Prosím o radu, jak odstranit neznámý rootkit ve Windows XP.
Combofix mi hlásí, že zjistil přítomnost rootkitu, a proto vždy při kontrole restartuje PC. Následně mi vygeneruje tento log:
................................
ComboFix 11-04-13.04 - Petr 14.04.2011 10:56:39.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.242 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: TrustPort Antivirus *Disabled/Updated* {3E803F6C-6C2F-4647-BCA9-1C7E98603DB4}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-14 do 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-13 19:20 . 2011-04-13 19:20 -------- d-----w- C:\ATI
2011-04-13 17:25 . 2011-04-13 17:25 -------- d-----r- C:\MSOCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:35 . 2010-01-14 15:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52 . 2010-01-14 15:02 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:26 . 2010-01-14 15:02 919552 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:26 . 2010-01-14 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:26 . 2010-01-14 15:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-18 12:08 . 2010-01-14 15:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 16:24 . 2010-01-14 15:02 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 13:19 . 2010-01-14 15:00 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:19 . 2010-01-14 15:01 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-15 13:05 . 2010-01-14 14:59 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-01-21 14:42 . 2010-01-14 15:01 8467456 ----a-w- c:\windows\system32\shell32.dll
2011-01-21 14:42 . 2010-01-14 15:01 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-03-18 17:55 . 2011-04-13 16:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-04-13_20.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-14 08:50 . 2011-04-14 08:50 16384 c:\windows\Temp\Perflib_Perfdata_2f8.dat
+ 2011-04-13 22:00 . 2011-03-21 11:41 35920 c:\windows\system32\drivers\tpsec.sys
+ 2011-04-14 01:24 . 2010-12-20 16:09 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2011-04-14 01:24 . 2010-12-20 16:08 20952 c:\windows\system32\drivers\mbam.sys
+ 2011-04-13 22:00 . 2011-03-21 11:39 37648 c:\windows\system32\drivers\avasdmft.sys
+ 2011-04-13 21:53 . 2011-04-13 21:53 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9824b202ffe88c945577effdc7fc8fc3\UIAutomationProvider.ni.dll
+ 2011-04-13 23:14 . 2011-04-13 23:14 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\6474ae2cebac637025eab3cbcdc9ffe6\System.Windows.Presentation.ni.dll
+ 2011-04-13 23:13 . 2011-04-13 23:13 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\50cbf014f60fa88f67a763dfbead1fee\System.Web.ApplicationServices.ni.dll
+ 2011-04-13 23:13 . 2011-04-13 23:13 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f472171edc898ea876f14b97b4f332b8\System.ServiceModel.Channels.ni.dll
+ 2011-04-13 22:47 . 2011-04-13 22:47 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\473102f936b4a823e5e2b2e6282c5104\System.AddIn.Contract.ni.dll
+ 2011-04-13 20:53 . 2011-04-13 20:53 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\1a21a54acf18fabfddb0b94d40e509a1\Microsoft.VisualC.ni.dll
+ 2011-04-13 23:14 . 2011-04-13 23:14 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\c854ff737035c79fdf1b56b95e28fdbc\WindowsFormsIntegration.ni.dll
+ 2011-04-13 21:54 . 2011-04-13 21:54 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c085fc0d222fb39afe14cc8e5eb32eee\UIAutomationTypes.ni.dll
+ 2011-04-13 23:14 . 2011-04-13 23:14 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\974f99cb0c5b67484ce5a3fd1fc5e7dd\UIAutomationClient.ni.dll
+ 2011-04-13 21:51 . 2011-04-13 21:51 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6d7c87b19bf40f2bc57ec4429b628c9a\System.Xml.Linq.ni.dll
+ 2011-04-13 21:54 . 2011-04-13 21:54 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\21eb4743be4fdd8df5f0a9cd0dd52f5d\System.Windows.Input.Manipulations.ni.dll
+ 2011-04-13 21:52 . 2011-04-13 21:52 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1fac5b5769af4e4dd0aa3f09d9834734\System.Transactions.ni.dll
+ 2011-04-13 23:13 . 2011-04-13 23:13 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\4e5c6a1e261c43961b19f4712359234f\System.ServiceProcess.ni.dll
+ 2011-04-13 23:13 . 2011-04-13 23:13 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9fc58e83505ef6bf05a4529665c7737d\System.ServiceModel.Routing.ni.dll
+ 2011-04-13 21:53 . 2011-04-13 21:53 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7de8fccb064fff0d219e8594a014b600\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-13 21:53 . 2011-04-13 21:53 758784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\30b7ffac8d9d7ba0364dd19c158fe291\System.Runtime.Remoting.ni.dll
+ 2011-04-13 23:09 . 2011-04-13 23:09 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\56158e581a3dfce8f930fe7388cfe156\System.Net.ni.dll
+ 2011-04-13 23:09 . 2011-04-13 23:09 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\8b3e59239912537657fc7f9c6b88dd8a\System.Messaging.ni.dll
+ 2011-04-13 23:09 . 2011-04-13 23:09 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\117067671949b80852b0a7c112888b7b\System.Management.Instrumentation.ni.dll
+ 2011-04-13 23:09 . 2011-04-13 23:09 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\a483116d4df8444911c9d47fd99b8b95\System.IO.Log.ni.dll
+ 2011-04-13 23:08 . 2011-04-13 23:08 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3891b868ee83ca630686d547c328da31\System.IdentityModel.Selectors.ni.dll
+ 2011-04-13 21:52 . 2011-04-13 21:52 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.Wrapper.dll
+ 2011-04-13 21:52 . 2011-04-13 21:52 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.ni.dll
+ 2011-04-13 23:08 . 2011-04-13 23:08 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8a7ceaec74327e2be758e7291b8a5849\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-13 23:08 . 2011-04-13 23:08 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\698dd101afeceb8ffc4a435b9be82038\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-13 23:08 . 2011-04-13 23:08 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\65b4592d5d04a0c5b6f102f8d1e065e8\System.Device.ni.dll
+ 2011-04-13 22:47 . 2011-04-13 22:47 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ee0a48c4f9340f1002baa71004a14932\System.Data.DataSetExtensions.ni.dll
+ 2011-04-13 22:47 . 2011-04-13 22:47 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\9a074aee02c2c27bd8a64bd39bb0f954\System.Configuration.Install.ni.dll
+ 2011-04-13 22:47 . 2011-04-13 22:47 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\f02a6c23986ba9eee3699717437b0f94\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-13 22:47 . 2011-04-13 22:47 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\d5de48c1c29a8498c89ed5da48e40690\System.AddIn.ni.dll
+ 2011-04-13 22:40 . 2011-04-13 22:40 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\d60de251f6401ab42fe195f6bf25ca73\System.Activities.DurableInstancing.ni.dll
+ 2011-04-13 21:52 . 2011-04-13 21:52 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\22f477b2dad8700e564daead57f5b825\SMDiagnostics.ni.dll
+ 2011-04-13 20:53 . 2011-04-13 20:53 302080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\44a9f19e5d0b486e1b2f3278375f8828\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-04-13 20:52 . 2011-04-13 20:52 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\a78fa250714cf42472bc22d0b7ea14e5\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-13 23:14 . 2011-04-13 23:14 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\28121866e3d6d8b0dc72d9e250b0af1c\UIAutomationClientsideProviders.ni.dll
+ 2011-04-13 21:51 . 2011-04-13 21:51 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\738a078bc59722d6b06b5ae5e99569f9\System.Xaml.ni.dll
+ 2011-04-13 23:14 . 2011-04-13 23:14 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\eec21f9b08bbed54d9e36038badaf289\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-04-13 23:13 . 2011-04-13 23:13 1828352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\46f59c5b9fee41849705f2b5f1102d66\System.Web.Services.ni.dll
+ 2011-04-13 23:13 . 2011-04-13 23:13 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\01a3b3bf7fadd971e17400c8502ec886\System.Speech.ni.dll
+ 2011-04-13 23:13 . 2011-04-13 23:13 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6856341eadab4c3ace0e39182649bba2\System.ServiceModel.Discovery.ni.dll
+ 2011-04-13 23:12 . 2011-04-13 23:12 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4048a5620b0fa66a7414cff30155d30c\System.ServiceModel.Activities.ni.dll
+ 2011-04-13 21:52 . 2011-04-13 21:52 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\c46375bba06671d2a9369e630752987a\System.Runtime.Serialization.ni.dll
+ 2011-04-13 21:52 . 2011-04-13 21:52 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\6b6309a2e7f384bac4ccbdf1eca34c30\System.Runtime.DurableInstancing.ni.dll
+ 2011-04-13 21:55 . 2011-04-13 21:55 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\24f97354b0a95ef77b2db8de9e7374fe\System.Printing.ni.dll
+ 2011-04-13 23:09 . 2011-04-13 23:09 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\05a0937d76f565aa728348fc24f6c2eb\System.Management.ni.dll
+ 2011-04-13 23:08 . 2011-04-13 23:08 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1f045fc92d6402b27f6b9fb9291d44c3\System.IdentityModel.ni.dll
+ 2011-04-13 21:53 . 2011-04-13 21:53 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6dc0ed081400ec315f895bdc7fd016c4\System.DirectoryServices.ni.dll
+ 2011-04-13 21:55 . 2011-04-13 21:55 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2a2a921350a9651e9bd681197edeb88d\System.Deployment.ni.dll
+ 2011-04-13 23:08 . 2011-04-13 23:08 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\aa778d274523b93d389e581e58698918\System.Data.Services.Client.ni.dll
+ 2011-04-13 22:36 . 2011-04-13 22:36 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\ec488a50a47246a625159744ad8e0931\System.Activities.ni.dll
+ 2011-04-13 22:47 . 2011-04-13 22:47 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\00fb4f96c610880aeee34d8670347a6d\System.Activities.Presentation.ni.dll
+ 2011-04-13 22:39 . 2011-04-13 22:39 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\a965a0f825fb91ce7cf78d99263968b4\System.Activities.Core.Presentation.ni.dll
+ 2011-04-13 22:34 . 2011-04-13 22:34 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\3f04b2ab8961aceac03f8ae2ccabe947\ReachFramework.ni.dll
+ 2011-04-13 21:51 . 2011-04-13 21:51 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3aebfb1497141c9466ee8ce68a3bf805\PresentationUI.ni.dll
+ 2011-04-13 20:53 . 2011-04-13 20:53 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ff572ca3a119cd72903df8c6ed667b62\Microsoft.VisualBasic.ni.dll
+ 2011-04-13 20:53 . 2011-04-13 20:53 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\320f1578082f1de1f8562ce92c0c2dab\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-04-13 20:53 . 2011-04-13 20:53 1137664 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2c7956de8e9d90daf06667f55dfede8c\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-04-13 20:52 . 2011-04-13 20:52 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ac03be8a96bd10965da87208d81eb07d\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-13 23:09 . 2011-04-13 23:09 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\d4572ad085979b16261058f1433e73e9\Microsoft.JScript.ni.dll
+ 2011-04-13 23:12 . 2011-04-13 23:12 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8964b15d32028ef9dfe776216af8524d\System.ServiceModel.ni.dll
+ 2011-04-13 23:08 . 2011-04-13 23:08 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\38409bc0ee7cdb9fbc981fefea83ab23\System.Data.Entity.ni.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2011-04-13 136176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"VIARaidUtl"="c:\program files\VIA\RAID\raid_tool.exe" [2009-02-19 4918936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"AntivirusCommunicatorAgent"="c:\program files\TrustPort\Antivirus\bin\avcom.exe" [2011-03-21 774416]
"TrustPortTray"="c:\program files\Common Files\TrustPort\Bin\tptray.exe" [2011-03-21 721168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [13.4.2011 18:46 77312]
R2 tpmgma_service;TrustPort Core Service;c:\program files\Common Files\TrustPort\bin\tpmgma.exe [14.4.2011 0:00 404040]
R2 tpsec;TrustPort Security Filter;c:\windows\system32\drivers\tpsec.sys [14.4.2011 0:00 35920]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [30.3.2011 19:00 1523008]
R3 avss_service;TrustPort Antivirus Service Scanner Provider;c:\program files\TrustPort\Antivirus\bin\avss.exe [14.4.2011 0:00 291088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10.2.2011 11:22 10064]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 17:04 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [13.4.2011 19:51 52888]
S3 avas_service;TrustPort Antivirus On-Access Scanner Agent;c:\program files\TrustPort\Antivirus\bin\avas.exe [14.4.2011 0:00 495888]
S3 avasdmft;TrustPort Antivirus On-Access Scanner (W2K/XP) MF;c:\windows\system32\drivers\avasdmft.sys [14.4.2011 0:00 37648]
S3 dsio;TrustPort Raw IO Driver;c:\program files\Common Files\TrustPort\bin\dsio.sys [14.4.2011 0:00 16656]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\C.tmp --> c:\windows\system32\C.tmp [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.1.2010 17:01 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-14 c:\windows\Tasks\TrustPort Updater.job
- c:\program files\Common Files\TrustPort\bin\tpupdate.exe [2011-04-13 11:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\vpvmwxvn.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 11:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VIARaidUtl = c:\program files\VIA\RAID\raid_tool.exe?_HyperionP
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-04-14 11:06:12
ComboFix-quarantined-files.txt 2011-04-14 09:06
ComboFix2.txt 2011-04-13 21:00
ComboFix3.txt 2011-04-13 20:37
.
