CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xAE620BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xAE621160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xAE62108A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xAE620782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAE620C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xAE6206C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xAE620726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAE620DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAE62122E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xAE620D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xAE620EE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAE62DBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAE62D9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAE62DB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP AE62DB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 3 Bytes JMP AE62D9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection + 4 805A0760 3 Bytes [2E, CC, CC]
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP AE6295D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP AE62AFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP AE62DBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF7928000, 0x1C5D38, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1468] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2780] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x17 0x8A 0x96 0xDF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x17 0x8A 0x96 0xDF ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5000AADS-00S9B0 rev.01.00A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x82373AB8]
3 CLASSPNP[0xF86A6FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000061[0x823CE130]
5 ACPI[0xF853D620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP0T0L0-3[0x82384D98]
kernel: MBR read successfully
user & kernel MBR OK

Automatická kontrola: dokončeno před 2 min. (události: 4, objekty: 71871, čas: 00:22:14)
28.11.2010 13:26:18 Úloha byla spuštěna
28.11.2010 13:36:36 Zjištěno: Backdoor.Win32.Hupigon.mcuc C:\Program Files\WinRAR\Zip.SFX
28.11.2010 13:36:56 Odstraněno: Backdoor.Win32.Hupigon.mcuc C:\Program Files\WinRAR\Zip.SFX
28.11.2010 13:48:33 Úloha byla dokončena

Ještě přidám log z bootkit_remover

.\debug.cpp(238) : Debug log started at 28.11.2010 - 13:42:05
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x001f9200 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806d1000 0x00020300 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf8b66000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf8a76000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf8537000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf8b68000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf8526000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf8666000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf8c2e000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf88e6000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf8b6a000 0x00002000 "viaide.sys"
.\debug.cpp(256) : 0xf8676000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf8507000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf88ee000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf8686000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf84ef000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf8696000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf86a6000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf84cf000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf84b8000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf842b000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf83fe000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf83e4000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf86b6000 0x0000c000 "gagp30kx.sys"
.\debug.cpp(256) : 0xf87a6000 0x00010000 "\SystemRoot\system32\DRIVERS\AmdK8.sys"
.\debug.cpp(256) : 0xf790b000 0x003b6000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys"
.\debug.cpp(256) : 0xf78f7000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf78ca000 0x0002d000 "\SystemRoot\system32\DRIVERS\yk51x86.sys"
.\debug.cpp(256) : 0xf87b6000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf87c6000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf87d6000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf78a7000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xf897e000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xf7866000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf8986000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf762e000 0x00238000 "\SystemRoot\system32\drivers\ALCXWDM.SYS"
.\debug.cpp(256) : 0xf760a000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf87e6000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xf8b7c000 0x00002000 "\SystemRoot\system32\DRIVERS\ASACPI.sys"
.\debug.cpp(256) : 0xf87f6000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf898e000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf8d48000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf8806000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf8b16000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf75f3000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf8816000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf8826000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf8996000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf75e2000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf8836000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf89a6000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf89ae000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf8846000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf89b6000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf8b7e000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf7584000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf8b26000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf8856000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf8886000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf8b80000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf8b82000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf8cda000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf8b84000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf89d6000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf8b86000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf8b88000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xf89de000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xf89e6000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xf8b56000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xae7cb000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xae772000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xf8896000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
.\debug.cpp(256) : 0xae74a000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xae728000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf88a6000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xae6fd000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xae665000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf88c6000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xae63f000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xf88d6000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xf7ccd000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xf86e6000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xf89ee000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xae618000 0x00027000 "\SystemRoot\System32\Drivers\aswSP.SYS"
.\debug.cpp(256) : 0xf89fe000 0x00006000 "\SystemRoot\System32\Drivers\Aavmker4.SYS"
.\debug.cpp(256) : 0xf7cc9000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xf8716000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xae5d8000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xf8b92000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xf757c000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xf8a0e000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf8dbb000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00053000 "\SystemRoot\System32\ati2dvag.dll"
.\debug.cpp(256) : 0xbf065000 0x00099000 "\SystemRoot\System32\ati2cqag.dll"
.\debug.cpp(256) : 0xbf0fe000 0x00084000 "\SystemRoot\System32\atikvmag.dll"
.\debug.cpp(256) : 0xbf182000 0x0004b000 "\SystemRoot\System32\atiok3x2.dll"
.\debug.cpp(256) : 0xbf1cd000 0x003a5000 "\SystemRoot\System32\ati3duag.dll"
.\debug.cpp(256) : 0xbf572000 0x0028c000 "\SystemRoot\System32\ativvaxx.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xac330000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
.\debug.cpp(256) : 0xac2d0000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xac0a1000 0x00017000 "\SystemRoot\System32\Drivers\aswMon2.SYS"
.\debug.cpp(256) : 0xabe34000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xac228000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xabbff000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xabb57000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xab90e000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xf8926000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"
.\debug.cpp(256) : 0xab6c3000 0x00018000 "\??\C:\DOCUME~1\Admin\LOCALS~1\Temp\pwnoqfob.sys"
.\debug.cpp(256) : 0xf8a3e000 0x00007000 "\??\C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys"
.\debug.cpp(256) : 0x7c900000 0x000b1000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381106&REV_81#3&2411e6fe&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BB73B494-C182-483A-BFC1-C2B990A30B1C}"
.\debug.cpp(400) : Destination "\Device\{BB73B494-C182-483A-BFC1-C2B990A30B1C}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
.\debug.cpp(400) : Destination "\Device\aswSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
.\debug.cpp(400) : Destination "\Device\aswSP_Pot2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{17CFA9E0-4E42-4172-8301-63E82658BE9B}"
.\debug.cpp(400) : Destination "\Device\{17CFA9E0-4E42-4172-8301-63E82658BE9B}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) : Destination "\Device\ATKACPI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{47a0456c-f981-11df-bebe-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWMON"
.\debug.cpp(400) : Destination "\Device\aswMon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_554F&SUBSYS_1600174B&REV_00#4&31e14917&0&0010#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7DE328BD-6DCD-4DA5-BB87-F282DB130DDE}"
.\debug.cpp(400) : Destination "\Device\{7DE328BD-6DCD-4DA5-BB87-F282DB130DDE}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DD5A49A4-314E-459E-9ADD-8D934712B13C}"
.\debug.cpp(400) : Destination "\Device\{DD5A49A4-314E-459E-9ADD-8D934712B13C}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c044#6&1a48e776&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
.\debug.cpp(400) : Destination "\Device\ASWTDI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-4167B_______________DL13____#4235443546333936353139372020202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000032"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bf256a23-f97e-11df-8c09-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&10dd5b20&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{86DBAE64-D16A-4739-8D10-FD6FC91B7C04}"
.\debug.cpp(400) : Destination "\Device\{86DBAE64-D16A-4739-8D10-FD6FC91B7C04}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_81741043&REV_60#3&2411e6fe&0&8D#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD5000AADS-00S9B0___________________01.00A01#5&27e30d4e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pwnoqfob"
.\debug.cpp(400) : Destination "\Device\pwnoqfob"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c044#5&d54d105&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6872F1D4-110C-40B1-8E8C-9AAC6E24B1B9}"
.\debug.cpp(400) : Destination "\Device\{6872F1D4-110C-40B1-8E8C-9AAC6E24B1B9}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381106&REV_81#3&2411e6fe&0&83#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&2411e6fe&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4362&SUBSYS_81421043&REV_19#4&825c12e&0&001A#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0028"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-4167B_______________DL13____#4235443546333936353139372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381106&REV_81#3&2411e6fe&0&82#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-4167B_______________DL13____#4235443546333936353139372020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&9bfdb23&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381106&REV_81#3&2411e6fe&0&81#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AAVMKER4"
.\debug.cpp(400) : Destination "\Device\AavmKer4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1c798bc8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_31041106&REV_86#3&2411e6fe&0&84#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
.\debug.cpp(400) : Destination "\Device\USNTracker"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bf256a22-f97e-11df-8c09-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureEE85EE85Offset35EF550400Length3E80C5FC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_81741043&REV_60#3&2411e6fe&0&8D#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&32a0f485&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_556F&SUBSYS_1601174B&REV_00#4&31e14917&0&0110#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0027"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureEE85EE85Offset7E00Length35EF540800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1fe743e0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{99F76473-1E07-4A9C-A679-C31918DE1551}"
.\debug.cpp(400) : Destination "\Device\{99F76473-1E07-4A9C-A679-C31918DE1551}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_81741043&REV_60#3&2411e6fe&0&8D#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_47#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
.\debug.cpp(400) : Destination "\Device\aswSP_Avar"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
.\debug.cpp(400) : Destination "\Device\mbr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
.\debug.cpp(400) : Destination "\Device\ASWRDR"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_81741043&REV_60#3&2411e6fe&0&8D#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c044#6&1a48e776&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;

