Prosím o kontrolu logu combofix. Někde je problém a nemůžu na to přijít, podezření mám na soubory winlogon.exe, services.exe, sass.exe, svchost.exe. Avira pořád hlásí napadení uvedených souborů. Předem děkuji.
ComboFix 10-01-04.01 - Libor 10.01.2010 10:01:58.2.1 - x86
Spuštěný z: f:\zaloha_d\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
Nakažená kopie d:\windows\system32\lsass.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\ServicePackFiles\i386\lsass.exe
Nakažená kopie d:\windows\system32\services.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
Nakažená kopie d:\windows\system32\svchost.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\ServicePackFiles\i386\svchost.exe
Nakažená kopie d:\windows\system32\spoolsv.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\ServicePackFiles\i386\spoolsv.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\Freedom Scientific
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\soft602
2010-01-09 22:45 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:45 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-09 22:07 . 2010-01-10 08:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-01-09 20:10 . 2010-01-09 20:31 -------- d-----w- d:\windows\system32\oodag
2010-01-09 20:07 . 2010-01-09 20:07 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-01-09 19:54 . 2010-01-09 19:54 -------- d-----r- d:\documents and settings\LocalService\Oblíbené položky
2010-01-09 19:26 . 2010-01-09 19:59 -------- d-----w- d:\program files\OO Software
2010-01-06 20:36 . 2010-01-06 20:36 0 ----a-w- d:\windows\nsreg.dat
2010-01-06 13:34 . 2010-01-06 13:34 -------- d-----w- d:\program files\MSXML 4.0
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\Libor\data aplikac??
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\All Users\data aplikac??
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Common Files\Nero
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Nero
2010-01-05 21:27 . 2010-01-05 21:44 -------- d-----w- d:\program files\Zoner
2010-01-03 20:02 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2010-01-03 20:02 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-01-03 20:02 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-01-03 20:02 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-03 20:02 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-01-03 20:02 . 2010-01-03 20:03 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-01-03 19:59 . 2010-01-03 19:59 -------- d-----w- d:\program files\FLVPlayer4Free
2009-12-25 21:56 . 2009-12-25 21:56 -------- d-----w- D:\WinFast WorkArea
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\Common Files\Ulead Systems
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\WinFast
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- d:\program files\CCleaner
2009-12-24 23:25 . 2008-04-14 07:52 54272 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll
2009-12-24 23:25 . 2008-04-14 07:52 54272 ----a-w- d:\windows\system32\vfwwdm32.dll
2009-12-24 23:22 . 2003-09-19 14:45 21248 ----a-w- d:\windows\system32\drivers\pfc.sys
2009-12-24 23:22 . 1995-08-01 03:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-12-24 23:18 . 2002-07-03 10:44 53248 ----a-w- d:\windows\amcap.exe
2009-12-24 23:18 . 2004-08-30 15:37 286720 ----a-w- d:\windows\vsnpstd2.exe
2009-12-24 23:18 . 2004-06-08 17:25 53248 ----a-w- d:\windows\system32\dsnpstd2.dll
2009-12-24 23:17 . 2004-10-14 16:12 347264 ----a-w- d:\windows\system32\drivers\snpstd2.sys
2009-12-24 23:17 . 2004-09-24 15:24 57344 ----a-w- d:\windows\system32\rsnpstd2.dll
2009-12-24 23:17 . 2004-09-24 12:52 36864 ----a-w- d:\windows\system32\vsnpstd2.dll
2009-12-24 23:17 . 2004-02-16 12:59 61440 ----a-w- d:\windows\system32\csnpstd2.dll
2009-12-24 23:17 . 2009-12-24 23:17 -------- d-----w- d:\program files\Trust
2009-12-24 23:17 . 2004-06-09 15:00 20480 ----a-w- d:\windows\usnpstd2.exe
2009-12-24 23:13 . 2009-12-24 23:13 -------- d-----w- d:\program files\MediaKey v2.00
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- d:\program files\KYE
2009-12-24 23:11 . 2002-05-17 13:35 6656 ----a-w- d:\windows\system32\drivers\gmfiltr.sys
2009-12-24 23:11 . 2001-09-14 08:29 4096 ----a-w- d:\windows\system32\drivers\gmcoinst.dll
2009-12-24 21:59 . 2000-09-25 15:02 11864 ----a-w- d:\windows\system32\drivers\kbfilter.sys
2009-12-24 21:59 . 2009-12-24 22:33 -------- d-----w- d:\program files\Genius Multimedia Keyboard Driver
2009-12-24 21:14 . 1997-12-23 01:00 5600 ----a-w- d:\windows\system\WINASPI.DLL
2009-12-24 21:14 . 1997-12-23 01:00 48128 ----a-w- d:\windows\system32\WNASPI32.DLL
2009-12-24 21:14 . 1997-12-23 01:00 4672 ----a-w- d:\windows\system\WOWPOST.EXE
2009-12-24 21:14 . 1997-12-23 01:00 23936 ----a-w- d:\windows\system32\drivers\ASPI32.SYS
2009-12-24 15:23 . 2009-09-23 09:51 282624 ------w- d:\windows\system32\fppr332.dll
2009-12-24 15:23 . 2009-09-20 13:27 389120 ------w- d:\windows\system32\fppmon3.dll
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-12-24 15:14 . 2009-08-19 22:50 22872 ----a-r- d:\windows\system32\AdobePDFUI.dll
2009-12-24 15:14 . 2009-08-19 22:50 46928 ----a-r- d:\windows\system32\AdobePDF.dll
2009-12-24 15:11 . 2009-12-26 22:35 -------- d-----w- d:\program files\Common Files\Adobe
2009-12-23 18:35 . 2009-12-23 18:37 -------- d-----w- D:\TRANSLAT
2009-12-23 18:21 . 2009-12-23 18:21 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2009-12-23 18:21 . 2009-12-23 18:21 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2009-12-23 18:21 . 2009-12-23 18:21 129248 ----a-w- d:\windows\system32\drivers\snapman.sys
2009-12-23 18:20 . 2009-12-23 18:20 368736 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Common Files\Acronis
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Acronis
2009-12-23 18:16 . 2009-12-23 18:16 -------- d-----w- D:\d29a712d75c390c652de0a
2009-12-23 18:16 . 2009-12-23 18:22 -------- d-----w- d:\windows\SxsCaPendDel
2009-12-22 18:31 . 2009-12-22 18:31 -------- d-----w- d:\program files\Microsoft Silverlight
2009-12-22 18:27 . 2009-12-23 18:16 -------- d-----w- d:\windows\system32\XPSViewer
2009-12-22 18:27 . 2009-12-22 18:27 -------- d-----w- d:\program files\Reference Assemblies
2009-12-22 18:27 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-22 18:27 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-12-22 18:13 . 2009-12-22 18:13 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-22 18:10 . 2009-09-29 20:15 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-22 17:02 . 2009-12-22 17:02 -------- d-----w- d:\program files\Marvell
2009-12-22 16:57 . 2008-08-01 15:46 122880 ----a-w- d:\windows\system32\NVCOSMB.DLL
2009-12-22 16:50 . 2009-12-22 18:11 -------- d-----w- d:\program files\ATI Technologies
2009-12-22 16:50 . 2009-12-22 16:53 -------- d-----w- d:\program files\ATI
2009-12-21 23:18 . 2009-12-21 23:19 -------- d-----w- d:\program files\Common Files\Macromedia
2009-12-21 23:16 . 2009-12-21 23:16 -------- d-----w- d:\windows\Downloaded Installations
2009-12-21 22:21 . 2004-06-14 13:56 427864 ----a-w- d:\windows\system32\XceedZip.dll
2009-12-21 22:21 . 2009-12-21 22:21 -------- d-----w- d:\program files\Driver-Soft
2009-12-21 20:26 . 2009-12-21 20:26 -------- d-----w- d:\program files\iXi Tools
2009-12-21 17:21 . 2009-12-21 17:21 -------- d-----w- d:\program files\Flat Panel Adjust
2009-12-21 17:20 . 2009-12-21 17:20 -------- d-----w- d:\documents and settings\Libor\WINDOWS
2009-12-20 21:42 . 2009-12-20 21:42 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:31 . 2009-12-20 21:42 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-12-20 20:51 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-12-20 20:51 . 2009-08-06 18:23 215920 ----a-w- d:\windows\system32\muweb.dll
2009-12-20 20:40 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-12-20 20:40 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-20 20:39 . 2009-12-21 17:56 -------- d-----w- d:\program files\Microsoft Works
2009-12-20 20:39 . 2009-12-20 20:39 -------- d-----w- d:\program files\MSBuild
2009-12-20 20:36 . 2009-12-20 20:38 -------- d-----w- d:\windows\SHELLNEW
2009-12-20 20:35 . 2009-12-20 20:35 -------- d-----r- D:\MSOCache
2009-12-20 20:04 . 2009-12-20 20:04 -------- d-----w- d:\program files\Windows Media Connect 2
2009-12-20 20:03 . 2009-12-20 20:04 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-12-20 20:03 . 2009-12-20 20:03 -------- d-----w- d:\windows\system32\LogFiles
2009-12-20 19:56 . 2002-07-19 02:56 270336 ----a-w- d:\windows\system32\SFMS32.DLL
2009-12-20 19:55 . 1999-12-13 00:01 44032 ----a-w- d:\windows\system32\CTSVCCDA.EXE
2009-12-20 19:55 . 1999-11-18 00:00 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2009-12-20 19:55 . 2009-12-20 19:55 -------- d-----w- D:\Media
2009-12-20 19:55 . 2001-09-13 00:12 73728 ------w- d:\windows\system32\CTDrmRes.dll
2009-12-20 19:55 . 2001-05-04 09:29 28672 ------w- d:\windows\system32\CTIntRes.dll
2009-12-20 19:55 . 2001-03-30 01:00 62976 ------w- d:\windows\system32\CTDetres.dll
2009-12-20 19:55 . 2000-04-20 00:00 24576 ------w- d:\windows\system32\CTMERes.DLL
2009-12-20 19:55 . 2002-02-20 03:00 331776 ------w- d:\windows\system32\CTMedEng.dll
2009-12-20 19:55 . 2002-01-22 01:12 163840 ------w- d:\windows\system32\CTDRMUI.dll
2009-12-20 19:55 . 1998-10-20 08:05 54784 ------w- d:\windows\system32\Inetwh32.dll
2009-12-20 19:54 . 2001-05-28 12:47 12288 ----a-w- d:\windows\system32\AHQCpURes.dll
2009-12-20 19:54 . 2009-12-25 21:49 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-20 19:53 . 1999-10-11 01:01 41984 ------w- d:\windows\CTRegRun.exe
2009-12-20 19:53 . 2009-12-20 20:00 -------- d-----w- d:\program files\Creative
2009-12-20 19:53 . 1999-12-17 00:00 6752 ------w- d:\windows\system32\PFMODNT.SYS
2009-12-20 19:36 . 2008-06-14 17:35 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-12-20 19:36 . 2009-06-21 21:48 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2009-12-20 19:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-12-20 19:35 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-12-20 19:35 . 2008-04-11 19:06 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-12-20 19:35 . 2009-07-10 13:28 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:12 . 2004-08-18 12:00 77850 ----a-w- d:\windows\system32\perfc005.dat
2009-12-24 14:12 . 2004-08-18 12:00 428744 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 18:44 . 2009-12-20 18:43 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 19:53 . 2009-12-20 18:29 -------- d-----w- d:\program files\Common Files\InstallShield
2009-12-20 19:32 . 2009-12-20 19:32 -------- d--h--w- d:\program files\CanonBJ
2009-12-20 18:56 . 2009-12-20 18:06 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:56 . 2009-12-20 18:06 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-20 18:56 . 2009-12-20 18:07 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-20 18:43 . 2009-12-20 18:43 -------- d-----w- d:\program files\Avira
2009-12-20 18:31 . 2009-12-20 18:31 -------- d-----w- d:\program files\Gigabyte
2009-12-20 18:07 . 2009-12-20 18:07 -------- d-----w- d:\program files\microsoft frontpage
2009-12-20 18:04 . 2009-12-20 18:04 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- d:\windows\system32\wininet.dll
2009-10-21 09:22 . 2009-10-21 09:22 364544 ----a-w- d:\windows\system32\yk51x86.dll
2009-10-21 09:22 . 2009-10-21 09:22 298752 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- d:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 12:00 79872 ----a-w- d:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 12:00 150016 ----a-w- d:\windows\system32\rastls.dll
.