Před spuštěním: Volných bajtů: 100 648 873 984
Po spuštění: Volných bajtů: 100 663 074 816
.
- - End Of File - - C1E2469D8B787DD9D0F7E6E9B80736C6
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Rootkit v systému Windows XP
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Rootkit v systému Windows XP
Zdravim a pekny den preji 
Vy umite pouzivat ComboFix - cist jeho logy a nasledne vytvorit skript s prikazy, ze si jej aplikujete (opakovane)? CFko je urceno primarne pro radce - vizte nize
Nebezpeci CFka
Vy umite pouzivat ComboFix - cist jeho logy a nasledne vytvorit skript s prikazy, ze si jej aplikujete (opakovane)? CFko je urceno primarne pro radce - vizte nize Nebezpeci CFka
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Rootkit v systému Windows XP
Dobrý den.vyosek píše:Zdravim a pekny den preji
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
ComboFix používám již dlouho, ale čísto jeho logy a dělat skripty neumím. Vždy jsem ho používal "automaticky", takže jen spustil, on kontroloval a většinou sám něco smazal a byl klid...
Posílám ještě log z RSIT:
.......................
Logfile of random's system information tool 1.08 (written by random/random)
Run by Petr at 2011-04-14 12:05:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 95 GB (91%) free of 104 GB
Total RAM: 767 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:06:12, on 14.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\TrustPort\bin\tpmgma.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\TrustPort\Antivirus\bin\avss.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TrustPort\Antivirus\bin\avas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\Documents and Settings\Petr\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Petr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VIARaidUtl] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AntivirusCommunicatorAgent] "C:\Program Files\TrustPort\Antivirus\bin\avcom.exe"
O4 - HKLM\..\Run: [TrustPortTray] "C:\Program Files\Common Files\TrustPort\Bin\tptray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrustPort Antivirus On-Access Scanner Agent (avas_service) - TrustPort, a.s. - C:\Program Files\TrustPort\Antivirus\bin\avas.exe
O23 - Service: TrustPort Antivirus Service Scanner Provider (avss_service) - TrustPort, a.s. - C:\Program Files\TrustPort\Antivirus\bin\avss.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TrustPort Core Service (tpmgma_service) - TrustPort, a.s. - C:\Program Files\Common Files\TrustPort\bin\tpmgma.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
--
End of file - 5255 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\TrustPort Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-13 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-04-13 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072]
"VIARaidUtl"=C:\Program Files\VIA\RAID\raid_tool.exe [2009-02-19 4918936]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"AntivirusCommunicatorAgent"=C:\Program Files\TrustPort\Antivirus\bin\avcom.exe [2011-03-21 774416]
"TrustPortTray"=C:\Program Files\Common Files\TrustPort\Bin\tptray.exe [2011-03-21 721168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-04-13 136176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2010-01-14 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2010-01-14 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2010-01-14 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpmgma_service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2011-04-14 12:05:54 ----D---- C:\Program Files\trend micro
2011-04-14 12:05:53 ----D---- C:\rsit
2011-04-14 11:56:52 ----SHD---- C:\Config.Msi
2011-04-14 11:06:12 ----A---- C:\ComboFix.txt
2011-04-14 10:36:35 ----ASH---- C:\hiberfil.sys
2011-04-14 03:32:53 ----A---- C:\WINDOWS\ntbtlog.txt
2011-04-14 03:27:49 ----D---- C:\WINDOWS\Sun
2011-04-14 03:25:11 ----D---- C:\Documents and Settings\Petr\Data aplikací\Malwarebytes
2011-04-14 03:24:59 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-04-14 03:24:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-04-14 03:24:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-14 03:24:53 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-04-14 00:00:51 ----A---- C:\WINDOWS\system32\drivers\avasdmft.sys
2011-04-14 00:00:50 ----D---- C:\Program Files\TrustPort
2011-04-14 00:00:50 ----D---- C:\Program Files\Common Files\TrustPort
2011-04-14 00:00:50 ----A---- C:\WINDOWS\system32\drivers\tpsec.sys
2011-04-13 23:59:37 ----D---- C:\WINDOWS\system32\appmgmt
2011-04-13 23:42:45 ----D---- C:\Program Files\Sophos
2011-04-13 23:41:13 ----D---- C:\Program Files\CCleaner
2011-04-13 23:03:14 ----SHD---- C:\WINDOWS\CSC
2011-04-13 22:12:32 ----A---- C:\Boot.bak
2011-04-13 22:12:26 ----RASHD---- C:\cmdcons
2011-04-13 22:11:26 ----A---- C:\WINDOWS\zip.exe
2011-04-13 22:11:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-04-13 22:11:26 ----A---- C:\WINDOWS\SWSC.exe
2011-04-13 22:11:26 ----A---- C:\WINDOWS\SWREG.exe
2011-04-13 22:11:26 ----A---- C:\WINDOWS\sed.exe
2011-04-13 22:11:26 ----A---- C:\WINDOWS\PEV.exe
2011-04-13 22:11:26 ----A---- C:\WINDOWS\NIRCMD.exe
2011-04-13 22:11:26 ----A---- C:\WINDOWS\MBR.exe
2011-04-13 22:11:26 ----A---- C:\WINDOWS\grep.exe
2011-04-13 22:11:19 ----D---- C:\WINDOWS\ERDNT
2011-04-13 22:11:14 ----D---- C:\Qoobox
2011-04-13 21:37:07 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2011-04-13 21:37:05 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2011-04-13 21:36:47 ----D---- C:\Documents and Settings\Petr\Data aplikací\TuneUp Software
2011-04-13 21:36:35 ----D---- C:\Program Files\TuneUp Utilities 2011
2011-04-13 21:36:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2011-04-13 21:36:19 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-13 21:35:46 ----D---- C:\Program Files\MSECache
2011-04-13 21:29:46 ----D---- C:\Documents and Settings\Petr\Data aplikací\ATI
2011-04-13 21:29:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2011-04-13 21:24:17 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2011-04-13 21:22:54 ----D---- C:\Program Files\ATI Technologies
2011-04-13 21:20:58 ----D---- C:\ATI
2011-04-13 19:57:42 ----A---- C:\WINDOWS\NeroDigital.ini
2011-04-13 19:51:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-04-13 19:51:13 ----N---- C:\WINDOWS\system32\difxapi.dll
2011-04-13 19:50:45 ----A---- C:\WINDOWS\system32\drivers\viamraid.sys
2011-04-13 19:50:43 ----A---- C:\WINDOWS\system32\drivers\xfilt.sys
2011-04-13 19:50:43 ----A---- C:\WINDOWS\system32\drivers\videX32.sys
2011-04-13 19:41:53 ----A---- C:\WINDOWS\RtlRack.ini
2011-04-13 19:30:00 ----A---- C:\WINDOWS\ODBC.INI
2011-04-13 19:29:54 ----A---- C:\WINDOWS\system32\mdimon.dll
2011-04-13 19:27:52 ----D---- C:\Program Files\Common Files\DESIGNER
2011-04-13 19:26:58 ----D---- C:\WINDOWS\SHELLNEW
2011-04-13 19:26:54 ----D---- C:\Program Files\Microsoft Office
2011-04-13 19:25:12 ----RD---- C:\MSOCache
2011-04-13 19:07:59 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2011-04-13 19:07:57 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2011-04-13 19:07:55 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2011-04-13 19:07:53 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2011-04-13 19:07:52 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2011-04-13 19:07:50 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2011-04-13 19:07:49 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2011-04-13 19:07:47 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2011-04-13 19:07:46 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011-04-13 19:07:44 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2011-04-13 19:07:41 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011-04-13 19:07:24 ----A---- C:\WINDOWS\system32\ksuser.dll
2011-04-13 19:07:24 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2011-04-13 19:07:22 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2011-04-13 19:07:18 ----D---- C:\Program Files\Realtek Sound Manager
2011-04-13 19:07:16 ----N---- C:\WINDOWS\avrack.ini
2011-04-13 19:07:16 ----D---- C:\Program Files\AvRack
2011-04-13 19:07:14 ----A---- C:\WINDOWS\system32\Audio3D.dll
2011-04-13 19:07:14 ----A---- C:\WINDOWS\system32\a3d.dll
2011-04-13 19:07:13 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2011-04-13 19:07:13 ----A---- C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011-04-13 19:07:13 ----A---- C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011-04-13 19:07:13 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2011-04-13 19:07:12 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2011-04-13 19:07:10 ----N---- C:\WINDOWS\alcupd.exe
2011-04-13 19:07:10 ----N---- C:\WINDOWS\alcrmv.exe
2011-04-13 19:02:43 ----D---- C:\Program Files\WinRAR
2011-04-13 19:00:25 ----D---- C:\Documents and Settings\Petr\Data aplikací\Ahead
2011-04-13 18:59:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ahead
2011-04-13 18:58:03 ----A---- C:\WINDOWS\system32\h323log.txt
2011-04-13 18:56:18 ----D---- C:\Program Files\Nero
2011-04-13 18:56:18 ----D---- C:\Program Files\Common Files\Ahead
2011-04-13 18:56:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2011-04-13 18:49:01 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2011-04-13 18:48:16 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-04-13 18:47:57 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2011-04-13 18:47:39 ----A---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-04-13 18:47:39 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2011-04-13 18:47:39 ----A---- C:\WINDOWS\system32\ati3duag.dll
2011-04-13 18:47:39 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2011-04-13 18:47:39 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2011-04-13 18:47:39 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2011-04-13 18:47:04 ----A---- C:\WINDOWS\system32\drivers\enum1394.sys
2011-04-13 18:47:02 ----A---- C:\WINDOWS\system32\drivers\fetnd5.sys
2011-04-13 18:46:56 ----A---- C:\WINDOWS\system32\usbui.dll
2011-04-13 18:46:53 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-13 18:46:51 ----A---- C:\WINDOWS\system32\drivers\UAGP35.SYS
2011-04-13 18:46:34 ----D---- C:\Program Files\VIA
2011-04-13 18:46:27 ----D---- C:\Program Files\Common Files\InstallShield
2011-04-13 18:46:17 ----A---- C:\WINDOWS\system32\drivers\viasraid.sys
2011-04-13 18:45:39 ----SHD---- C:\WINDOWS\Installer
2011-04-13 18:45:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-13 18:45:38 ----D---- C:\Program Files\Common Files\ODBC
2011-04-13 18:45:38 ----A---- C:\WINDOWS\ODBCINST.INI
2011-04-13 18:45:35 ----RD---- C:\Program Files
2011-04-13 18:45:35 ----D---- C:\Program Files\Common Files\SpeechEngines
2011-04-13 18:45:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-04-13 18:45:35 ----D---- C:\Program Files\Common Files