Mikka · #10 Příspěvek od **Mikka** » 28 lis 2010 14:45

Zajímalo by mě proč se tam pořád objevuje soubor pwnoqfob.sys

#11 Příspěvek od **motji** » 28 lis 2010 22:23

A jsme doma, je to soubor od Gmeru

Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pwnoqfob.sys

Jak to ted vypadá s počítačem?

Mikka · #12 Příspěvek od **Mikka** » 28 lis 2010 22:37

Hlavní problém byl s tím jak to bylo pomalý 2 min. po spuštění, to už je v pořádku, ale combofix pořad hlásil rootkita. Googlil jsem a našel už nevím jakej program (funguje v dos okně) a napsal v překladu, že našel neznámý rootkit, potom mě napadlo přes instalační cd použít přikaz fixmbr a fixboot, potom už program psal, že je všechno v pořádku. Bohužel na další spuštění combofixu nebyl čas, ségra si odvezla pc. Tak teď už to bude doufám v pořádku.
Děkuju za pomoc.

#13 Příspěvek od **motji** » 28 lis 2010 22:42

pokud by byl rootkit v MBR, objevil by se mi záznam v gmeru, a to bylo v pořádku. I bootkit remover byl naprosto v pořádku

. Možná nějaký zbytjkový kod,nebo combofix trošku zlobí

.

Jak budete u pc, tak ještě uklidte po combofixu.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

VIRY.CZ

Asi rootkit

Asi rootkit

Re: Asi rootkit

Re: Asi rootkit

Re: Asi rootkit

Re: Asi rootkit

Re: Asi rootkit

Re: Asi rootkit

Re: Asi rootkit

Re: Asi rootkit

Re: Asi rootkit

Re: Asi rootkit

Re: Asi rootkit

Re: Asi rootkit