------- Sigcheck -------
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 07:52 . !HASH: COULD NOT OPEN FILE !!!!! . 512000 . . [------] . . d:\windows\system32\winlogon.exe
[7] 2004-08-18 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-09_20.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-18 12:00 . 2008-04-14 07:52 14336 d:\windows\system32\svchost.exe
+ 2004-08-18 12:00 . 2008-04-14 07:52 57856 d:\windows\system32\spoolsv.exe
+ 2009-01-22 03:16 . 2009-01-22 03:16 88904 d:\windows\system32\msxml4r.dll
+ 2009-03-25 10:43 . 2009-03-25 10:43 44544 d:\windows\system32\msxml4a.dll
+ 2004-08-18 12:00 . 2008-04-14 07:52 13312 d:\windows\system32\lsass.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut31_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut3_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_CA3F6736196D49668BD5097CC47A5C65.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut1_3575D6B9E84F4FD591F78BFF09FFF450.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 8854 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\Uninstall_602XML_F_DA564D32E3614401A2BB7B7E5BC41DD2.exe
+ 2008-10-01 11:29 . 2008-10-01 11:29 749605 d:\windows\system32\spool\drivers\w32x86\3\acpdfui301.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 633299 d:\windows\system32\spool\drivers\w32x86\3\acpdf301.dll
+ 2004-08-18 12:00 . 2009-02-09 11:18 111104 d:\windows\system32\services.exe
+ 2009-05-05 09:35 . 2009-05-05 09:35 132232 d:\windows\system32\GDTWAIN.DLL
+ 2010-01-09 23:15 . 2010-01-09 23:15 418816 d:\windows\Installer\8197a3.msi
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\shrFiller1_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\ARPPRODUCTICON.exe
+ 2009-01-22 03:14 . 2009-01-22 03:14 1328968 d:\windows\system32\msxml4.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 3833856 d:\windows\system32\cdintf300.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 2352640 d:\windows\Installer\81979f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 ----a-w- d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"OEXPRESS"="d:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-23 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="d:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"pdfFactory Pro Dispatcher v3"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-20 606208]
"mouseElf"="d:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"SNPSTD2"="d:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WinFastDTV"="d:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-01-31 69632]
"WinFast Schedule"="d:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-01-30 397312]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="d:\program files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Genius Multimedia Keyboard Driver.lnk - d:\program files\MediaKey v2.00\Versato.exe [2009-12-25 745984]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Libor\\Data aplikací\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [20.12.2009 22:31 691696]
R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [24.12.2009 22:59 11864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [20.12.2009 19:43 108289]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.1.2010 23:45 236368]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [13.12.2007 22:02 50984]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9.1.2010 23:45 19160]
R3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFDTV\WFIOCTL.sys [25.12.2009 22:49 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 d:\windows\Tasks\User_Feed_Synchronization-{2FA2815D-27C6-4B3A-91CA-F22156996EDF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF} = 192.168.10.1
TCP: {87F2DEEB-940E-4E4B-B1AA-7652AEF69A16} = 192.168.10.1
FF - ProfilePath - d:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\ybixrucv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 10:08
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = d:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???Z????:??????\??? ??? ???\???\???????????5?7~e?7~\???\???????p?_??????C@?\???\??????sZ???\??????s\????:??A??s?:???C@?x???`|?w\?????@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A45B1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9df8b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ceabb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cf7a21
SendHandler -> NDIS.sys @ 0xb9cd587b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="48D76DC5147C679A55D3F7723DA862DB5850E78E48DA43548E7B89AC24FCCEB565799B955B2511E68165BFF6A0821B52C22B01DBE61C4C09EE25E26E8358AD31D119039967E0D9498A7351E9E546F7B5CE62494B8883C923CDB8CE1079C843B4A1A009C5F5933588C5A2D6E3592406822E79553F2EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B5552FDC3D5910C3782E14F8BB503245D97DCC5FDAE7B2F5205BF14384E7ABAF4449B7DBA3685C2C2DCE571EF1DBFE082A0C498B1E3069D7395F580A34FD0745212278CC674517C35B69F4521BBD4957C8DD6DECC833975FBA22A15DAAF607FE4F4B8DFC4359208F96E558792740CC1E0D0C8E9E223D7702E08B2E32A5C002FE8E9E055A095589F7C430DC9C9BF5F9AE2433766505DFF39A3E89D6A5F10D81C6747AE47A9B2C1949A13755E791AF73BF0D7464A55EEFAD68B50E66F5F453C23E6CC12515F4144B333BEE052D370911681BF3096832867A8B018F9C0625CD3831335BAF059F88CBCAF3CF2561CCDBDEA8F65A8ADD1581618D2C062B5C8D7906CD5BB1E64B3D49FE080354E21DA8C81B609BD3045632801FD51A70B924CE1906A8C9349D8B81597CC7F2FB601EB2343A54D9130248C76A2535FC4F62AC1AB2C5B937539C8D35FE0D4AA3CBB143E84764AF54C9884D27E797DCDFA936E8B61108DA34889FBC34C6AE3546CA60925D6C727E83330B23B8654E631D8836EE82C1C04BA0CCD5A9ED7F150E6304E73533D4F7B2338AF52CF414D64366F85A796B9699B0B31F6308E73A2744D3083BF8A6F3B4A1029026ED6AEAEFDA428D0EE87326718F7582E1AFB951FEA5C7E93F4C8282A284660AEC923C2011EB07DAAFBE334B58D5C4FC5C9C90DDE9E84141CA46297D6CF825C092E720B3601E63FA1323D52294D0521953EF2CBFEC24182BAD9E8F23F1805B7FCE605FE43B7AD60D7DDE1B109FB5A5E6B8EADF1A3CD575452833BEF7C5007917D1115A39B1F0B6B02B635437279B17F777F615D343DDD8346D8355453041C25EBAB481FA88522B0C4BC26B850CFCD4E26AA0C71820FE961F293603172DF2CE2C22A75C36395732498132D9A664B861C160968856A6E3D23176138D3CEBA388DC12ED843C6F171B95630FAF8DF81491359FADFBC0DC970A9CE787CECA4F4A3152062BA7A20C938B247CD68F7049B5105D5F5DD850FB8B0B1301A33419EEC1DBEF722B0A41A1ABFCA74CACB0C904A859E3C9C0EC3FF313774BBB1D3D449744F0A03CDB00377BA83B5CC4D7DF57115CBFEF8199180CE667C60305CC80AC4676ABCDBECD74E315B2E6FECE43FA1B88A56933994ACDFAAA24C379BC2F28F532DB1BE9C6B6E5ED1F5AF4D143FC75"
"OODEFRAG10.00.00.01WORKSTATION"="C7EEF17B6E4F8F40C5E8A85A774E2A6355DF2931E5BEE35E8B644CC4EF735A930FA22DF212BE40F853AEBECDB4022344A8DAC6501D55859A15A79597B335445D00381EB39947D37C35E1CF860DAE475FA842CC329A6B26591A6FE596A4CA97317D2D6EE0B97058BA39B8D92732650975B0A4AE9CACB8BF4CA4C3464A4EB5F154DA215B62D6A23328208DEE998796334D8E357399D4D99F2AAE5051FEEDD9498B625BB6E60F2B1ABDA0DD350BA619E0B006C9B678C84E682E29E4B9C2F78161A45042E45B313A1AF7E54BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B555A7F90EB1E7682EBD8441B9638F9EBD34761A85BC7B75FA828CA057773FDB93B1F1614485DBCA28C405ADADD1789A46BBAE781F12696BBBB19A4303AA8899AC09B61FAC20E0C48521FD39A59921E631252178D8F2EB7AABE36F3080E1E9B15A3C9C5B7024B33A3B954F6AA8C58D97E0EB01A33772EB88BA6BB091EF574FF9391660807015E792B385688DF2C394462AAD15C57307A67E4BBD9A54A7AA7BCC5708D2BDBCDAE4394B7ACEB4F165630F57AC3773F9892C4934F7FB2BB05F840B3BA458061DC2E49D51A01C31CADEF811274DD57D6BBAE15C42D7B88CC75BD2145BA467918CFCF5B40D4AFD9ED5CAA8F34B9BF1011BBA00ACB140C7335F6DA6D1A4E30F5B371DFCF3366B34561C259B5EE8C323D713121433B738331C9D420FAB76626DA1039CAE59FA9C16F85FD04B7D1B9793268EA8FEEE7A6A1D8ADA6D7393A442B768835716637A9C8B6B13918A81EF8E81CE7F4F73DF16263683A5678DF978CDB475858D1316CCC912D5DC13FA20E8C13F7B89377C0D175F45D1BD8A69D52DEFC3D506E4D678772A3BA3996194907CEE321A8577F580032AA8049B18EB23F1B852D6B7E36A96F9E62B06D86D2411947855DB0088114650C34E6BE5B0485EEBDBE60D02F7A680444D9CEF5E8DC8600F6438B4B84BD2EFE98AB79D7B5D090C333218CFFE72BAC83BCC5D9A217A75453D5B7ADE25019295AD80FD77ED0A8C32D2B591397C052A0839FB4D024C52F287E6AB54D6EC51FDCD6F4E4C93020684DBCB8795A77E4B4A5A0A12E165BF955E73C4C7105EED4416B876BCE1573182F496126B7740BA4048DD6EED24498F2AA4D984468A7A37C930F5FD3D11E6AA99BA750D4A20E91BC220B69C0EB2F503DA8A0FC9DE37F30FB3F32DB560C2ACCFC5808F19AD0B4F3F99260E3D993D789452A9ECA9721C576BB85F073E5D7057B3E54A7F0748C85EF76C810D6CD80A20F523EACEAD7FD3787B744130B090AA58A1BDEBE399EB7C4CCE47AC66BBB7720109441016D42F0CE81FE2BFDB17F7936717F4915F8990610F7B9AF4CA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1000)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1060)
d:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(1792)
d:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
d:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\windows\system32\CTsvcCDA.exe
d:\program files\Canon\IJPLM\IJPLMSVC.EXE
d:\program files\Nero\Nero8\InCD\InCDsrv.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\windows\system32\oodag.exe
d:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
d:\program files\MediaKey v2.00\OSD.EXE
d:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\windows\system32\MsPMSPSv.exe
d:\program files\Common Files\Nero\Lib\NMIndexingService.exe
d:\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-10 10:10:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-10 09:10
ComboFix2.txt 2010-01-09 20:49
Před spuštěním: Volných bajtů: 33 523 216 384
Po spuštění: Volných bajtů: 33 492 631 552
- - End Of File - - 707E89F767019E026CD6269B68CBBBBA
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu combofix
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Kontrola logu combofix