2011-04-13 18:45:27 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2011-04-13 18:45:27 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2011-04-13 18:45:27 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbdur.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbdru.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2011-04-13 18:45:25 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2011-04-13 18:45:23 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2011-04-13 18:45:23 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2011-04-13 18:45:23 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2011-04-13 18:45:23 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2011-04-13 18:45:23 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2011-04-13 18:45:23 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2011-04-13 18:45:23 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2011-04-13 18:45:21 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2011-04-13 18:45:21 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2011-04-13 18:45:21 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2011-04-13 18:45:21 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2011-04-13 18:45:21 ----RA---- C:\WINDOWS\system32\kbdest.dll
2011-04-13 18:45:16 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2011-04-13 18:45:16 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2011-04-13 18:45:15 ----RA---- C:\WINDOWS\system32\kbdro.dll
2011-04-13 18:45:15 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2011-04-13 18:45:15 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2011-04-13 18:45:14 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2011-04-13 18:45:14 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2011-04-13 18:45:14 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2011-04-13 18:45:14 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2011-04-13 18:45:14 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2011-04-13 18:45:12 ----A---- C:\WINDOWS\system32\irclass.dll
2011-04-13 18:45:12 ----A---- C:\WINDOWS\system32\dgsetup.dll
2011-04-13 18:45:12 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2011-04-13 18:45:11 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-04-13 18:45:11 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2011-04-13 18:45:08 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2011-04-13 18:45:08 ----A---- C:\WINDOWS\TASKMAN.EXE
2011-04-13 18:45:08 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2011-04-13 18:45:07 ----A---- C:\WINDOWS\system32\storprop.dll
2011-04-13 18:45:07 ----A---- C:\WINDOWS\system32\batt.dll
2011-04-13 18:45:07 ----A---- C:\WINDOWS\NOTEPAD.EXE
2011-04-13 18:44:58 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2011-04-13 18:44:36 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-13 18:44:36 ----D---- C:\WINDOWS\system32\CatRoot
2011-04-13 18:44:30 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-04-13 18:44:10 ----D---- C:\Documents and Settings
2011-04-13 18:44:09 ----SHD---- C:\System Volume Information
2011-04-13 18:43:05 ----RASH---- C:\boot.ini
2011-04-13 18:40:06 ----SD---- C:\WINDOWS\Offline Web Pages
2011-04-13 18:40:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-04-13 18:40:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-04-13 18:40:06 ----RSD---- C:\WINDOWS\Fonts
2011-04-13 18:40:06 ----RD---- C:\WINDOWS\Web
2011-04-13 18:40:06 ----HD---- C:\WINDOWS\inf
2011-04-13 18:40:06 ----D---- C:\WINDOWS\WinSxS
2011-04-13 18:40:06 ----D---- C:\WINDOWS\WBEM
2011-04-13 18:40:06 ----D---- C:\WINDOWS\twain_32
2011-04-13 18:40:06 ----D---- C:\WINDOWS\Temp
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\wins
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\wbem
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\usmt
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\spool
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\ShellExt
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\Setup
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\ras
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\oobe
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\npp
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\mui
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\inetsrv
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\IME
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\icsxml
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\ias
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\export
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\drivers\etc
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\drivers\disdn
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\drivers
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\dhcp
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\cs-cz
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\cs
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\config
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\3com_dmi
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\3076
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\2052
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\1054
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\1042
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\1041
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\1037
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\1033
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\1031
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\1029
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\1028
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32\1025
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system32
2011-04-13 18:40:06 ----D---- C:\WINDOWS\system
2011-04-13 18:40:06 ----D---- C:\WINDOWS\security
2011-04-13 18:40:06 ----D---- C:\WINDOWS\Resources
2011-04-13 18:40:06 ----D---- C:\WINDOWS\repair
2011-04-13 18:40:06 ----D---- C:\WINDOWS\Provisioning
2011-04-13 18:40:06 ----D---- C:\WINDOWS\pchealth
2011-04-13 18:40:06 ----D---- C:\WINDOWS\PeerNet
2011-04-13 18:40:06 ----D---- C:\WINDOWS\Network Diagnostic
2011-04-13 18:40:06 ----D---- C:\WINDOWS\mui
2011-04-13 18:40:06 ----D---- C:\WINDOWS\msapps
2011-04-13 18:40:06 ----D---- C:\WINDOWS\msagent
2011-04-13 18:40:06 ----D---- C:\WINDOWS\Media
2011-04-13 18:40:06 ----D---- C:\WINDOWS\L2Schemas
2011-04-13 18:40:06 ----D---- C:\WINDOWS\java
2011-04-13 18:40:06 ----D---- C:\WINDOWS\ime
2011-04-13 18:40:06 ----D---- C:\WINDOWS\Help
2011-04-13 18:40:06 ----D---- C:\WINDOWS\ehome
2011-04-13 18:40:06 ----D---- C:\WINDOWS\Driver Cache
2011-04-13 18:40:06 ----D---- C:\WINDOWS\Debug
2011-04-13 18:40:06 ----D---- C:\WINDOWS\Cursors
2011-04-13 18:40:06 ----D---- C:\WINDOWS\Connection Wizard
2011-04-13 18:40:06 ----D---- C:\WINDOWS\Config
2011-04-13 18:40:06 ----D---- C:\WINDOWS\AppPatch
2011-04-13 18:40:06 ----D---- C:\WINDOWS\addins
2011-04-13 18:40:06 ----D---- C:\WINDOWS
2011-04-13 18:40:06 ----ASH---- C:\pagefile.sys
2011-04-13 18:29:04 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2011-04-13 18:29:03 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2011-04-13 18:28:59 ----D---- C:\Program Files\ffdshow
2011-04-13 18:28:39 ----D---- C:\Program Files\Haali
2011-04-13 18:28:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2011-04-13 18:28:21 ----D---- C:\Program Files\Common Files\Java
2011-04-13 18:28:07 ----A---- C:\WINDOWS\system32\javaws.exe
2011-04-13 18:28:07 ----A---- C:\WINDOWS\system32\javaw.exe
2011-04-13 18:28:07 ----A---- C:\WINDOWS\system32\java.exe
2011-04-13 18:28:07 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-04-13 18:27:44 ----D---- C:\Program Files\Java
2011-04-13 18:27:12 ----D---- C:\Documents and Settings\Petr\Data aplikací\Sun
2011-04-13 18:25:10 ----D---- C:\Documents and Settings\Petr\Data aplikací\Skype
2011-04-13 18:24:25 ----D---- C:\Program Files\Common Files\Skype
2011-04-13 18:24:14 ----RD---- C:\Program Files\Skype
2011-04-13 18:24:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-04-13 18:18:09 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2011-04-13 18:17:14 ----D---- C:\Program Files\totalcmd
2011-04-13 18:17:14 ----D---- C:\Documents and Settings\Petr\Data aplikací\GHISLER
2011-04-13 18:17:14 ----A---- C:\WINDOWS\UC.PIF
2011-04-13 18:17:14 ----A---- C:\WINDOWS\RAR.PIF
2011-04-13 18:17:14 ----A---- C:\WINDOWS\PKZIP.PIF
2011-04-13 18:17:14 ----A---- C:\WINDOWS\PKUNZIP.PIF
2011-04-13 18:17:14 ----A---- C:\WINDOWS\NOCLOSE.PIF
2011-04-13 18:17:14 ----A---- C:\WINDOWS\LHA.PIF
2011-04-13 18:17:14 ----A---- C:\WINDOWS\ARJ.PIF
2011-04-13 18:16:22 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2011-04-13 18:09:49 ----D---- C:\Documents and Settings\Petr\Data aplikací\Mozilla
2011-04-13 18:09:45 ----D---- C:\Program Files\Mozilla Firefox
2011-04-13 18:06:41 ----D---- C:\Documents and Settings\Petr\Data aplikací\Macromedia
2011-04-13 17:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-04-13 17:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-04-13 17:46:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-13 17:46:30 ----D---- C:\WINDOWS\ie8updates
2011-04-13 17:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-13 17:46:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-13 17:46:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-13 17:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-13 17:46:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-13 17:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-13 17:45:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-13 17:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-04-13 17:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2483614$
2011-04-13 17:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-04-13 17:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-04-13 17:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-04-13 17:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-04-13 17:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-04-13 17:43:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-04-13 17:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-04-13 17:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2011-04-13 17:43:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2011-04-13 17:43:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2011-04-13 17:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2011-04-13 17:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2011-04-13 17:42:26 ----D---- C:\WINDOWS\system32\URTTemp