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.48 2010.01.10 -
AhnLab-V3 5.0.0.2 2010.01.10 -
AntiVir 7.9.1.134 2010.01.10 -
Antiy-AVL 2.0.3.7 2010.01.08 -
Authentium 5.2.0.5 2010.01.09 -
Avast 4.8.1351.0 2010.01.10 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.10 -
CAT-QuickHeal 10.00 2010.01.09 Trojan.Agent.ATV
ClamAV 0.94.1 2010.01.09 -
a-squared 4.5.0.48 2010.01.10 -
AhnLab-V3 5.0.0.2 2010.01.10 -
AntiVir 7.9.1.134 2010.01.10 -
Antiy-AVL 2.0.3.7 2010.01.08 -
Authentium 5.2.0.5 2010.01.09 -
Avast 4.8.1351.0 2010.01.10 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.10 -
CAT-QuickHeal 10.00 2010.01.09 Trojan.Agent.ATV
ClamAV 0.94.1 2010.01.09 -
Re: Kontrola logu combofix
Soubor services.exe přijatý 2010.01.10 15:31:07 (UTC)
Současný stav: Dokončeno
Výsledek: 1/41 (2.44%)
Formátované
Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.48 2010.01.10 -
AhnLab-V3 5.0.0.2 2010.01.10 -
AntiVir 7.9.1.134 2010.01.10 -
Antiy-AVL 2.0.3.7 2010.01.08 -
Authentium 5.2.0.5 2010.01.09 -
Avast 4.8.1351.0 2010.01.10 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.10 -
CAT-QuickHeal 10.00 2010.01.09 Trojan.Agent.ATV
ClamAV 0.94.1 2010.01.09 -
Současný stav: Dokončeno
Výsledek: 1/41 (2.44%)
Formátované
Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.48 2010.01.10 -
AhnLab-V3 5.0.0.2 2010.01.10 -
AntiVir 7.9.1.134 2010.01.10 -
Antiy-AVL 2.0.3.7 2010.01.08 -
Authentium 5.2.0.5 2010.01.09 -
Avast 4.8.1351.0 2010.01.10 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.10 -
CAT-QuickHeal 10.00 2010.01.09 Trojan.Agent.ATV
ClamAV 0.94.1 2010.01.09 -
Re: Kontrola logu combofix
Ostatní bylo bez záznamu a tady je výsledek combofix.
ComboFix 10-01-04.01 - Libor 10.01.2010 16:37:51.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2635 [GMT 1:00]
Spuštěný z: f:\zaloha_d\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINLOGON.EXE
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\Freedom Scientific
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\soft602
2010-01-09 22:45 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:45 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-09 22:07 . 2010-01-10 08:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-01-09 20:10 . 2010-01-09 20:31 -------- d-----w- d:\windows\system32\oodag
2010-01-09 20:07 . 2010-01-09 20:07 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-01-09 19:54 . 2010-01-09 19:54 -------- d-----r- d:\documents and settings\LocalService\Oblíbené položky
2010-01-09 19:26 . 2010-01-09 19:59 -------- d-----w- d:\program files\OO Software
2010-01-06 20:36 . 2010-01-06 20:36 0 ----a-w- d:\windows\nsreg.dat
2010-01-06 13:34 . 2010-01-06 13:34 -------- d-----w- d:\program files\MSXML 4.0
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\Libor\data aplikac??
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\All Users\data aplikac??
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Common Files\Nero
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Nero
2010-01-05 21:27 . 2010-01-05 21:44 -------- d-----w- d:\program files\Zoner
2010-01-03 20:02 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2010-01-03 20:02 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-01-03 20:02 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-01-03 20:02 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-03 20:02 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-01-03 20:02 . 2010-01-03 20:03 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-01-03 19:59 . 2010-01-03 19:59 -------- d-----w- d:\program files\FLVPlayer4Free
2009-12-25 21:56 . 2009-12-25 21:56 -------- d-----w- D:\WinFast WorkArea
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\Common Files\Ulead Systems
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\WinFast
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- d:\program files\CCleaner
2009-12-24 23:25 . 2008-04-14 07:52 54272 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll
2009-12-24 23:25 . 2008-04-14 07:52 54272 ----a-w- d:\windows\system32\vfwwdm32.dll
2009-12-24 23:22 . 2003-09-19 14:45 21248 ----a-w- d:\windows\system32\drivers\pfc.sys
2009-12-24 23:22 . 1995-08-01 03:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-12-24 23:18 . 2002-07-03 10:44 53248 ----a-w- d:\windows\amcap.exe
2009-12-24 23:18 . 2004-08-30 15:37 286720 ----a-w- d:\windows\vsnpstd2.exe
2009-12-24 23:18 . 2004-06-08 17:25 53248 ----a-w- d:\windows\system32\dsnpstd2.dll
2009-12-24 23:17 . 2004-10-14 16:12 347264 ----a-w- d:\windows\system32\drivers\snpstd2.sys
2009-12-24 23:17 . 2004-09-24 15:24 57344 ----a-w- d:\windows\system32\rsnpstd2.dll
2009-12-24 23:17 . 2004-09-24 12:52 36864 ----a-w- d:\windows\system32\vsnpstd2.dll
2009-12-24 23:17 . 2004-02-16 12:59 61440 ----a-w- d:\windows\system32\csnpstd2.dll
2009-12-24 23:17 . 2009-12-24 23:17 -------- d-----w- d:\program files\Trust
2009-12-24 23:17 . 2004-06-09 15:00 20480 ----a-w- d:\windows\usnpstd2.exe
2009-12-24 23:13 . 2009-12-24 23:13 -------- d-----w- d:\program files\MediaKey v2.00
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- d:\program files\KYE
2009-12-24 23:11 . 2002-05-17 13:35 6656 ----a-w- d:\windows\system32\drivers\gmfiltr.sys
2009-12-24 23:11 . 2001-09-14 08:29 4096 ----a-w- d:\windows\system32\drivers\gmcoinst.dll
2009-12-24 21:59 . 2000-09-25 15:02 11864 ----a-w- d:\windows\system32\drivers\kbfilter.sys
2009-12-24 21:59 . 2009-12-24 22:33 -------- d-----w- d:\program files\Genius Multimedia Keyboard Driver
2009-12-24 21:14 . 1997-12-23 01:00 5600 ----a-w- d:\windows\system\WINASPI.DLL
2009-12-24 21:14 . 1997-12-23 01:00 48128 ----a-w- d:\windows\system32\WNASPI32.DLL
2009-12-24 21:14 . 1997-12-23 01:00 4672 ----a-w- d:\windows\system\WOWPOST.EXE
2009-12-24 21:14 . 1997-12-23 01:00 23936 ----a-w- d:\windows\system32\drivers\ASPI32.SYS
2009-12-24 15:23 . 2009-09-23 09:51 282624 ------w- d:\windows\system32\fppr332.dll
2009-12-24 15:23 . 2009-09-20 13:27 389120 ------w- d:\windows\system32\fppmon3.dll
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-12-24 15:14 . 2009-08-19 22:50 22872 ----a-r- d:\windows\system32\AdobePDFUI.dll
2009-12-24 15:14 . 2009-08-19 22:50 46928 ----a-r- d:\windows\system32\AdobePDF.dll
2009-12-24 15:11 . 2009-12-26 22:35 -------- d-----w- d:\program files\Common Files\Adobe
2009-12-23 18:35 . 2009-12-23 18:37 -------- d-----w- D:\TRANSLAT
2009-12-23 18:21 . 2009-12-23 18:21 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2009-12-23 18:21 . 2009-12-23 18:21 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2009-12-23 18:21 . 2009-12-23 18:21 129248 ----a-w- d:\windows\system32\drivers\snapman.sys
2009-12-23 18:20 . 2009-12-23 18:20 368736 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Common Files\Acronis
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Acronis
2009-12-23 18:16 . 2009-12-23 18:16 -------- d-----w- D:\d29a712d75c390c652de0a
2009-12-23 18:16 . 2009-12-23 18:22 -------- d-----w- d:\windows\SxsCaPendDel
2009-12-22 18:31 . 2009-12-22 18:31 -------- d-----w- d:\program files\Microsoft Silverlight
2009-12-22 18:27 . 2009-12-23 18:16 -------- d-----w- d:\windows\system32\XPSViewer
2009-12-22 18:27 . 2009-12-22 18:27 -------- d-----w- d:\program files\Reference Assemblies
2009-12-22 18:27 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-22 18:27 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-12-22 18:13 . 2009-12-22 18:13 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-22 18:10 . 2009-09-29 20:15 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-22 17:02 . 2009-12-22 17:02 -------- d-----w- d:\program files\Marvell
2009-12-22 16:57 . 2008-08-01 15:46 122880 ----a-w- d:\windows\system32\NVCOSMB.DLL
2009-12-22 16:50 . 2009-12-22 18:11 -------- d-----w- d:\program files\ATI Technologies
2009-12-22 16:50 . 2009-12-22 16:53 -------- d-----w- d:\program files\ATI
2009-12-21 23:18 . 2009-12-21 23:19 -------- d-----w- d:\program files\Common Files\Macromedia
2009-12-21 23:16 . 2009-12-21 23:16 -------- d-----w- d:\windows\Downloaded Installations
2009-12-21 22:21 . 2004-06-14 13:56 427864 ----a-w- d:\windows\system32\XceedZip.dll
2009-12-21 22:21 . 2009-12-21 22:21 -------- d-----w- d:\program files\Driver-Soft
2009-12-21 20:26 . 2009-12-21 20:26 -------- d-----w- d:\program files\iXi Tools
2009-12-21 17:21 . 2009-12-21 17:21 -------- d-----w- d:\program files\Flat Panel Adjust
2009-12-21 17:20 . 2009-12-21 17:20 -------- d-----w- d:\documents and settings\Libor\WINDOWS
2009-12-20 21:42 . 2009-12-20 21:42 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:31 . 2009-12-20 21:42 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-12-20 20:51 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-12-20 20:51 . 2009-08-06 18:23 215920 ----a-w- d:\windows\system32\muweb.dll
2009-12-20 20:40 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-12-20 20:40 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-20 20:39 . 2009-12-21 17:56 -------- d-----w- d:\program files\Microsoft Works
2009-12-20 20:39 . 2009-12-20 20:39 -------- d-----w- d:\program files\MSBuild
2009-12-20 20:36 . 2009-12-20 20:38 -------- d-----w- d:\windows\SHELLNEW
2009-12-20 20:35 . 2009-12-20 20:35 -------- d-----r- D:\MSOCache
2009-12-20 20:04 . 2009-12-20 20:04 -------- d-----w- d:\program files\Windows Media Connect 2
2009-12-20 20:03 . 2009-12-20 20:04 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-12-20 20:03 . 2009-12-20 20:03 -------- d-----w- d:\windows\system32\LogFiles
2009-12-20 19:56 . 2002-07-19 02:56 270336 ----a-w- d:\windows\system32\SFMS32.DLL
2009-12-20 19:55 . 1999-12-13 00:01 44032 ----a-w- d:\windows\system32\CTSVCCDA.EXE