2011-04-13 17:40:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2011-04-13 17:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2011-04-13 17:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2011-04-13 17:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2011-04-13 17:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2011-04-13 17:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2011-04-13 17:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2011-04-13 17:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2011-04-13 17:39:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2011-04-13 17:39:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2011-04-13 17:39:35 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2011-04-13 17:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2011-04-13 17:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2011-04-13 17:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2011-04-13 17:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2011-04-13 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-04-13 17:37:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-04-13 17:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-04-13 17:35:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2011-04-13 17:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-04-13 17:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-04-13 17:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-04-13 17:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-04-13 17:34:52 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2011-04-13 17:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-04-13 17:34:43 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-04-13 17:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-04-13 17:34:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-04-13 17:34:25 ----HD---- C:\WINDOWS\$hf_mig$
2011-04-13 17:31:17 ----N---- C:\WINDOWS\system32\browserchoice.exe
2011-04-13 17:24:38 ----D---- C:\Program Files\Microsoft.NET
2011-04-13 17:22:48 ----D---- C:\Documents and Settings\Petr\Data aplikací\Adobe
2011-04-13 17:17:33 ----D---- C:\Documents and Settings\Petr\Data aplikací\Windows Desktop Search
2011-04-13 17:17:08 ----D---- C:\Documents and Settings\Petr\Data aplikací\Identities
2011-04-13 17:17:06 ----HD---- C:\Program Files\Uninstall Information
2011-04-13 17:16:55 ----ASH---- C:\Documents and Settings\Petr\Data aplikací\desktop.ini
2011-04-13 17:16:54 ----SD---- C:\Documents and Settings\Petr\Data aplikací\Microsoft
2011-04-13 17:15:39 ----D---- C:\WINDOWS\Prefetch
2011-04-13 17:15:38 ----SD---- C:\WINDOWS\system32\Microsoft
2011-04-13 17:15:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-13 17:11:52 ----D---- C:\WINDOWS\system32\xircom
2011-04-13 17:11:52 ----D---- C:\Program Files\xerox
2011-04-13 17:11:52 ----D---- C:\Program Files\microsoft frontpage
2011-04-13 17:10:57 ----N---- C:\WINDOWS\system32\spmsg2.dll
2011-04-13 17:10:55 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2011-04-13 17:10:28 ----D---- C:\WINDOWS\system32\XPSViewer
2011-04-13 17:10:28 ----D---- C:\WINDOWS\system32\en-US
2011-04-13 17:10:27 ----D---- C:\Program Files\MSBuild
2011-04-13 17:10:23 ----D---- C:\Program Files\Reference Assemblies
2011-04-13 17:10:17 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-04-13 17:10:14 ----A---- C:\WINDOWS\system32\rgb9rast_2.dll
2011-04-13 17:08:19 ----RASH---- C:\MSDOS.SYS
2011-04-13 17:08:19 ----RASH---- C:\IO.SYS
2011-04-13 17:08:19 ----A---- C:\WINDOWS\control.ini
2011-04-13 17:08:19 ----A---- C:\CONFIG.SYS
2011-04-13 17:08:19 ----A---- C:\AUTOEXEC.BAT
2011-04-13 17:07:39 ----A---- C:\WINDOWS\system32\mapi32.dll
2011-04-13 17:06:39 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2011-04-13 17:06:35 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2011-04-13 17:06:28 ----HD---- C:\Program Files\WindowsUpdate
2011-04-13 17:06:24 ----D---- C:\Program Files\Online Services
2011-04-13 17:06:10 ----D---- C:\Program Files\Windows Media Connect 2
2011-04-13 17:05:58 ----D---- C:\WINDOWS\system32\DirectX
2011-04-13 17:05:50 ----A---- C:\WINDOWS\system32\atrace.dll
2011-04-13 17:05:48 ----A---- C:\WINDOWS\system32\desktop.ini
2011-04-13 17:05:48 ----A---- C:\WINDOWS\desktop.ini
2011-04-13 17:05:41 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2011-04-13 17:05:40 ----A---- C:\WINDOWS\system32\acctres.dll
2011-04-13 17:05:39 ----D---- C:\Program Files\Common Files\Services
2011-04-13 17:05:37 ----SD---- C:\WINDOWS\Tasks
2011-04-13 17:05:37 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2011-04-13 17:05:36 ----D---- C:\Program Files\Common Files\MSSoap
2011-04-13 17:05:30 ----D---- C:\WINDOWS\srchasst
2011-04-13 17:05:29 ----D---- C:\WINDOWS\system32\Macromed
2011-04-13 17:05:27 ----A---- C:\WINDOWS\system32\wuweb.dll
2011-04-13 17:05:26 ----A---- C:\WINDOWS\system32\wups.dll
2011-04-13 17:05:26 ----A---- C:\WINDOWS\system32\wucltui.dll
2011-04-13 17:05:26 ----A---- C:\WINDOWS\system32\wuauserv.dll
2011-04-13 17:05:26 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2011-04-13 17:05:26 ----A---- C:\WINDOWS\system32\wuaueng.dll
2011-04-13 17:05:26 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2011-04-13 17:05:26 ----A---- C:\WINDOWS\system32\wuauclt.exe
2011-04-13 17:05:26 ----A---- C:\WINDOWS\system32\wuapi.dll
2011-04-13 17:05:25 ----D---- C:\WINDOWS\system32\bits
2011-04-13 17:05:25 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2011-04-13 17:05:25 ----A---- C:\WINDOWS\system32\qmgr.dll
2011-04-13 17:05:25 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2011-04-13 17:05:25 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2011-04-13 17:05:25 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2011-04-13 17:05:22 ----D---- C:\Program Files\Movie Maker
2011-04-13 17:05:07 ----A---- C:\WINDOWS\system32\safrslv.dll
2011-04-13 17:05:07 ----A---- C:\WINDOWS\system32\safrdm.dll
2011-04-13 17:05:07 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2011-04-13 17:05:07 ----A---- C:\WINDOWS\system32\racpldlg.dll
2011-04-13 17:05:03 ----D---- C:\WINDOWS\system32\Restore
2011-04-13 17:05:03 ----A---- C:\WINDOWS\system32\srsvc.dll
2011-04-13 17:05:03 ----A---- C:\WINDOWS\system32\srrstr.dll
2011-04-13 17:05:03 ----A---- C:\WINDOWS\system32\srclient.dll
2011-04-13 17:05:03 ----A---- C:\WINDOWS\system32\fltMc.exe
2011-04-13 17:05:03 ----A---- C:\WINDOWS\system32\fltlib.dll
2011-04-13 17:05:03 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2011-04-13 17:05:03 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2011-04-13 17:05:02 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2011-04-13 17:05:02 ----A---- C:\WINDOWS\system32\msconf.dll
2011-04-13 17:05:02 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2011-04-13 17:05:02 ----A---- C:\WINDOWS\system32\mnmdd.dll
2011-04-13 17:05:02 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2011-04-13 17:05:02 ----A---- C:\WINDOWS\system32\ils.dll
2011-04-13 17:04:59 ----D---- C:\Program Files\NetMeeting
2011-04-13 17:04:59 ----A---- C:\WINDOWS\system32\msoert2.dll
2011-04-13 17:04:59 ----A---- C:\WINDOWS\system32\msoeacct.dll
2011-04-13 17:04:58 ----A---- C:\WINDOWS\system32\inetres.dll
2011-04-13 17:04:58 ----A---- C:\WINDOWS\system32\inetcomm.dll
2011-04-13 17:04:57 ----D---- C:\Program Files\Outlook Express
2011-04-13 17:04:57 ----A---- C:\WINDOWS\system32\schedsvc.dll
2011-04-13 17:04:56 ----A---- C:\WINDOWS\system32\mstinit.exe
2011-04-13 17:04:56 ----A---- C:\WINDOWS\system32\mstask.dll
2011-04-13 17:04:56 ----A---- C:\WINDOWS\system32\isign32.dll
2011-04-13 17:04:56 ----A---- C:\WINDOWS\system32\inetcfg.dll
2011-04-13 17:04:56 ----A---- C:\WINDOWS\system32\icwphbk.dll
2011-04-13 17:04:56 ----A---- C:\WINDOWS\system32\icwdial.dll
2011-04-13 17:04:51 ----D---- C:\Program Files\Common Files\System
2011-04-13 17:04:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2011-04-13 17:03:21 ----RSD---- C:\WINDOWS\assembly
2011-04-13 17:03:10 ----D---- C:\Program Files\ComPlus Applications
2011-04-13 17:03:08 ----A---- C:\WINDOWS\vbaddin.ini
2011-04-13 17:03:08 ----A---- C:\WINDOWS\vb.ini
2011-04-13 17:03:04 ----D---- C:\WINDOWS\Registration
2011-04-13 17:02:57 ----D---- C:\Program Files\Windows Media Player
2011-04-13 17:02:50 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2011-04-13 17:02:50 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2011-04-13 17:02:50 ----A---- C:\WINDOWS\system32\prntvpt.dll
2011-04-13 17:02:42 ----D---- C:\WINDOWS\system32\DRM
2011-04-13 17:02:42 ----D---- C:\WINDOWS\BitLockerDiscoveryVolumeContents
2011-04-13 17:02:42 ----A---- C:\WINDOWS\system32\SecProc_ssp_isv.dll
2011-04-13 17:02:41 ----A---- C:\WINDOWS\system32\SecProc_ssp.dll
2011-04-13 17:02:41 ----A---- C:\WINDOWS\system32\SecProc_isv.dll
2011-04-13 17:02:41 ----A---- C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2011-04-13 17:02:41 ----A---- C:\WINDOWS\system32\RmActivate_ssp.exe
2011-04-13 17:02:41 ----A---- C:\WINDOWS\system32\RmActivate_isv.exe
2011-04-13 17:02:41 ----A---- C:\WINDOWS\system32\RmActivate.exe
2011-04-13 17:02:40 ----A---- C:\WINDOWS\system32\WgaTray.exe
2011-04-13 17:02:40 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2011-04-13 17:02:40 ----A---- C:\WINDOWS\system32\SecProc.dll
2011-04-13 17:02:40 ----A---- C:\WINDOWS\system32\msdrm.dll
2011-04-13 17:02:39 ----A---- C:\WINDOWS\system32\winUsbCoinstaller.dll
2011-04-13 17:02:39 ----A---- C:\WINDOWS\system32\WdfCoInstaller01007.dll
2011-04-13 17:02:38 ----A---- C:\WINDOWS\system32\WUDFUpdate_01007.dll
2011-04-13 17:02:38 ----A---- C:\WINDOWS\system32\imapi2fs.dll
2011-04-13 17:02:38 ----A---- C:\WINDOWS\system32\imapi2.dll
2011-04-13 17:02:37 ----A---- C:\WINDOWS\system32\UncRes.dll
2011-04-13 17:02:37 ----A---- C:\WINDOWS\system32\UncPH.dll
2011-04-13 17:02:37 ----A---- C:\WINDOWS\system32\UncNE.dll
2011-04-13 17:02:37 ----A---- C:\WINDOWS\system32\UncDMS.dll
2011-04-13 17:02:37 ----A---- C:\WINDOWS\system32\UncCplExt.dll
2011-04-13 17:02:36 ----A---- C:\WINDOWS\system32\oephRes.dll
2011-04-13 17:02:36 ----A---- C:\WINDOWS\system32\oeph.dll
2011-04-13 17:02:32 ----D---- C:\Program Files\Windows Desktop Search
2011-04-13 17:02:31 ----A---- C:\WINDOWS\system32\propsys.dll.mui
2011-04-13 17:02:30 ----A---- C:\WINDOWS\system32\tquery.dll.mui
2011-04-13 17:02:30 ----A---- C:\WINDOWS\system32\srchadmin.dll.mui
2011-04-13 17:02:30 ----A---- C:\WINDOWS\system32\searchindexer.exe.mui
2011-04-13 17:02:30 ----A---- C:\WINDOWS\system32\propsys.dll
2011-04-13 17:02:30 ----A---- C:\WINDOWS\system32\mssrch.dll.mui
2011-04-13 17:02:30 ----A---- C:\WINDOWS\system32\mssphtb.dll.mui
2011-04-13 17:02:30 ----A---- C:\WINDOWS\system32\mssph.dll.mui
2011-04-13 17:02:29 ----A---- C:\WINDOWS\system32\xmlfilter.dll
2011-04-13 17:02:29 ----A---- C:\WINDOWS\system32\srchadmin.dll
2011-04-13 17:02:29 ----A---- C:\WINDOWS\system32\rtffilt.dll
2011-04-13 17:02:29 ----A---- C:\WINDOWS\system32\msshsq.dll
2011-04-13 17:02:29 ----A---- C:\WINDOWS\system32\msshooks.dll
2011-04-13 17:02:28 ----A---- C:\WINDOWS\system32\tquery.dll
2011-04-13 17:02:28 ----A---- C:\WINDOWS\system32\msscb.dll