2009-12-20 19:55 . 1999-11-18 00:00 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2009-12-20 19:55 . 2009-12-20 19:55 -------- d-----w- D:\Media
2009-12-20 19:55 . 2001-09-13 00:12 73728 ------w- d:\windows\system32\CTDrmRes.dll
2009-12-20 19:55 . 2001-05-04 09:29 28672 ------w- d:\windows\system32\CTIntRes.dll
2009-12-20 19:55 . 2001-03-30 01:00 62976 ------w- d:\windows\system32\CTDetres.dll
2009-12-20 19:55 . 2000-04-20 00:00 24576 ------w- d:\windows\system32\CTMERes.DLL
2009-12-20 19:55 . 2002-02-20 03:00 331776 ------w- d:\windows\system32\CTMedEng.dll
2009-12-20 19:55 . 2002-01-22 01:12 163840 ------w- d:\windows\system32\CTDRMUI.dll
2009-12-20 19:55 . 1998-10-20 08:05 54784 ------w- d:\windows\system32\Inetwh32.dll
2009-12-20 19:54 . 2001-05-28 12:47 12288 ----a-w- d:\windows\system32\AHQCpURes.dll
2009-12-20 19:54 . 2009-12-25 21:49 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-20 19:53 . 1999-10-11 01:01 41984 ------w- d:\windows\CTRegRun.exe
2009-12-20 19:53 . 2009-12-20 20:00 -------- d-----w- d:\program files\Creative
2009-12-20 19:53 . 1999-12-17 00:00 6752 ------w- d:\windows\system32\PFMODNT.SYS
2009-12-20 19:36 . 2008-06-14 17:35 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-12-20 19:36 . 2009-06-21 21:48 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2009-12-20 19:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-12-20 19:35 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-12-20 19:35 . 2008-04-11 19:06 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-12-20 19:35 . 2009-07-10 13:28 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:12 . 2004-08-18 12:00 77850 ----a-w- d:\windows\system32\perfc005.dat
2009-12-24 14:12 . 2004-08-18 12:00 428744 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 18:44 . 2009-12-20 18:43 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 19:53 . 2009-12-20 18:29 -------- d-----w- d:\program files\Common Files\InstallShield
2009-12-20 19:32 . 2009-12-20 19:32 -------- d--h--w- d:\program files\CanonBJ
2009-12-20 18:56 . 2009-12-20 18:06 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:56 . 2009-12-20 18:06 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-20 18:56 . 2009-12-20 18:07 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-20 18:43 . 2009-12-20 18:43 -------- d-----w- d:\program files\Avira
2009-12-20 18:31 . 2009-12-20 18:31 -------- d-----w- d:\program files\Gigabyte
2009-12-20 18:07 . 2009-12-20 18:07 -------- d-----w- d:\program files\microsoft frontpage
2009-12-20 18:04 . 2009-12-20 18:04 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- d:\windows\system32\wininet.dll
2009-10-21 09:22 . 2009-10-21 09:22 364544 ----a-w- d:\windows\system32\yk51x86.dll
2009-10-21 09:22 . 2009-10-21 09:22 298752 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- d:\windows\system32\oakley.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-09_20.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-18 12:00 . 2008-04-14 07:52 14336 d:\windows\system32\svchost.exe
+ 2004-08-18 12:00 . 2008-04-14 07:52 57856 d:\windows\system32\spoolsv.exe
+ 2009-01-22 03:16 . 2009-01-22 03:16 88904 d:\windows\system32\msxml4r.dll
+ 2009-03-25 10:43 . 2009-03-25 10:43 44544 d:\windows\system32\msxml4a.dll
+ 2004-08-18 12:00 . 2008-04-14 07:52 13312 d:\windows\system32\lsass.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut31_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut3_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_CA3F6736196D49668BD5097CC47A5C65.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut1_3575D6B9E84F4FD591F78BFF09FFF450.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 8854 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\Uninstall_602XML_F_DA564D32E3614401A2BB7B7E5BC41DD2.exe
+ 2004-08-18 12:00 . 2008-04-14 07:52 507904 d:\windows\system32\winlogon.exe
+ 2008-10-01 11:29 . 2008-10-01 11:29 749605 d:\windows\system32\spool\drivers\w32x86\3\acpdfui301.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 633299 d:\windows\system32\spool\drivers\w32x86\3\acpdf301.dll
+ 2004-08-18 12:00 . 2009-02-09 11:18 111104 d:\windows\system32\services.exe
+ 2009-05-05 09:35 . 2009-05-05 09:35 132232 d:\windows\system32\GDTWAIN.DLL
+ 2004-08-18 12:00 . 2008-04-14 07:52 507904 d:\windows\system32\dllcache\winlogon.exe
+ 2010-01-09 23:15 . 2010-01-09 23:15 418816 d:\windows\Installer\8197a3.msi
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\shrFiller1_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\ARPPRODUCTICON.exe
+ 2009-01-22 03:14 . 2009-01-22 03:14 1328968 d:\windows\system32\msxml4.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 3833856 d:\windows\system32\cdintf300.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 2352640 d:\windows\Installer\81979f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 ----a-w- d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"OEXPRESS"="d:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-23 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="d:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"pdfFactory Pro Dispatcher v3"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-20 606208]
"mouseElf"="d:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"SNPSTD2"="d:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WinFastDTV"="d:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-01-31 69632]
"WinFast Schedule"="d:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-01-30 397312]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="d:\program files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Genius Multimedia Keyboard Driver.lnk - d:\program files\MediaKey v2.00\Versato.exe [2009-12-25 745984]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Libor\\Data aplikací\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [24.12.2009 22:59 11864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [20.12.2009 19:43 108289]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.1.2010 23:45 236368]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [13.12.2007 22:02 50984]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9.1.2010 23:45 19160]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [20.12.2009 22:31 691696]
S3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFDTV\WFIOCTL.sys [25.12.2009 22:49 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 d:\windows\Tasks\User_Feed_Synchronization-{2FA2815D-27C6-4B3A-91CA-F22156996EDF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF} = 192.168.10.1
TCP: {87F2DEEB-940E-4E4B-B1AA-7652AEF69A16} = 192.168.10.1
FF - ProfilePath - d:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\ybixrucv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 16:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = d:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???Z????:??????\??? ??? ???\???\???????????5?7~e?7~\???\???????p?_??????C@?\???\??????sZ???\??????s\????:??A??s?:???C@?x???`|?w\?????@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="48D76DC5147C679A55D3F7723DA862DB5850E78E48DA43548E7B89AC24FCCEB565799B955B2511E68165BFF6A0821B52C22B01DBE61C4C09EE25E26E8358AD31D119039967E0D9498A7351E9E546F7B5CE62494B8883C923CDB8CE1079C843B4A1A009C5F5933588C5A2D6E3592406822E79553F2EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B5552FDC3D5910C3782E14F8BB503245D97DCC5FDAE7B2F5205BF14384E7ABAF4449B7DBA3685C2C2DCE571EF1DBFE082A0C498B1E3069D7395F580A34FD0745212278CC674517C35B69F4521BBD4957C8DD6DECC833975FBA22A15DAAF607FE4F4B8DFC4359208F96E558792740CC1E0D0C8E9E223D7702E08B2E32A5C002FE8E9E055A095589F7C430DC9C9BF5F9AE2433766505DFF39A3E89D6A5F10D81C6747AE47A9B2C1949A13755E791AF73BF0D7464A55EEFAD68B50E66F5F453C23E6CC12515F4144B333BEE052D370911681BF3096832867A8B018F9C0625CD3831335BAF059F88CBCAF3CF2561CCDBDEA8F65A8ADD1581618D2C062B5C8D7906CD5BB1E64B3D49FE080354E21DA8C81B609BD3045632801FD51A70B924CE1906A8C9349D8B81597CC7F2FB601EB2343A54D9130248C76A2535FC4F62AC1AB2C5B937539C8D35FE0D4AA3CBB143E84764AF54C9884D27E797DCDFA936E8B61108DA34889FBC34C6AE3546CA60925D6C727E83330B23B8654E631D8836EE82C1C04BA0CCD5A9ED7F150E6304E73533D4F7B2338AF52CF414D64366F85A796B9699B0B31F6308E73A2744D3083BF8A6F3B4A1029026ED6AEAEFDA428D0EE87326718F7582E1AFB951FEA5C7E93F4C8282A284660AEC923C2011EB07DAAFBE334B58D5C4FC5C9C90DDE9E84141CA46297D6CF825C092E720B3601E63FA1323D52294D0521953EF2CBFEC24182BAD9E8F23F1805B7FCE605FE43B7AD60D7DDE1B109FB5A5E6B8EADF1A3CD575452833BEF7C5007917D1115A39B1F0B6B02B635437279B17F777F615D343DDD8346D8355453041C25EBAB481FA88522B0C4BC26B850CFCD4E26AA0C71820FE961F293603172DF2CE2C22A75C36395732498132D9A664B861C160968856A6E3D23176138D3CEBA388DC12ED843C6F171B95630FAF8DF81491359FADFBC0DC970A9CE787CECA4F4A3152062BA7A20C938B247CD68F7049B5105D5F5DD850FB8B0B1301A33419EEC1DBEF722B0A41A1ABFCA74CACB0C904A859E3C9C0EC3FF313774BBB1D3D449744F0A03CDB00377BA83B5CC4D7DF57115CBFEF8199180CE667C60305CC80AC4676ABCDBECD74E315B2E6FECE43FA1B88A56933994ACDFAAA24C379BC2F28F532DB1BE9C6B6E5ED1F5AF4D143FC75"