2011-04-13 17:02:28 ----A---- C:\WINDOWS\system32\idxcntrs.ini
2011-04-13 17:02:28 ----A---- C:\WINDOWS\system32\gthrctr.ini
2011-04-13 17:02:28 ----A---- C:\WINDOWS\system32\gsrvctr.ini
2011-04-13 17:02:27 ----A---- C:\WINDOWS\system32\propdefs.dll
2011-04-13 17:02:27 ----A---- C:\WINDOWS\system32\msstrc.dll
2011-04-13 17:02:27 ----A---- C:\WINDOWS\system32\mssrch.dll
2011-04-13 17:02:27 ----A---- C:\WINDOWS\system32\mssprxy.dll
2011-04-13 17:02:27 ----A---- C:\WINDOWS\system32\mssphtb.dll
2011-04-13 17:02:27 ----A---- C:\WINDOWS\system32\mssph.dll
2011-04-13 17:02:26 ----A---- C:\WINDOWS\system32\searchprotocolhost.exe
2011-04-13 17:02:26 ----A---- C:\WINDOWS\system32\searchindexer.exe
2011-04-13 17:02:26 ----A---- C:\WINDOWS\system32\searchfilterhost.exe
2011-04-13 17:02:26 ----A---- C:\WINDOWS\system32\mssitlb.dll
2011-04-13 17:02:26 ----A---- C:\WINDOWS\system32\msscntrs.dll
2011-04-13 17:02:25 ----D---- C:\Program Files\MSXML 4.0
2011-04-13 17:02:25 ----A---- C:\WINDOWS\system32\msxml4r.dll
2011-04-13 17:02:25 ----A---- C:\WINDOWS\system32\msxml4.dll
2011-04-13 17:02:17 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2011-04-13 17:02:17 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2011-04-13 17:02:17 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2011-04-13 17:02:17 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2011-04-13 17:02:16 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2011-04-13 17:02:16 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2011-04-13 17:02:16 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2011-04-13 17:02:16 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2011-04-13 17:02:16 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2011-04-13 17:02:16 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2011-04-13 17:02:15 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2011-04-13 17:02:15 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2011-04-13 17:02:15 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2011-04-13 17:02:15 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2011-04-13 17:02:15 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2011-04-13 17:02:15 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2011-04-13 17:02:15 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2011-04-13 17:02:15 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2011-04-13 17:02:15 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2011-04-13 17:02:14 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2011-04-13 17:02:14 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2011-04-13 17:02:14 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2011-04-13 17:02:14 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2011-04-13 17:02:14 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2011-04-13 17:02:14 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2011-04-13 17:02:14 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2011-04-13 17:02:14 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2011-04-13 17:02:13 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2011-04-13 17:02:13 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2011-04-13 17:02:13 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2011-04-13 17:02:13 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2011-04-13 17:02:13 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2011-04-13 17:02:13 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2011-04-13 17:02:13 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2011-04-13 17:02:13 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2011-04-13 17:02:13 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2011-04-13 17:02:13 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2011-04-13 17:02:13 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2011-04-13 17:02:12 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2011-04-13 17:02:11 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2011-04-13 17:02:11 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2011-04-13 17:02:10 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2011-04-13 17:02:09 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2011-04-13 17:02:09 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2011-04-13 17:02:08 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2011-04-13 17:02:08 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2011-04-13 17:02:07 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2011-04-13 17:02:07 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2011-04-13 17:02:06 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2011-04-13 17:02:06 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2011-04-13 17:02:05 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2011-04-13 17:02:05 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2011-04-13 17:02:04 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2011-04-13 17:02:04 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2011-04-13 17:02:04 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2011-04-13 17:02:03 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2011-04-13 17:02:03 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2011-04-13 17:02:03 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2011-04-13 17:02:03 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2011-04-13 17:02:02 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2011-04-13 17:02:02 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2011-04-13 17:02:02 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2011-04-13 17:02:02 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2011-04-13 17:02:02 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2011-04-13 17:02:02 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2011-04-13 17:02:02 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2011-04-13 17:02:01 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2011-04-13 17:02:01 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2011-04-13 17:02:00 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2011-04-13 17:02:00 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2011-04-13 17:01:59 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2011-04-13 17:01:59 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2011-04-13 17:01:59 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2011-04-13 17:01:59 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2011-04-13 17:01:58 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2011-04-13 17:01:58 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2011-04-13 17:01:58 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2011-04-13 17:01:57 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2011-04-13 17:01:57 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2011-04-13 17:01:49 ----D---- C:\WINDOWS\SoftwareDistribution
2011-04-13 17:01:49 ----D---- C:\Program Files\Microsoft Silverlight
2011-04-13 17:01:49 ----A---- C:\WINDOWS\system32\muweb.dll
2011-04-13 17:01:49 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2011-04-13 17:01:49 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-04-13 17:01:49 ----A---- C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
2011-04-13 17:01:48 ----D---- C:\WINDOWS\system32\PreInstall
2011-04-13 17:01:48 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2011-04-13 17:01:45 ----A---- C:\WINDOWS\system32\pwrshplugin.dll
2011-04-13 17:01:32 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2011-04-13 17:01:31 ----HD---- C:\WINDOWS\system32\GroupPolicy
2011-04-13 17:01:31 ----D---- C:\WINDOWS\system32\winrm
2011-04-13 17:01:31 ----A---- C:\WINDOWS\system32\wevtfwd.dll
2011-04-13 17:01:30 ----A---- C:\WINDOWS\system32\wsmprovhost.exe
2011-04-13 17:01:30 ----A---- C:\WINDOWS\system32\wsmplpxy.dll
2011-04-13 17:01:30 ----A---- C:\WINDOWS\system32\wsmanhttpconfig.exe
2011-04-13 17:01:30 ----A---- C:\WINDOWS\system32\winrssrv.dll
2011-04-13 17:01:30 ----A---- C:\WINDOWS\system32\winrsmgr.dll
2011-04-13 17:01:30 ----A---- C:\WINDOWS\system32\winrshost.exe
2011-04-13 17:01:30 ----A---- C:\WINDOWS\system32\winrscmd.dll
2011-04-13 17:01:30 ----A---- C:\WINDOWS\system32\winrmprov.dll
2011-04-13 17:01:29 ----A---- C:\WINDOWS\system32\WsmWmiPl.dll
2011-04-13 17:01:29 ----A---- C:\WINDOWS\system32\WsmSvc.dll
2011-04-13 17:01:29 ----A---- C:\WINDOWS\system32\WsmRes.dll
2011-04-13 17:01:29 ----A---- C:\WINDOWS\system32\WsmAuto.dll
2011-04-13 17:01:29 ----A---- C:\WINDOWS\system32\winrs.exe
2011-04-13 17:01:29 ----A---- C:\WINDOWS\system32\winrm.vbs
2011-04-13 17:01:29 ----A---- C:\WINDOWS\system32\winrm.cmd
2011-04-13 17:01:12 ----D---- C:\Program Files\Internet Explorer
2011-04-13 17:01:00 ----D---- C:\WINDOWS\Microsoft.NET
2011-04-13 17:00:53 ----D---- C:\Program Files\MSN Gaming Zone
2011-04-13 17:00:53 ----A---- C:\WINDOWS\system32\write.exe
2011-04-13 17:00:45 ----A---- C:\WINDOWS\system32\sndvol32.exe
2011-04-13 17:00:45 ----A---- C:\WINDOWS\system32\hticons.dll
2011-04-13 17:00:45 ----A---- C:\WINDOWS\system32\avwav.dll
2011-04-13 17:00:45 ----A---- C:\WINDOWS\system32\avtapi.dll
2011-04-13 17:00:45 ----A---- C:\WINDOWS\system32\avmeter.dll
2011-04-13 17:00:44 ----A---- C:\WINDOWS\system32\winchat.exe
2011-04-13 17:00:39 ----A---- C:\WINDOWS\system32\charmap.exe
2011-04-13 17:00:39 ----A---- C:\WINDOWS\system32\getuname.dll
2011-04-13 17:00:38 ----A---- C:\WINDOWS\system32\winmine.exe
2011-04-13 17:00:38 ----A---- C:\WINDOWS\system32\sol.exe
2011-04-13 17:00:38 ----A---- C:\WINDOWS\system32\mshearts.exe
2011-04-13 17:00:38 ----A---- C:\WINDOWS\system32\freecell.exe
2011-04-13 17:00:38 ----A---- C:\WINDOWS\system32\calc.exe
2011-04-13 17:00:37 ----A---- C:\WINDOWS\system32\rdpshell.exe
2011-04-13 17:00:37 ----A---- C:\WINDOWS\system32\rdpinit.exe
2011-04-13 17:00:36 ----A---- C:\WINDOWS\system32\wksprtps.dll
2011-04-13 17:00:36 ----A---- C:\WINDOWS\system32\wksprt.exe
2011-04-13 17:00:36 ----A---- C:\WINDOWS\system32\winlogonnotification.dll
2011-04-13 17:00:36 ----A---- C:\WINDOWS\system32\tswbprxy.exe
2011-04-13 17:00:36 ----A---- C:\WINDOWS\system32\tspubwmi.dll
2011-04-13 17:00:36 ----A---- C:\WINDOWS\system32\MsRdpWebAccess.dll
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\tslabels.ini
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\tskill.exe
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\tscon.exe
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\shadow.exe
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\rwinsta.exe
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\reset.exe
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\regini.exe
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\qwinsta.exe
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\qappsrv.exe
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\msg.exe