"OODEFRAG10.00.00.01WORKSTATION"="C7EEF17B6E4F8F40C5E8A85A774E2A6355DF2931E5BEE35E8B644CC4EF735A930FA22DF212BE40F853AEBECDB4022344A8DAC6501D55859A15A79597B335445D00381EB39947D37C35E1CF860DAE475FA842CC329A6B26591A6FE596A4CA97317D2D6EE0B97058BA39B8D92732650975B0A4AE9CACB8BF4CA4C3464A4EB5F154DA215B62D6A23328208DEE998796334D8E357399D4D99F2AAE5051FEEDD9498B625BB6E60F2B1ABDA0DD350BA619E0B006C9B678C84E682E29E4B9C2F78161A45042E45B313A1AF7E54BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B555A7F90EB1E7682EBD8441B9638F9EBD34761A85BC7B75FA828CA057773FDB93B1F1614485DBCA28C405ADADD1789A46BBAE781F12696BBBB19A4303AA8899AC09B61FAC20E0C48521FD39A59921E631252178D8F2EB7AABE36F3080E1E9B15A3C9C5B7024B33A3B954F6AA8C58D97E0EB01A33772EB88BA6BB091EF574FF9391660807015E792B385688DF2C394462AAD15C57307A67E4BBD9A54A7AA7BCC5708D2BDBCDAE4394B7ACEB4F165630F57AC3773F9892C4934F7FB2BB05F840B3BA458061DC2E49D51A01C31CADEF811274DD57D6BBAE15C42D7B88CC75BD2145BA467918CFCF5B40D4AFD9ED5CAA8F34B9BF1011BBA00ACB140C7335F6DA6D1A4E30F5B371DFCF3366B34561C259B5EE8C323D713121433B738331C9D420FAB76626DA1039CAE59FA9C16F85FD04B7D1B9793268EA8FEEE7A6A1D8ADA6D7393A442B768835716637A9C8B6B13918A81EF8E81CE7F4F73DF16263683A5678DF978CDB475858D1316CCC912D5DC13FA20E8C13F7B89377C0D175F45D1BD8A69D52DEFC3D506E4D678772A3BA3996194907CEE321A8577F580032AA8049B18EB23F1B852D6B7E36A96F9E62B06D86D2411947855DB0088114650C34E6BE5B0485EEBDBE60D02F7A680444D9CEF5E8DC8600F6438B4B84BD2EFE98AB79D7B5D090C333218CFFE72BAC83BCC5D9A217A75453D5B7ADE25019295AD80FD77ED0A8C32D2B591397C052A0839FB4D024C52F287E6AB54D6EC51FDCD6F4E4C93020684DBCB8795A77E4B4A5A0A12E165BF955E73C4C7105EED4416B876BCE1573182F496126B7740BA4048DD6EED24498F2AA4D984468A7A37C930F5FD3D11E6AA99BA750D4A20E91BC220B69C0EB2F503DA8A0FC9DE37F30FB3F32DB560C2ACCFC5808F19AD0B4F3F99260E3D993D789452A9ECA9721C576BB85F073E5D7057B3E54A7F0748C85EF76C810D6CD80A20F523EACEAD7FD3787B744130B090AA58A1BDEBE399EB7C4CCE47AC66BBB7720109441016D42F0CE81FE2BFDB17F7936717F4915F8990610F7B9AF4CA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1016)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1076)
d:\windows\system32\relog_ap.dll
.
Celkový čas: 2010-01-10 16:42:27
ComboFix-quarantined-files.txt 2010-01-10 15:42
ComboFix2.txt 2010-01-10 09:10
ComboFix3.txt 2010-01-09 20:49
Před spuštěním: Volných bajtů: 33 471 373 312
Po spuštění: Volných bajtů: 33 434 021 888
- - End Of File - - 1CD3C9C07EE7450F85CCCBCFBCC9D301
ComboFix 10-01-04.01 - Libor 10.01.2010 16:37:51.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2635 [GMT 1:00]
Spuštěný z: f:\zaloha_d\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINLOGON.EXE
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\Freedom Scientific
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\soft602
2010-01-09 22:45 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:45 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-09 22:07 . 2010-01-10 08:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-01-09 20:10 . 2010-01-09 20:31 -------- d-----w- d:\windows\system32\oodag
2010-01-09 20:07 . 2010-01-09 20:07 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-01-09 19:54 . 2010-01-09 19:54 -------- d-----r- d:\documents and settings\LocalService\Oblíbené položky
2010-01-09 19:26 . 2010-01-09 19:59 -------- d-----w- d:\program files\OO Software
2010-01-06 20:36 . 2010-01-06 20:36 0 ----a-w- d:\windows\nsreg.dat
2010-01-06 13:34 . 2010-01-06 13:34 -------- d-----w- d:\program files\MSXML 4.0
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\Libor\data aplikac??
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\All Users\data aplikac??
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Common Files\Nero
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Nero
2010-01-05 21:27 . 2010-01-05 21:44 -------- d-----w- d:\program files\Zoner
2010-01-03 20:02 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2010-01-03 20:02 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-01-03 20:02 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-01-03 20:02 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-03 20:02 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-01-03 20:02 . 2010-01-03 20:03 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-01-03 19:59 . 2010-01-03 19:59 -------- d-----w- d:\program files\FLVPlayer4Free
2009-12-25 21:56 . 2009-12-25 21:56 -------- d-----w- D:\WinFast WorkArea
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\Common Files\Ulead Systems
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\WinFast
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- d:\program files\CCleaner
2009-12-24 23:25 . 2008-04-14 07:52 54272 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll
2009-12-24 23:25 . 2008-04-14 07:52 54272 ----a-w- d:\windows\system32\vfwwdm32.dll
2009-12-24 23:22 . 2003-09-19 14:45 21248 ----a-w- d:\windows\system32\drivers\pfc.sys
2009-12-24 23:22 . 1995-08-01 03:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-12-24 23:18 . 2002-07-03 10:44 53248 ----a-w- d:\windows\amcap.exe
2009-12-24 23:18 . 2004-08-30 15:37 286720 ----a-w- d:\windows\vsnpstd2.exe
2009-12-24 23:18 . 2004-06-08 17:25 53248 ----a-w- d:\windows\system32\dsnpstd2.dll
2009-12-24 23:17 . 2004-10-14 16:12 347264 ----a-w- d:\windows\system32\drivers\snpstd2.sys
2009-12-24 23:17 . 2004-09-24 15:24 57344 ----a-w- d:\windows\system32\rsnpstd2.dll
2009-12-24 23:17 . 2004-09-24 12:52 36864 ----a-w- d:\windows\system32\vsnpstd2.dll
2009-12-24 23:17 . 2004-02-16 12:59 61440 ----a-w- d:\windows\system32\csnpstd2.dll
2009-12-24 23:17 . 2009-12-24 23:17 -------- d-----w- d:\program files\Trust
2009-12-24 23:17 . 2004-06-09 15:00 20480 ----a-w- d:\windows\usnpstd2.exe
2009-12-24 23:13 . 2009-12-24 23:13 -------- d-----w- d:\program files\MediaKey v2.00
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- d:\program files\KYE
2009-12-24 23:11 . 2002-05-17 13:35 6656 ----a-w- d:\windows\system32\drivers\gmfiltr.sys
2009-12-24 23:11 . 2001-09-14 08:29 4096 ----a-w- d:\windows\system32\drivers\gmcoinst.dll
2009-12-24 21:59 . 2000-09-25 15:02 11864 ----a-w- d:\windows\system32\drivers\kbfilter.sys
2009-12-24 21:59 . 2009-12-24 22:33 -------- d-----w- d:\program files\Genius Multimedia Keyboard Driver
2009-12-24 21:14 . 1997-12-23 01:00 5600 ----a-w- d:\windows\system\WINASPI.DLL
2009-12-24 21:14 . 1997-12-23 01:00 48128 ----a-w- d:\windows\system32\WNASPI32.DLL
2009-12-24 21:14 . 1997-12-23 01:00 4672 ----a-w- d:\windows\system\WOWPOST.EXE
2009-12-24 21:14 . 1997-12-23 01:00 23936 ----a-w- d:\windows\system32\drivers\ASPI32.SYS
2009-12-24 15:23 . 2009-09-23 09:51 282624 ------w- d:\windows\system32\fppr332.dll
2009-12-24 15:23 . 2009-09-20 13:27 389120 ------w- d:\windows\system32\fppmon3.dll
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-12-24 15:14 . 2009-08-19 22:50 22872 ----a-r- d:\windows\system32\AdobePDFUI.dll
2009-12-24 15:14 . 2009-08-19 22:50 46928 ----a-r- d:\windows\system32\AdobePDF.dll
2009-12-24 15:11 . 2009-12-26 22:35 -------- d-----w- d:\program files\Common Files\Adobe
2009-12-23 18:35 . 2009-12-23 18:37 -------- d-----w- D:\TRANSLAT
2009-12-23 18:21 . 2009-12-23 18:21 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2009-12-23 18:21 . 2009-12-23 18:21 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2009-12-23 18:21 . 2009-12-23 18:21 129248 ----a-w- d:\windows\system32\drivers\snapman.sys
2009-12-23 18:20 . 2009-12-23 18:20 368736 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Common Files\Acronis
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Acronis
2009-12-23 18:16 . 2009-12-23 18:16 -------- d-----w- D:\d29a712d75c390c652de0a
2009-12-23 18:16 . 2009-12-23 18:22 -------- d-----w- d:\windows\SxsCaPendDel
2009-12-22 18:31 . 2009-12-22 18:31 -------- d-----w- d:\program files\Microsoft Silverlight
2009-12-22 18:27 . 2009-12-23 18:16 -------- d-----w- d:\windows\system32\XPSViewer
2009-12-22 18:27 . 2009-12-22 18:27 -------- d-----w- d:\program files\Reference Assemblies
2009-12-22 18:27 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-22 18:27 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-12-22 18:13 . 2009-12-22 18:13 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-22 18:10 . 2009-09-29 20:15 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-22 17:02 . 2009-12-22 17:02 -------- d-----w- d:\program files\Marvell
2009-12-22 16:57 . 2008-08-01 15:46 122880 ----a-w- d:\windows\system32\NVCOSMB.DLL
2009-12-22 16:50 . 2009-12-22 18:11 -------- d-----w- d:\program files\ATI Technologies
2009-12-22 16:50 . 2009-12-22 16:53 -------- d-----w- d:\program files\ATI
2009-12-21 23:18 . 2009-12-21 23:19 -------- d-----w- d:\program files\Common Files\Macromedia
2009-12-21 23:16 . 2009-12-21 23:16 -------- d-----w- d:\windows\Downloaded Installations
2009-12-21 22:21 . 2004-06-14 13:56 427864 ----a-w- d:\windows\system32\XceedZip.dll
2009-12-21 22:21 . 2009-12-21 22:21 -------- d-----w- d:\program files\Driver-Soft
2009-12-21 20:26 . 2009-12-21 20:26 -------- d-----w- d:\program files\iXi Tools
2009-12-21 17:21 . 2009-12-21 17:21 -------- d-----w- d:\program files\Flat Panel Adjust
2009-12-21 17:20 . 2009-12-21 17:20 -------- d-----w- d:\documents and settings\Libor\WINDOWS
2009-12-20 21:42 . 2009-12-20 21:42 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:31 . 2009-12-20 21:42 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-12-20 20:51 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-12-20 20:51 . 2009-08-06 18:23 215920 ----a-w- d:\windows\system32\muweb.dll
2009-12-20 20:40 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-12-20 20:40 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-20 20:39 . 2009-12-21 17:56 -------- d-----w- d:\program files\Microsoft Works
2009-12-20 20:39 . 2009-12-20 20:39 -------- d-----w- d:\program files\MSBuild
2009-12-20 20:36 . 2009-12-20 20:38 -------- d-----w- d:\windows\SHELLNEW
2009-12-20 20:35 . 2009-12-20 20:35 -------- d-----r- D:\MSOCache
2009-12-20 20:04 . 2009-12-20 20:04 -------- d-----w- d:\program files\Windows Media Connect 2
2009-12-20 20:03 . 2009-12-20 20:04 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-12-20 20:03 . 2009-12-20 20:03 -------- d-----w- d:\windows\system32\LogFiles