2011-04-13 17:00:35 ----A---- C:\WINDOWS\system32\logoff.exe
2011-04-13 17:00:34 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2011-04-13 17:00:34 ----A---- C:\WINDOWS\system32\cdmodem.dll
2011-04-13 17:00:29 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2011-04-13 17:00:28 ----D---- C:\Program Files\Windows NT
2011-04-13 17:00:28 ----A---- C:\WINDOWS\system32\sndrec32.exe
2011-04-13 17:00:28 ----A---- C:\WINDOWS\system32\mplay32.exe
2011-04-13 17:00:28 ----A---- C:\WINDOWS\system32\hypertrm.dll
2011-04-13 17:00:28 ----A---- C:\WINDOWS\system32\accwiz.exe
2011-04-13 17:00:27 ----A---- C:\WINDOWS\system32\spider.exe
2011-04-13 17:00:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2011-04-13 17:00:27 ----A---- C:\WINDOWS\system32\clipbrd.exe
2011-04-13 17:00:26 ----A---- C:\WINDOWS\system32\tsgqec.dll
2011-04-13 17:00:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2011-04-13 17:00:26 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2011-04-13 17:00:26 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2011-04-13 17:00:26 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2011-04-13 17:00:26 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-04-13 17:00:26 ----A---- C:\WINDOWS\system32\aaclient.dll
2011-04-13 17:00:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2011-04-13 17:00:25 ----A---- C:\WINDOWS\system32\remotepg.dll
2011-04-13 17:00:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2011-04-13 17:00:25 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2011-04-13 17:00:25 ----A---- C:\WINDOWS\system32\mstscax.dll
2011-04-13 17:00:25 ----A---- C:\WINDOWS\system32\mstsc.exe
2011-04-13 17:00:24 ----D---- C:\WINDOWS\system32\MsDtc
2011-04-13 17:00:24 ----A---- C:\WINDOWS\system32\termsrv.dll
2011-04-13 17:00:24 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2011-04-13 17:00:24 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2011-04-13 17:00:24 ----A---- C:\WINDOWS\system32\rdpclip.exe
2011-04-13 17:00:24 ----A---- C:\WINDOWS\system32\rdchost.dll
2011-04-13 17:00:24 ----A---- C:\WINDOWS\system32\qprocess.exe
2011-04-13 17:00:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2011-04-13 17:00:24 ----A---- C:\WINDOWS\system32\icaapi.dll
2011-04-13 17:00:24 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2011-04-13 17:00:23 ----A---- C:\WINDOWS\system32\xolehlp.dll
2011-04-13 17:00:23 ----A---- C:\WINDOWS\system32\mtxoci.dll
2011-04-13 17:00:23 ----A---- C:\WINDOWS\system32\msdtctm.dll
2011-04-13 17:00:23 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2011-04-13 17:00:23 ----A---- C:\WINDOWS\system32\msdtclog.dll
2011-04-13 17:00:23 ----A---- C:\WINDOWS\system32\msdtc.exe
2011-04-13 17:00:22 ----D---- C:\WINDOWS\system32\Com
2011-04-13 17:00:22 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2011-04-13 17:00:22 ----A---- C:\WINDOWS\system32\mtxex.dll
2011-04-13 17:00:22 ----A---- C:\WINDOWS\system32\mtxdm.dll
2011-04-13 17:00:22 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2011-04-13 17:00:22 ----A---- C:\WINDOWS\system32\comrepl.dll
2011-04-13 17:00:22 ----A---- C:\WINDOWS\system32\comaddin.dll
2011-04-13 17:00:22 ----A---- C:\WINDOWS\system32\colbact.dll
2011-04-13 17:00:21 ----A---- C:\WINDOWS\system32\stclient.dll
2011-04-13 17:00:21 ----A---- C:\WINDOWS\system32\comsvcs.dll
2011-04-13 17:00:21 ----A---- C:\WINDOWS\system32\clbcatex.dll
2011-04-13 17:00:21 ----A---- C:\WINDOWS\system32\catsrvut.dll
2011-04-13 17:00:21 ----A---- C:\WINDOWS\system32\catsrvps.dll
2011-04-13 17:00:21 ----A---- C:\WINDOWS\system32\catsrv.dll
2011-04-13 17:00:20 ----A---- C:\WINDOWS\system32\comuid.dll
2011-04-13 17:00:20 ----A---- C:\WINDOWS\system32\comsnap.dll
2011-04-13 17:00:20 ----A---- C:\WINDOWS\system32\clbcatq.dll
2011-04-13 17:00:15 ----A---- C:\WINDOWS\system32\servdeps.dll
2011-04-13 17:00:15 ----A---- C:\WINDOWS\system32\mmfutil.dll
2011-04-13 17:00:15 ----A---- C:\WINDOWS\system32\licwmi.dll
2011-04-13 17:00:14 ----A---- C:\WINDOWS\system32\cmprops.dll
2011-04-13 17:00:09 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2011-04-13 17:00:09 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
======List of files/folders modified in the last 1 months======
2011-04-14 12:01:38 ----A---- C:\WINDOWS\win.ini
2011-04-14 11:04:27 ----A---- C:\WINDOWS\system.ini
2011-04-13 18:12:17 ----A---- C:\WINDOWS\system32\MRT.exe
2011-04-13 17:07:27 ----ASH---- C:\WINDOWS\fonts\desktop.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2010-01-14 61824]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2008-07-09 117248]
R0 viasraid;viasraid; C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2009-05-05 13976]
R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\system32\DRIVERS\xfilt.sys [2009-05-05 22168]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2010-01-14 41600]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2010-01-14 62848]
R2 tpsec;TrustPort Security Filter; C:\WINDOWS\system32\drivers\tpsec.sys [2011-03-21 35920]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-14 622172]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2010-01-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 avasdmft;TrustPort Antivirus On-Access Scanner (W2K/XP) MF; C:\WINDOWS\System32\DRIVERS\avasdmft.sys [2011-03-21 37648]
R3 catchme;catchme; \??\C:\DOCUME~1\Petr\LOCALS~1\Temp\catchme.sys []
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2010-01-14 61824]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2010-01-14 32384]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2010-01-14 9472]
S3 dsio;TrustPort Raw IO Driver; \??\C:\Program Files\Common Files\TrustPort\bin\dsio.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Petr\LOCALS~1\Temp\mbr.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\C.tmp []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2010-01-14 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2010-01-14 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2010-01-14 133632]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-04-13 153376]
R2 tpmgma_service;TrustPort Core Service; C:\Program Files\Common Files\TrustPort\bin\tpmgma.exe [2011-03-21 404040]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2010-01-14 14848]
R3 avas_service;TrustPort Antivirus On-Access Scanner Agent; C:\Program Files\TrustPort\Antivirus\bin\avas.exe [2011-03-21 495888]
R3 avss_service;TrustPort Antivirus Service Scanner Provider; C:\Program Files\TrustPort\Antivirus\bin\avss.exe [2011-03-21 291088]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 VRAID Log Service;VRAID Log Service; C:\Program Files\VIA\RAID\vialogsv.exe [2008-09-24 52888]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2010-01-14 14848]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2010-01-14 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-01-14 14848]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Rootkit v systému Windows XP
On taky ale CFko umi poslat pekne system do kytek 
RSIt je ted platny jak hadovi noha, pac CFko stopy zahladil..
Prave proto je potreba aplikovat CF na doporuceni, pac jak sam vidite tak neumi mazat vse a stale hazi hlaseni o rootkitu...
Pokud nemate, tak presunte Combofix na plochu
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
RSIt je ted platny jak hadovi noha, pac CFko stopy zahladil..Prave proto je potreba aplikovat CF na doporuceni, pac jak sam vidite tak neumi mazat vse a stale hazi hlaseni o rootkitu...
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"=- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=- "NeroFilterCheck"=- File:: c:\windows\system32\C.tmp Driver:: MEMSWEEP2 Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Rootkit v systému Windows XP
Zde je ten log ze skriptovaného Combofixu:
..................
ComboFix 11-04-13.04 - Petr 14.04.2011 14:49:57.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.400 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\C.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-14 do 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-14 10:05 . 2011-04-14 10:06 -------- d-----w- C:\rsit
2011-04-13 19:20 . 2011-04-13 19:20 -------- d-----w- C:\ATI
2011-04-13 17:25 . 2011-04-13 17:25 -------- d-----r- C:\MSOCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:35 . 2010-01-14 15:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52 . 2010-01-14 15:02 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:26 . 2010-01-14 15:02 919552 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:26 . 2010-01-14 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:26 . 2010-01-14 15:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-18 12:08 . 2010-01-14 15:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 16:24 . 2010-01-14 15:02 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 13:19 . 2010-01-14 15:00 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:19 . 2010-01-14 15:01 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-15 13:05 . 2010-01-14 14:59 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-01-21 14:42 . 2010-01-14 15:01 8467456 ----a-w- c:\windows\system32\shell32.dll
2011-01-21 14:42 . 2010-01-14 15:01 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-03-18 17:55 . 2011-04-13 16:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-04-14_12.14.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-14 13:00 . 2011-04-14 13:00 16384 c:\windows\temp\Perflib_Perfdata_6d4.dat
+ 2011-04-14 12:18 . 2011-04-14 12:18 190032 c:\windows\system32\drivers\tmcomm.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"VIARaidUtl"="c:\program files\VIA\RAID\raid_tool.exe" [2009-02-19 4918936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [13.4.2011 18:46 77312]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [30.3.2011 19:00 1523008]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [13.4.2011 19:51 52888]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10.2.2011 11:22 10064]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 17:04 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.1.2010 17:01 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-04-14 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\vpvmwxvn.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 15:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VIARaidUtl = c:\program files\VIA\RAID\raid_tool.exe?_HyperionP
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3112)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-04-14 15:04:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-14 13:04
ComboFix2.txt 2011-04-14 12:16
ComboFix3.txt 2011-04-14 09:06
ComboFix4.txt 2011-04-13 21:00
ComboFix5.txt 2011-04-14 12:32
.
Před spuštěním: Volných bajtů: 100 108 922 880
Po spuštění: Volných bajtů: 100 040 511 488
.
- - End Of File - - 1AAC4160AE6C4091023CABDA2F615301
..................