2009-12-20 19:56 . 2002-07-19 02:56 270336 ----a-w- d:\windows\system32\SFMS32.DLL
2009-12-20 19:55 . 1999-12-13 00:01 44032 ----a-w- d:\windows\system32\CTSVCCDA.EXE
2009-12-20 19:55 . 1999-11-18 00:00 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2009-12-20 19:55 . 2009-12-20 19:55 -------- d-----w- D:\Media
2009-12-20 19:55 . 2001-09-13 00:12 73728 ------w- d:\windows\system32\CTDrmRes.dll
2009-12-20 19:55 . 2001-05-04 09:29 28672 ------w- d:\windows\system32\CTIntRes.dll
2009-12-20 19:55 . 2001-03-30 01:00 62976 ------w- d:\windows\system32\CTDetres.dll
2009-12-20 19:55 . 2000-04-20 00:00 24576 ------w- d:\windows\system32\CTMERes.DLL
2009-12-20 19:55 . 2002-02-20 03:00 331776 ------w- d:\windows\system32\CTMedEng.dll
2009-12-20 19:55 . 2002-01-22 01:12 163840 ------w- d:\windows\system32\CTDRMUI.dll
2009-12-20 19:55 . 1998-10-20 08:05 54784 ------w- d:\windows\system32\Inetwh32.dll
2009-12-20 19:54 . 2001-05-28 12:47 12288 ----a-w- d:\windows\system32\AHQCpURes.dll
2009-12-20 19:54 . 2009-12-25 21:49 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-20 19:53 . 1999-10-11 01:01 41984 ------w- d:\windows\CTRegRun.exe
2009-12-20 19:53 . 2009-12-20 20:00 -------- d-----w- d:\program files\Creative
2009-12-20 19:53 . 1999-12-17 00:00 6752 ------w- d:\windows\system32\PFMODNT.SYS
2009-12-20 19:36 . 2008-06-14 17:35 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-12-20 19:36 . 2009-06-21 21:48 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2009-12-20 19:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-12-20 19:35 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-12-20 19:35 . 2008-04-11 19:06 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-12-20 19:35 . 2009-07-10 13:28 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:12 . 2004-08-18 12:00 77850 ----a-w- d:\windows\system32\perfc005.dat
2009-12-24 14:12 . 2004-08-18 12:00 428744 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 18:44 . 2009-12-20 18:43 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 19:53 . 2009-12-20 18:29 -------- d-----w- d:\program files\Common Files\InstallShield
2009-12-20 19:32 . 2009-12-20 19:32 -------- d--h--w- d:\program files\CanonBJ
2009-12-20 18:56 . 2009-12-20 18:06 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:56 . 2009-12-20 18:06 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-20 18:56 . 2009-12-20 18:07 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-20 18:43 . 2009-12-20 18:43 -------- d-----w- d:\program files\Avira
2009-12-20 18:31 . 2009-12-20 18:31 -------- d-----w- d:\program files\Gigabyte
2009-12-20 18:07 . 2009-12-20 18:07 -------- d-----w- d:\program files\microsoft frontpage
2009-12-20 18:04 . 2009-12-20 18:04 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- d:\windows\system32\wininet.dll
2009-10-21 09:22 . 2009-10-21 09:22 364544 ----a-w- d:\windows\system32\yk51x86.dll
2009-10-21 09:22 . 2009-10-21 09:22 298752 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- d:\windows\system32\oakley.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-09_20.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-18 12:00 . 2008-04-14 07:52 14336 d:\windows\system32\svchost.exe
+ 2004-08-18 12:00 . 2008-04-14 07:52 57856 d:\windows\system32\spoolsv.exe
+ 2009-01-22 03:16 . 2009-01-22 03:16 88904 d:\windows\system32\msxml4r.dll
+ 2009-03-25 10:43 . 2009-03-25 10:43 44544 d:\windows\system32\msxml4a.dll
+ 2004-08-18 12:00 . 2008-04-14 07:52 13312 d:\windows\system32\lsass.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut31_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut3_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_CA3F6736196D49668BD5097CC47A5C65.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut1_3575D6B9E84F4FD591F78BFF09FFF450.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 8854 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\Uninstall_602XML_F_DA564D32E3614401A2BB7B7E5BC41DD2.exe
+ 2004-08-18 12:00 . 2008-04-14 07:52 507904 d:\windows\system32\winlogon.exe
+ 2008-10-01 11:29 . 2008-10-01 11:29 749605 d:\windows\system32\spool\drivers\w32x86\3\acpdfui301.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 633299 d:\windows\system32\spool\drivers\w32x86\3\acpdf301.dll
+ 2004-08-18 12:00 . 2009-02-09 11:18 111104 d:\windows\system32\services.exe
+ 2009-05-05 09:35 . 2009-05-05 09:35 132232 d:\windows\system32\GDTWAIN.DLL
+ 2004-08-18 12:00 . 2008-04-14 07:52 507904 d:\windows\system32\dllcache\winlogon.exe
+ 2010-01-09 23:15 . 2010-01-09 23:15 418816 d:\windows\Installer\8197a3.msi
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\shrFiller1_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\ARPPRODUCTICON.exe
+ 2009-01-22 03:14 . 2009-01-22 03:14 1328968 d:\windows\system32\msxml4.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 3833856 d:\windows\system32\cdintf300.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 2352640 d:\windows\Installer\81979f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 ----a-w- d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"OEXPRESS"="d:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-23 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="d:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"pdfFactory Pro Dispatcher v3"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-20 606208]
"mouseElf"="d:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"SNPSTD2"="d:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WinFastDTV"="d:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-01-31 69632]
"WinFast Schedule"="d:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-01-30 397312]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="d:\program files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Genius Multimedia Keyboard Driver.lnk - d:\program files\MediaKey v2.00\Versato.exe [2009-12-25 745984]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Libor\\Data aplikací\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [24.12.2009 22:59 11864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [20.12.2009 19:43 108289]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.1.2010 23:45 236368]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [13.12.2007 22:02 50984]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9.1.2010 23:45 19160]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [20.12.2009 22:31 691696]
S3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFDTV\WFIOCTL.sys [25.12.2009 22:49 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 d:\windows\Tasks\User_Feed_Synchronization-{2FA2815D-27C6-4B3A-91CA-F22156996EDF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF} = 192.168.10.1
TCP: {87F2DEEB-940E-4E4B-B1AA-7652AEF69A16} = 192.168.10.1
FF - ProfilePath - d:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\ybixrucv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 16:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = d:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???Z????:??????\??? ??? ???\???\???????????5?7~e?7~\???\???????p?_??????C@?\???\??????sZ???\??????s\????:??A??s?:???C@?x???`|?w\?????@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="48D76DC5147C679A55D3F7723DA862DB5850E78E48DA43548E7B89AC24FCCEB565799B955B2511E68165BFF6A0821B52C22B01DBE61C4C09EE25E26E8358AD31D119039967E0D9498A7351E9E546F7B5CE62494B8883C923CDB8CE1079C843B4A1A009C5F5933588C5A2D6E3592406822E79553F2EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B5552FDC3D5910C3782E14F8BB503245D97DCC5FDAE7B2F5205BF14384E7ABAF4449B7DBA3685C2C2DCE571EF1DBFE082A0C498B1E3069D7395F580A34FD0745212278CC674517C35B69F4521BBD4957C8DD6DECC833975FBA22A15DAAF607FE4F4B8DFC4359208F96E558792740CC1E0D0C8E9E223D7702E08B2E32A5C002FE8E9E055A095589F7C430DC9C9BF5F9AE2433766505DFF39A3E89D6A5F10D81C6747AE47A9B2C1949A13755E791AF73BF0D7464A55EEFAD68B50E66F5F453C23E6CC12515F4144B333BEE052D370911681BF3096832867A8B018F9C0625CD3831335BAF059F88CBCAF3CF2561CCDBDEA8F65A8ADD1581618D2C062B5C8D7906CD5BB1E64B3D49FE080354E21DA8C81B609BD3045632801FD51A70B924CE1906A8C9349D8B81597CC7F2FB601EB2343A54D9130248C76A2535FC4F62AC1AB2C5B937539C8D35FE0D4AA3CBB143E84764AF54C9884D27E797DCDFA936E8B61108DA34889FBC34C6AE3546CA60925D6C727E83330B23B8654E631D8836EE82C1C04BA0CCD5A9ED7F150E6304E73533D4F7B2338AF52CF414D64366F85A796B9699B0B31F6308E73A2744D3083BF8A6F3B4A1029026ED6AEAEFDA428D0EE87326718F7582E1AFB951FEA5C7E93F4C8282A284660AEC923C2011EB07DAAFBE334B58D5C4FC5C9C90DDE9E84141CA46297D6CF825C092E720B3601E63FA1323D52294D0521953EF2CBFEC24182BAD9E8F23F1805B7FCE605FE43B7AD60D7DDE1B109FB5A5E6B8EADF1A3CD575452833BEF7C5007917D1115A39B1F0B6B02B635437279B17F777F615D343DDD8346D8355453041C25EBAB481FA88522B0C4BC26B850CFCD4E26AA0C71820FE961F293603172DF2CE2C22A75C36395732498132D9A664B861C160968856A6E3D23176138D3CEBA388DC12ED843C6F171B95630FAF8DF81491359FADFBC0DC970A9CE787CECA4F4A3152062BA7A20C938B247CD68F7049B5105D5F5DD850FB8B0B1301A33419EEC1DBEF722B0A41A1ABFCA74CACB0C904A859E3C9C0EC3FF313774BBB1D3D449744F0A03CDB00377BA83B5CC4D7DF57115CBFEF8199180CE667C60305CC80AC4676ABCDBECD74E315B2E6FECE43FA1B88A56933994ACDFAAA24C379BC2F28F532DB1BE9C6B6E5ED1F5AF4D143FC75"
"OODEFRAG10.00.00.01WORKSTATION"="C7EEF17B6E4F8F40C5E8A85A774E2A6355DF2931E5BEE35E8B644CC4EF735A930FA22DF212BE40F853AEBECDB4022344A8DAC6501D55859A15A79597B335445D00381EB39947D37C35E1CF860DAE475FA842CC329A6B26591A6FE596A4CA97317D2D6EE0B97058BA39B8D92732650975B0A4AE9CACB8BF4CA4C3464A4EB5F154DA215B62D6A23328208DEE998796334D8E357399D4D99F2AAE5051FEEDD9498B625BB6E60F2B1ABDA0DD350BA619E0B006C9B678C84E682E29E4B9C2F78161A45042E45B313A1AF7E54BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B555A7F90EB1E7682EBD8441B9638F9EBD34761A85BC7B75FA828CA057773FDB93B1F1614485DBCA28C405ADADD1789A46BBAE781F12696BBBB19A4303AA8899AC09B61FAC20E0C48521FD39A59921E631252178D8F2EB7AABE36F3080E1E9B15A3C9C5B7024B33A3B954F6AA8C58D97E0EB01A33772EB88BA6BB091EF574FF9391660807015E792B385688DF2C394462AAD15C57307A67E4BBD9A54A7AA7BCC5708D2BDBCDAE4394B7ACEB4F165630F57AC3773F9892C4934F7FB2BB05F840B3BA458061DC2E49D51A01C31CADEF811274DD57D6BBAE15C42D7B88CC75BD2145BA467918CFCF5B40D4AFD9ED5CAA8F34B9BF1011BBA00ACB140C7335F6DA6D1A4E30F5B371DFCF3366B34561C259B5EE8C323D713121433B738331C9D420FAB76626DA1039CAE59FA9C16F85FD04B7D1B9793268EA8FEEE7A6A1D8ADA6D7393A442B768835716637A9C8B6B13918A81EF8E81CE7F4F73DF16263683A5678DF978CDB475858D1316CCC912D5DC13FA20E8C13F7B89377C0D175F45D1BD8A69D52DEFC3D506E4D678772A3BA3996194907CEE321A8577F580032AA8049B18EB23F1B852D6B7E36A96F9E62B06D86D2411947855DB0088114650C34E6BE5B0485EEBDBE60D02F7A680444D9CEF5E8DC8600F6438B4B84BD2EFE98AB79D7B5D090C333218CFFE72BAC83BCC5D9A217A75453D5B7ADE25019295AD80FD77ED0A8C32D2B591397C052A0839FB4D024C52F287E6AB54D6EC51FDCD6F4E4C93020684DBCB8795A77E4B4A5A0A12E165BF955E73C4C7105EED4416B876BCE1573182F496126B7740BA4048DD6EED24498F2AA4D984468A7A37C930F5FD3D11E6AA99BA750D4A20E91BC220B69C0EB2F503DA8A0FC9DE37F30FB3F32DB560C2ACCFC5808F19AD0B4F3F99260E3D993D789452A9ECA9721C576BB85F073E5D7057B3E54A7F0748C85EF76C810D6CD80A20F523EACEAD7FD3787B744130B090AA58A1BDEBE399EB7C4CCE47AC66BBB7720109441016D42F0CE81FE2BFDB17F7936717F4915F8990610F7B9AF4CA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1016)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1076)
d:\windows\system32\relog_ap.dll
.
Celkový čas: 2010-01-10 16:42:27
ComboFix-quarantined-files.txt 2010-01-10 15:42
ComboFix2.txt 2010-01-10 09:10
ComboFix3.txt 2010-01-09 20:49
Před spuštěním: Volných bajtů: 33 471 373 312
Po spuštění: Volných bajtů: 33 434 021 888
- - End Of File - - 1CD3C9C07EE7450F85CCCBCFBCC9D301
Re: Kontrola logu combofix
ComboFix 10-01-04.01 - Libor 10.01.2010 16:51:47.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2532 [GMT 1:00]
Omlouvám se tady je výsledek jak jsi mi to psal. Byl jsem rychlejší než tvá odpověď Sorry.
)
Spuštěný z: f:\zaloha_d\Downloads\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Libor\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\Freedom Scientific
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\soft602
2010-01-09 22:45 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:45 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-09 22:07 . 2010-01-10 08:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-01-09 20:10 . 2010-01-09 20:31 -------- d-----w- d:\windows\system32\oodag
2010-01-09 20:07 . 2010-01-09 20:07 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-01-09 19:54 . 2010-01-09 19:54 -------- d-----r- d:\documents and settings\LocalService\Oblíbené položky
2010-01-09 19:26 . 2010-01-09 19:59 -------- d-----w- d:\program files\OO Software
2010-01-06 20:36 . 2010-01-06 20:36 0 ----a-w- d:\windows\nsreg.dat
2010-01-06 13:34 . 2010-01-06 13:34 -------- d-----w- d:\program files\MSXML 4.0
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\Libor\data aplikac??
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\All Users\data aplikac??
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Common Files\Nero
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Nero
2010-01-05 21:27 . 2010-01-05 21:44 -------- d-----w- d:\program files\Zoner
2010-01-03 20:02 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2010-01-03 20:02 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-01-03 20:02 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-01-03 20:02 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-03 20:02 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-01-03 20:02 . 2010-01-03 20:03 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-01-03 19:59 . 2010-01-03 19:59 -------- d-----w- d:\program files\FLVPlayer4Free
2009-12-25 21:56 . 2009-12-25 21:56 -------- d-----w- D:\WinFast WorkArea
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\Common Files\Ulead Systems
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\WinFast
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- d:\program files\CCleaner
2009-12-24 23:25 . 2008-04-14 07:52 54272 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll
2009-12-24 23:25 . 2008-04-14 07:52 54272 ----a-w- d:\windows\system32\vfwwdm32.dll
2009-12-24 23:22 . 2003-09-19 14:45 21248 ----a-w- d:\windows\system32\drivers\pfc.sys
2009-12-24 23:22 . 1995-08-01 03:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-12-24 23:18 . 2002-07-03 10:44 53248 ----a-w- d:\windows\amcap.exe
2009-12-24 23:18 . 2004-08-30 15:37 286720 ----a-w- d:\windows\vsnpstd2.exe
2009-12-24 23:18 . 2004-06-08 17:25 53248 ----a-w- d:\windows\system32\dsnpstd2.dll
2009-12-24 23:17 . 2004-10-14 16:12 347264 ----a-w- d:\windows\system32\drivers\snpstd2.sys
2009-12-24 23:17 . 2004-09-24 15:24 57344 ----a-w- d:\windows\system32\rsnpstd2.dll
2009-12-24 23:17 . 2004-09-24 12:52 36864 ----a-w- d:\windows\system32\vsnpstd2.dll
2009-12-24 23:17 . 2004-02-16 12:59 61440 ----a-w- d:\windows\system32\csnpstd2.dll
2009-12-24 23:17 . 2009-12-24 23:17 -------- d-----w- d:\program files\Trust
2009-12-24 23:17 . 2004-06-09 15:00 20480 ----a-w- d:\windows\usnpstd2.exe
2009-12-24 23:13 . 2009-12-24 23:13 -------- d-----w- d:\program files\MediaKey v2.00
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- d:\program files\KYE
2009-12-24 23:11 . 2002-05-17 13:35 6656 ----a-w- d:\windows\system32\drivers\gmfiltr.sys
2009-12-24 23:11 . 2001-09-14 08:29 4096 ----a-w- d:\windows\system32\drivers\gmcoinst.dll
2009-12-24 21:59 . 2000-09-25 15:02 11864 ----a-w- d:\windows\system32\drivers\kbfilter.sys
2009-12-24 21:59 . 2009-12-24 22:33 -------- d-----w- d:\program files\Genius Multimedia Keyboard Driver
2009-12-24 21:14 . 1997-12-23 01:00 5600 ----a-w- d:\windows\system\WINASPI.DLL
2009-12-24 21:14 . 1997-12-23 01:00 48128 ----a-w- d:\windows\system32\WNASPI32.DLL
2009-12-24 21:14 . 1997-12-23 01:00 4672 ----a-w- d:\windows\system\WOWPOST.EXE
2009-12-24 21:14 . 1997-12-23 01:00 23936 ----a-w- d:\windows\system32\drivers\ASPI32.SYS
2009-12-24 15:23 . 2009-09-23 09:51 282624 ------w- d:\windows\system32\fppr332.dll
2009-12-24 15:23 . 2009-09-20 13:27 389120 ------w- d:\windows\system32\fppmon3.dll
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-12-24 15:14 . 2009-08-19 22:50 22872 ----a-r- d:\windows\system32\AdobePDFUI.dll
2009-12-24 15:14 . 2009-08-19 22:50 46928 ----a-r- d:\windows\system32\AdobePDF.dll
2009-12-24 15:11 . 2009-12-26 22:35 -------- d-----w- d:\program files\Common Files\Adobe
2009-12-23 18:35 . 2009-12-23 18:37 -------- d-----w- D:\TRANSLAT
2009-12-23 18:21 . 2009-12-23 18:21 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2009-12-23 18:21 . 2009-12-23 18:21 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2009-12-23 18:21 . 2009-12-23 18:21 129248 ----a-w- d:\windows\system32\drivers\snapman.sys
2009-12-23 18:20 . 2009-12-23 18:20 368736 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Common Files\Acronis
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Acronis
2009-12-23 18:16 . 2009-12-23 18:16 -------- d-----w- D:\d29a712d75c390c652de0a
2009-12-23 18:16 . 2009-12-23 18:22 -------- d-----w- d:\windows\SxsCaPendDel
2009-12-22 18:31 . 2009-12-22 18:31 -------- d-----w- d:\program files\Microsoft Silverlight
2009-12-22 18:27 . 2009-12-23 18:16 -------- d-----w- d:\windows\system32\XPSViewer
2009-12-22 18:27 . 2009-12-22 18:27 -------- d-----w- d:\program files\Reference Assemblies
2009-12-22 18:27 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-22 18:27 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-12-22 18:13 . 2009-12-22 18:13 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-22 18:10 . 2009-09-29 20:15 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-22 17:02 . 2009-12-22 17:02 -------- d-----w- d:\program files\Marvell
2009-12-22 16:57 . 2008-08-01 15:46 122880 ----a-w- d:\windows\system32\NVCOSMB.DLL
2009-12-22 16:50 . 2009-12-22 18:11 -------- d-----w- d:\program files\ATI Technologies
2009-12-22 16:50 . 2009-12-22 16:53 -------- d-----w- d:\program files\ATI
2009-12-21 23:18 . 2009-12-21 23:19 -------- d-----w- d:\program files\Common Files\Macromedia
2009-12-21 23:16 . 2009-12-21 23:16 -------- d-----w- d:\windows\Downloaded Installations
2009-12-21 22:21 . 2004-06-14 13:56 427864 ----a-w- d:\windows\system32\XceedZip.dll
2009-12-21 22:21 . 2009-12-21 22:21 -------- d-----w- d:\program files\Driver-Soft
2009-12-21 20:26 . 2009-12-21 20:26 -------- d-----w- d:\program files\iXi Tools
2009-12-21 17:21 . 2009-12-21 17:21 -------- d-----w- d:\program files\Flat Panel Adjust
2009-12-21 17:20 . 2009-12-21 17:20 -------- d-----w- d:\documents and settings\Libor\WINDOWS
2009-12-20 21:42 . 2009-12-20 21:42 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:31 . 2009-12-20 21:42 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-12-20 20:51 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-12-20 20:51 . 2009-08-06 18:23 215920 ----a-w- d:\windows\system32\muweb.dll
2009-12-20 20:40 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-12-20 20:40 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-20 20:39 . 2009-12-21 17:56 -------- d-----w- d:\program files\Microsoft Works
2009-12-20 20:39 . 2009-12-20 20:39 -------- d-----w- d:\program files\MSBuild
2009-12-20 20:36 . 2009-12-20 20:38 -------- d-----w- d:\windows\SHELLNEW