ComboFix 11-04-13.04 - Petr 14.04.2011 14:49:57.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.400 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\C.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-14 do 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-14 10:05 . 2011-04-14 10:06 -------- d-----w- C:\rsit
2011-04-13 19:20 . 2011-04-13 19:20 -------- d-----w- C:\ATI
2011-04-13 17:25 . 2011-04-13 17:25 -------- d-----r- C:\MSOCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:35 . 2010-01-14 15:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52 . 2010-01-14 15:02 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:26 . 2010-01-14 15:02 919552 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:26 . 2010-01-14 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:26 . 2010-01-14 15:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-18 12:08 . 2010-01-14 15:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 16:24 . 2010-01-14 15:02 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 13:19 . 2010-01-14 15:00 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:19 . 2010-01-14 15:01 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-15 13:05 . 2010-01-14 14:59 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-01-21 14:42 . 2010-01-14 15:01 8467456 ----a-w- c:\windows\system32\shell32.dll
2011-01-21 14:42 . 2010-01-14 15:01 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-03-18 17:55 . 2011-04-13 16:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-04-14_12.14.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-14 13:00 . 2011-04-14 13:00 16384 c:\windows\temp\Perflib_Perfdata_6d4.dat
+ 2011-04-14 12:18 . 2011-04-14 12:18 190032 c:\windows\system32\drivers\tmcomm.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"VIARaidUtl"="c:\program files\VIA\RAID\raid_tool.exe" [2009-02-19 4918936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [13.4.2011 18:46 77312]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [30.3.2011 19:00 1523008]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [13.4.2011 19:51 52888]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10.2.2011 11:22 10064]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 17:04 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.1.2010 17:01 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-04-14 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\vpvmwxvn.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 15:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VIARaidUtl = c:\program files\VIA\RAID\raid_tool.exe?_HyperionP
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3112)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-04-14 15:04:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-14 13:04
ComboFix2.txt 2011-04-14 12:16
ComboFix3.txt 2011-04-14 09:06
ComboFix4.txt 2011-04-13 21:00
ComboFix5.txt 2011-04-14 12:32
.
Před spuštěním: Volných bajtů: 100 108 922 880
Po spuštění: Volných bajtů: 100 040 511 488
.
- - End Of File - - 1AAC4160AE6C4091023CABDA2F615301
Re: Rootkit v systému Windows XP
Jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Rootkit v systému Windows XP
V podstatě dobře... jak poznám, že už tam rootkit není? Jen tím, že Combofix při klasickém spuštění mi zahlásí nutnost restartu z důvodu výskytu rootkitu?
Re: Rootkit v systému Windows XP
Jeste udelame duklady test na rootkiky 
Stahnete SPTD http://www.duplexsecure.com/en/downloads
- Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
- Ulozte na plochu a spustte
- Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
- Ulozte na plochu a spustte
- Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t -s- Kliknete na OK
- Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
Dejte logy z Gmeru - viz muj podpis"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Rootkit v systému Windows XP
Tak SPTD bylo šedivé - žádná akce.vyosek píše:
- Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
- Ulozte na plochu a spustte
- Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
- Ulozte na plochu a spustte
- Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t -s- Kliknete na OK
- Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
Defogger jsem dal Disable, následně restart, ale když jsem ho zkusmo opět spustil, tak tam šedivé tlačítko stále nebylo...
Níže je výpis logu z MBR a z Gmeru.
Log MBR:
.........................
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1213N rev.TL100-30 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
C:\WINDOWS\system32\drivers\videX32.sys VIA Technologies, Inc. VIA PCI IDE MINI Driver
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82FDAAB8]
3 CLASSPNP[0xF758FFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005e[0x82FCEF18]
5 ACPI[0xF74E6620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP2T0L0-12[0x82F85CA8]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK
............................................
Log z Gmeru:
................................
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-14 23:49:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 SAMSUNG_SP1213N rev.TL100-30
Running: gmer.exe; Driver: C:\DOCUME~1\Petr\LOCALS~1\Temp\fflciaob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6F10000, 0x1C5D38, 0xE8000020]
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF6DF2900]
? C:\DOCUME~1\Petr\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[2944] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 234484743
Disk \Device\Harddisk0\DR0 PE file @ sector 234484765
---- EOF - GMER 1.0.15 ----
Re: Rootkit v systému Windows XP
motji píše:
-uložte ho na plochu
-rozbalte ho a program uložte přímo na disk C
-spustte ho
-klikněte na otevřít disk - zvolte pevné disky(fyzické disky)(nepoplette to)
-vyberte pevný disk 1
-do nabídky napište, který sektor chcete otevřít, potvrdíte enter, a budete přímo v tom sektoru
-napište mi, co máte na sektoru 1-62
Aby jste měl představu, co hledat, takto vypadá můj 60.sektor, měly by tak vypadat všechny od 1-62, ale Vy je tak mít pravděpodobně nebudete.
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Rootkit v systému Windows XP
Tak tam mám něco v 10. a 62. sektoru:
Kód: Vybrat vše
http://karpicb.rajce.idnes.cz/Pictures/#10.sektor.jpgKód: Vybrat vše
http://karpicb.rajce.idnes.cz/Pictures/#62.sektor.jpgRe: Rootkit v systému Windows XP
Dam konzultaci s kolegy, prosim o strpeni...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Re: Rootkit v systému Windows XP
Dobrý večer, záskok za kolegu .
Uložte si prosím do textového souboru řádky ze sektoru 0, 10, 62.
Podívejte se, na kterých řádcích máte napsáno NTFS, já to mám třeba mezi 63. a 64. řádkem.
.Uložte si prosím do textového souboru řádky ze sektoru 0, 10, 62.
Podívejte se, na kterých řádcích máte napsáno NTFS, já to mám třeba mezi 63. a 64. řádkem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Rootkit v systému Windows XP
Dobrý den.
Zde jsou výpisy požadovaných sektorů:
Sektor 0:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0000000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3ŔŽĐĽ.|űP.P.üľ.|
0000000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ż..PWąĺ.ó¤Ë˝ľ.±.
0000000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Ĺ.âôÍ.‹ő
0000000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Ć.It.8,tö µ.´.‹
0000000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 đ¬<.tü»..´.Í.ëň.
0000000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.čF.s*ţF.€~..t.
0000000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 €~..t. ¶.uŇ€F...
0000000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..č!.s. ¶.ë
0000000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 Ľ.>ţ}UŞt.€~..tČ
0000000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©‹ü.W‹őËż..ŠV
00000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#ŠÁ$?.ŠŢŠü
00000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ă‹Ń†Ö±.ŇîB÷â9V
00000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
00000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A ‹N.‹V.Í.sQOtN2äŠ
00000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëäŠV.`»ŞU´AÍ
00000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.űUŞu0öÁ.t+a`
0000000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j.˙v.˙v.j.h.|j
0000000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B‹ôÍ.aas.Ot.
0000000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 2äŠV.Í.ëÖaůĂNepl
0000000130 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 atn tabulka odd
0000000140 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 ˇl….Chyba pýi na
0000000150 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 źˇt nˇ operaźnˇh
0000000160 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F o syst‚mu.Operaź
0000000170 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 nˇ syst‚m nenale
0000000180 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 zen.............
0000000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000001B0 00 00 00 00 00 2C 44 6A A8 81 A8 81 00 00 80 01 .....,Dj¨.¨...€.
00000001C0 01 00 07 FE FF FF 3F 00 00 00 F0 08 BB 0C 00 FE ...ţ˙˙?...đ.»..ţ
00000001D0 FF FF 0F FE FF FF 2F 09 BB 0C D5 EA 3E 01 00 00 ˙˙.ţ˙˙/.».Őę>...
00000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............UŞ
.........................
Sektor 10:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0000001400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001420 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001430 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001440 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001450 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001460 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001470 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001480 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001490 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001500 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001510 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001520 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001530 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001540 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001550 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001560 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001570 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001580 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001590 28 96 C4 17 00 00 00 00 00 00 00 00 00 00 00 00 (–Ä.............
00000015A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000015B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000015C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000015D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000015E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000015F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
..........................
Sektor 62:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0000007C00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007CA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007CB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007CC0 67 68 46 44 CC BE 0F 42 BA 29 22 41 32 42 6F 54 ghFDĚľ.Bş)"A2BoT
0000007CD0 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 om..............
0000007CE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007CF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D00 00 00 00 00 00 00 00 00 00 53 30 30 55 4A 31 30 .........S00UJ10
0000007D10 59 31 30 34 38 35 36 00 00 00 00 00 00 53 41 4D Y104856......SAM
0000007D20 53 55 4E 47 20 53 50 31 32 31 33 4E 00 00 00 00 SUNG SP1213N....
0000007D30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
.............................
Sektor 63:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0000007E00 EB 52 90 4E 54 46 53 20 20 20 20 00 02 08 00 00 ëR.NTFS .....
0000007E10 00 00 00 00 00 F8 00 00 3F 00 FF 00 3F 00 00 00 .....ř..?.˙.?...
0000007E20 00 00 00 00 80 00 80 00 EF 08 BB 0C 00 00 00 00 ....€.€.ď.».....
0000007E30 00 00 0C 00 00 00 00 00 8E B0 CB 00 00 00 00 00 ........Ž°Ë.....
0000007E40 F6 00 00 00 01 00 00 00 8B B9 6E 34 EF 6E 34 2E ö.......‹ąn4ďn4.
0000007E50 00 00 00 00 FA 33 C0 8E D0 BC 00 7C FB B8 C0 07 ....ú3ŔŽĐĽ.|ű¸Ŕ.
0000007E60 8E D8 E8 16 00 B8 00 0D 8E C0 33 DB C6 06 0E 00 ŽŘč..¸..ŽŔ3ŰĆ...
0000007E70 10 E8 53 00 68 00 0D 68 6A 02 CB 8A 16 24 00 B4 .čS.h..hj.ËŠ.$.´
0000007E80 08 CD 13 73 05 B9 FF FF 8A F1 66 0F B6 C6 40 66 .Í.s.ą˙˙Šńf.¶Ć@f
0000007E90 0F B6 D1 80 E2 3F F7 E2 86 CD C0 ED 06 41 66 0F .¶Ń€â?÷â†ÍŔí.Af.
0000007EA0 B7 C9 66 F7 E1 66 A3 20 00 C3 B4 41 BB AA 55 8A ·Éf÷áfŁ .Ă´A»ŞUŠ
0000007EB0 16 24 00 CD 13 72 0F 81 FB 55 AA 75 09 F6 C1 01 .$.Í.r..űUŞu.öÁ.
0000007EC0 74 04 FE 06 14 00 C3 66 60 1E 06 66 A1 10 00 66 t.ţ...Ăf`..fˇ..f
0000007ED0 03 06 1C 00 66 3B 06 20 00 0F 82 3A 00 1E 66 6A ....f;. ..‚:..fj
0000007EE0 00 66 50 06 53 66 68 10 00 01 00 80 3E 14 00 00 .fP.Sfh....€>...
0000007EF0 0F 85 0C 00 E8 B3 FF 80 3E 14 00 00 0F 84 61 00 .…..čł˙€>....„a.
0000007F00 B4 42 8A 16 24 00 16 1F 8B F4 CD 13 66 58 5B 07 ´BŠ.$...‹ôÍ.fX[.
0000007F10 66 58 66 58 1F EB 2D 66 33 D2 66 0F B7 0E 18 00 fXfX.ë-f3Ňf.·...
0000007F20 66 F7 F1 FE C2 8A CA 66 8B D0 66 C1 EA 10 F7 36 f÷ńţŠĘf‹ĐfÁę.÷6
0000007F30 1A 00 86 D6 8A 16 24 00 8A E8 C0 E4 06 0A CC B8 ..†ÖŠ.$.ŠčŔä..̸
0000007F40 01 02 CD 13 0F 82 19 00 8C C0 05 20 00 8E C0 66 ..Í..‚..ŚŔ. .ŽŔf
0000007F50 FF 06 10 00 FF 0E 0E 00 0F 85 6F FF 07 1F 66 61 ˙...˙....…o˙..fa
0000007F60 C3 A0 F8 01 E8 09 00 A0 FB 01 E8 03 00 FB EB FE Ă ř.č.. ű.č..űëţ
0000007F70 B4 01 8B F0 AC 3C 00 74 09 B4 0E BB 07 00 CD 10 ´.‹đ¬<.t.´.»..Í.
0000007F80 EB F2 C3 0D 0A 43 68 79 62 61 20 9F 74 65 6E A1 ëňĂ..Chyba źtenˇ
0000007F90 20 64 69 73 6B 75 00 0D 0A 4E 54 4C 44 52 20 6E disku...NTLDR n
0000007FA0 65 6E 61 6C 65 7A 65 6E 00 0D 0A 4E 54 4C 44 52 enalezen...NTLDR
0000007FB0 20 6B 6F 6D 70 72 69 6D 6F 76 A0 6E 2E 00 0D 0A komprimov n....
0000007FC0 52 65 73 74 61 72 74 75 6A 74 65 20 73 74 69 73 Restartujte stis
0000007FD0 6B 6E 75 74 A1 6D 20 6B 6C A0 76 65 73 20 43 74 knutˇm kl ves Ct
0000007FE0 72 6C 2B 41 6C 74 2B 44 65 6C 2E 0D 0A 00 00 00 rl+Alt+Del......
0000007FF0 00 00 00 00 00 00 00 00 83 97 A9 BE 00 00 55 AA .........—©ľ..UŞ
Na tomto sektoru (63) mám i ten řetězec NTFS.
Zde jsou výpisy požadovaných sektorů:
Sektor 0:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0000000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3ŔŽĐĽ.|űP.P.üľ.|
0000000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ż..PWąĺ.ó¤Ë˝ľ.±.
0000000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Ĺ.âôÍ.‹ő
0000000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Ć.It.8,tö µ.´.‹
0000000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 đ¬<.tü»..´.Í.ëň.
0000000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.čF.s*ţF.€~..t.
0000000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 €~..t. ¶.uŇ€F...
0000000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..č!.s. ¶.ë
0000000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 Ľ.>ţ}UŞt.€~..tČ
0000000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©‹ü.W‹őËż..ŠV
00000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#ŠÁ$?.ŠŢŠü
00000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ă‹Ń†Ö±.ŇîB÷â9V
00000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
00000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A ‹N.‹V.Í.sQOtN2äŠ
00000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëäŠV.`»ŞU´AÍ
00000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.űUŞu0öÁ.t+a`
0000000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j.˙v.˙v.j.h.|j
0000000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B‹ôÍ.aas.Ot.
0000000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 2äŠV.Í.ëÖaůĂNepl
0000000130 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 atn tabulka odd
0000000140 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 ˇl….Chyba pýi na
0000000150 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 źˇt nˇ operaźnˇh
0000000160 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F o syst‚mu.Operaź
0000000170 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 nˇ syst‚m nenale
0000000180 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 zen.............
0000000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000001B0 00 00 00 00 00 2C 44 6A A8 81 A8 81 00 00 80 01 .....,Dj¨.¨...€.
00000001C0 01 00 07 FE FF FF 3F 00 00 00 F0 08 BB 0C 00 FE ...ţ˙˙?...đ.»..ţ
00000001D0 FF FF 0F FE FF FF 2F 09 BB 0C D5 EA 3E 01 00 00 ˙˙.ţ˙˙/.».Őę>...
00000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............UŞ
.........................
Sektor 10:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0000001400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001420 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001430 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001440 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001450 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001460 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001470 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001480 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001490 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000014F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001500 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001510 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001520 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001530 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001540 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001550 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001560 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001570 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001580 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000001590 28 96 C4 17 00 00 00 00 00 00 00 00 00 00 00 00 (–Ä.............
00000015A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000015B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000015C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000015D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000015E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000015F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
..........................
Sektor 62:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0000007C00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007C90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007CA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007CB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007CC0 67 68 46 44 CC BE 0F 42 BA 29 22 41 32 42 6F 54 ghFDĚľ.Bş)"A2BoT
0000007CD0 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 om..............
0000007CE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007CF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D00 00 00 00 00 00 00 00 00 00 53 30 30 55 4A 31 30 .........S00UJ10
0000007D10 59 31 30 34 38 35 36 00 00 00 00 00 00 53 41 4D Y104856......SAM
0000007D20 53 55 4E 47 20 53 50 31 32 31 33 4E 00 00 00 00 SUNG SP1213N....
0000007D30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007D90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000007DF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
.............................
Sektor 63:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0000007E00 EB 52 90 4E 54 46 53 20 20 20 20 00 02 08 00 00 ëR.NTFS .....
0000007E10 00 00 00 00 00 F8 00 00 3F 00 FF 00 3F 00 00 00 .....ř..?.˙.?...
0000007E20 00 00 00 00 80 00 80 00 EF 08 BB 0C 00 00 00 00 ....€.€.ď.».....
0000007E30 00 00 0C 00 00 00 00 00 8E B0 CB 00 00 00 00 00 ........Ž°Ë.....
0000007E40 F6 00 00 00 01 00 00 00 8B B9 6E 34 EF 6E 34 2E ö.......‹ąn4ďn4.
0000007E50 00 00 00 00 FA 33 C0 8E D0 BC 00 7C FB B8 C0 07 ....ú3ŔŽĐĽ.|ű¸Ŕ.
0000007E60 8E D8 E8 16 00 B8 00 0D 8E C0 33 DB C6 06 0E 00 ŽŘč..¸..ŽŔ3ŰĆ...
0000007E70 10 E8 53 00 68 00 0D 68 6A 02 CB 8A 16 24 00 B4 .čS.h..hj.ËŠ.$.´
0000007E80 08 CD 13 73 05 B9 FF FF 8A F1 66 0F B6 C6 40 66 .Í.s.ą˙˙Šńf.¶Ć@f
0000007E90 0F B6 D1 80 E2 3F F7 E2 86 CD C0 ED 06 41 66 0F .¶Ń€â?÷â†ÍŔí.Af.
0000007EA0 B7 C9 66 F7 E1 66 A3 20 00 C3 B4 41 BB AA 55 8A ·Éf÷áfŁ .Ă´A»ŞUŠ
0000007EB0 16 24 00 CD 13 72 0F 81 FB 55 AA 75 09 F6 C1 01 .$.Í.r..űUŞu.öÁ.
0000007EC0 74 04 FE 06 14 00 C3 66 60 1E 06 66 A1 10 00 66 t.ţ...Ăf`..fˇ..f
0000007ED0 03 06 1C 00 66 3B 06 20 00 0F 82 3A 00 1E 66 6A ....f;. ..‚:..fj
0000007EE0 00 66 50 06 53 66 68 10 00 01 00 80 3E 14 00 00 .fP.Sfh....€>...
0000007EF0 0F 85 0C 00 E8 B3 FF 80 3E 14 00 00 0F 84 61 00 .…..čł˙€>....„a.
0000007F00 B4 42 8A 16 24 00 16 1F 8B F4 CD 13 66 58 5B 07 ´BŠ.$...‹ôÍ.fX[.
0000007F10 66 58 66 58 1F EB 2D 66 33 D2 66 0F B7 0E 18 00 fXfX.ë-f3Ňf.·...
0000007F20 66 F7 F1 FE C2 8A CA 66 8B D0 66 C1 EA 10 F7 36 f÷ńţŠĘf‹ĐfÁę.÷6
0000007F30 1A 00 86 D6 8A 16 24 00 8A E8 C0 E4 06 0A CC B8 ..†ÖŠ.$.ŠčŔä..̸
0000007F40 01 02 CD 13 0F 82 19 00 8C C0 05 20 00 8E C0 66 ..Í..‚..ŚŔ. .ŽŔf
0000007F50 FF 06 10 00 FF 0E 0E 00 0F 85 6F FF 07 1F 66 61 ˙...˙....…o˙..fa
0000007F60 C3 A0 F8 01 E8 09 00 A0 FB 01 E8 03 00 FB EB FE Ă ř.č.. ű.č..űëţ
0000007F70 B4 01 8B F0 AC 3C 00 74 09 B4 0E BB 07 00 CD 10 ´.‹đ¬<.t.´.»..Í.
0000007F80 EB F2 C3 0D 0A 43 68 79 62 61 20 9F 74 65 6E A1 ëňĂ..Chyba źtenˇ
0000007F90 20 64 69 73 6B 75 00 0D 0A 4E 54 4C 44 52 20 6E disku...NTLDR n
0000007FA0 65 6E 61 6C 65 7A 65 6E 00 0D 0A 4E 54 4C 44 52 enalezen...NTLDR
0000007FB0 20 6B 6F 6D 70 72 69 6D 6F 76 A0 6E 2E 00 0D 0A komprimov n....
0000007FC0 52 65 73 74 61 72 74 75 6A 74 65 20 73 74 69 73 Restartujte stis
0000007FD0 6B 6E 75 74 A1 6D 20 6B 6C A0 76 65 73 20 43 74 knutˇm kl ves Ct
0000007FE0 72 6C 2B 41 6C 74 2B 44 65 6C 2E 0D 0A 00 00 00 rl+Alt+Del......
0000007FF0 00 00 00 00 00 00 00 00 83 97 A9 BE 00 00 55 AA .........—©ľ..UŞ
Na tomto sektoru (63) mám i ten řetězec NTFS.
Re: Rootkit v systému Windows XP
Máte ještě jeden systém nebo pc, kdyby se při té opravě něco stalo? ten NTFS hned vedle 62. sektoru nevím co udělá, když ho opravím . Pokud by jste nenabootoval, at Vás můžu navést na opravu.
. Pokud by jste nenabootoval, at Vás můžu navést na opravu.Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?