2009-12-20 20:35 . 2009-12-20 20:35 -------- d-----r- D:\MSOCache
2009-12-20 20:04 . 2009-12-20 20:04 -------- d-----w- d:\program files\Windows Media Connect 2
2009-12-20 20:03 . 2009-12-20 20:04 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-12-20 20:03 . 2009-12-20 20:03 -------- d-----w- d:\windows\system32\LogFiles
2009-12-20 19:56 . 2002-07-19 02:56 270336 ----a-w- d:\windows\system32\SFMS32.DLL
2009-12-20 19:55 . 1999-12-13 00:01 44032 ----a-w- d:\windows\system32\CTSVCCDA.EXE
2009-12-20 19:55 . 1999-11-18 00:00 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2009-12-20 19:55 . 2009-12-20 19:55 -------- d-----w- D:\Media
2009-12-20 19:55 . 2001-09-13 00:12 73728 ------w- d:\windows\system32\CTDrmRes.dll
2009-12-20 19:55 . 2001-05-04 09:29 28672 ------w- d:\windows\system32\CTIntRes.dll
2009-12-20 19:55 . 2001-03-30 01:00 62976 ------w- d:\windows\system32\CTDetres.dll
2009-12-20 19:55 . 2000-04-20 00:00 24576 ------w- d:\windows\system32\CTMERes.DLL
2009-12-20 19:55 . 2002-02-20 03:00 331776 ------w- d:\windows\system32\CTMedEng.dll
2009-12-20 19:55 . 2002-01-22 01:12 163840 ------w- d:\windows\system32\CTDRMUI.dll
2009-12-20 19:55 . 1998-10-20 08:05 54784 ------w- d:\windows\system32\Inetwh32.dll
2009-12-20 19:54 . 2001-05-28 12:47 12288 ----a-w- d:\windows\system32\AHQCpURes.dll
2009-12-20 19:54 . 2009-12-25 21:49 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-20 19:53 . 1999-10-11 01:01 41984 ------w- d:\windows\CTRegRun.exe
2009-12-20 19:53 . 2009-12-20 20:00 -------- d-----w- d:\program files\Creative
2009-12-20 19:53 . 1999-12-17 00:00 6752 ------w- d:\windows\system32\PFMODNT.SYS
2009-12-20 19:36 . 2008-06-14 17:35 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-12-20 19:36 . 2009-06-21 21:48 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2009-12-20 19:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-12-20 19:35 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-12-20 19:35 . 2008-04-11 19:06 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-12-20 19:35 . 2009-07-10 13:28 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:12 . 2004-08-18 12:00 77850 ----a-w- d:\windows\system32\perfc005.dat
2009-12-24 14:12 . 2004-08-18 12:00 428744 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 18:44 . 2009-12-20 18:43 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 19:53 . 2009-12-20 18:29 -------- d-----w- d:\program files\Common Files\InstallShield
2009-12-20 19:32 . 2009-12-20 19:32 -------- d--h--w- d:\program files\CanonBJ
2009-12-20 18:56 . 2009-12-20 18:06 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:56 . 2009-12-20 18:06 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-20 18:56 . 2009-12-20 18:07 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-20 18:43 . 2009-12-20 18:43 -------- d-----w- d:\program files\Avira
2009-12-20 18:31 . 2009-12-20 18:31 -------- d-----w- d:\program files\Gigabyte
2009-12-20 18:07 . 2009-12-20 18:07 -------- d-----w- d:\program files\microsoft frontpage
2009-12-20 18:04 . 2009-12-20 18:04 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- d:\windows\system32\wininet.dll
2009-10-21 09:22 . 2009-10-21 09:22 364544 ----a-w- d:\windows\system32\yk51x86.dll
2009-10-21 09:22 . 2009-10-21 09:22 298752 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- d:\windows\system32\oakley.dll
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\ERDNT\cache\lsass.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 \RP63\A0022978.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\ERDNT\cache\services.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 \RP63\A0022982.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\ERDNT\cache\spoolsv.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 \RP63\A0022983.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\ERDNT\cache\svchost.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 \RP63\A0023000.exe
d:\windows\system32\dllcache\services.exe [x]
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021951.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\dllcache\winlogon.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022924.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022925.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\system32\lsass.exe
[7] 82A362FE1D4980B71B588D9C10748511 13312 \RP4\A0002163.exe
\RP63\A0022783.exe [x]
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\system32\services.exe
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021952.exe
\RP63\A0022784.exe [x]
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\system32\spoolsv.exe
[7] 21B6FAA88044A41640E03EBB68BE93E8 57856 \RP4\A0001859.exe
[-] C5A3F4F3EF18F50040921C29B12C8A73 58880 \RP63\A0022786.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\system32\svchost.exe
[7] DFBA2915B0BF58ABB288CD4C9318CB3F 14336 \RP4\A0001836.exe
\RP63\A0022785.exe [x]
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\winlogon.exe
[7] 221C29AE1B4CC61D11D8B27DE78B2307 502272 \RP4\A0003528.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP61\A0021950.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-09_20.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 03:16 . 2009-01-22 03:16 88904 d:\windows\system32\msxml4r.dll
+ 2009-03-25 10:43 . 2009-03-25 10:43 44544 d:\windows\system32\msxml4a.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut31_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut3_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_CA3F6736196D49668BD5097CC47A5C65.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut1_3575D6B9E84F4FD591F78BFF09FFF450.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 8854 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\Uninstall_602XML_F_DA564D32E3614401A2BB7B7E5BC41DD2.exe
+ 2008-10-01 11:29 . 2008-10-01 11:29 749605 d:\windows\system32\spool\drivers\w32x86\3\acpdfui301.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 633299 d:\windows\system32\spool\drivers\w32x86\3\acpdf301.dll
+ 2009-05-05 09:35 . 2009-05-05 09:35 132232 d:\windows\system32\GDTWAIN.DLL
+ 2010-01-09 23:15 . 2010-01-09 23:15 418816 d:\windows\Installer\8197a3.msi
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\shrFiller1_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\ARPPRODUCTICON.exe
+ 2009-01-22 03:14 . 2009-01-22 03:14 1328968 d:\windows\system32\msxml4.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 3833856 d:\windows\system32\cdintf300.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 2352640 d:\windows\Installer\81979f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 ----a-w- d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"OEXPRESS"="d:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-23 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="d:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"pdfFactory Pro Dispatcher v3"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-20 606208]
"mouseElf"="d:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"SNPSTD2"="d:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WinFastDTV"="d:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-01-31 69632]
"WinFast Schedule"="d:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-01-30 397312]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="d:\program files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Genius Multimedia Keyboard Driver.lnk - d:\program files\MediaKey v2.00\Versato.exe [2009-12-25 745984]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Libor\\Data aplikací\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [20.12.2009 22:31 691696]
R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [24.12.2009 22:59 11864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [20.12.2009 19:43 108289]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.1.2010 23:45 236368]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [13.12.2007 22:02 50984]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9.1.2010 23:45 19160]
R3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFDTV\WFIOCTL.sys [25.12.2009 22:49 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 d:\windows\Tasks\User_Feed_Synchronization-{2FA2815D-27C6-4B3A-91CA-F22156996EDF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF} = 192.168.10.1
TCP: {87F2DEEB-940E-4E4B-B1AA-7652AEF69A16} = 192.168.10.1
FF - ProfilePath - d:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\ybixrucv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:04
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = d:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????:??????\??? ??? ???\???\???????????5?7~e?7~\???\?????????a??????C@?\???\??????s????\??????s\????:??A??s?:???C@?x???`|?w\?????@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A4C61F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9df8b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ceabb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cf7a21
SendHandler -> NDIS.sys @ 0xb9cd587b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="48D76DC5147C679A55D3F7723DA862DB5850E78E48DA43548E7B89AC24FCCEB565799B955B2511E68165BFF6A0821B52C22B01DBE61C4C09EE25E26E8358AD31D119039967E0D9498A7351E9E546F7B5CE62494B8883C923CDB8CE1079C843B4A1A009C5F5933588C5A2D6E3592406822E79553F2EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B5552FDC3D5910C3782E14F8BB503245D97DCC5FDAE7B2F5205BF14384E7ABAF4449B7DBA3685C2C2DCE571EF1DBFE082A0C498B1E3069D7395F580A34FD0745212278CC674517C35B69F4521BBD4957C8DD6DECC833975FBA22A15DAAF607FE4F4B8DFC4359208F96E558792740CC1E0D0C8E9E223D7702E08B2E32A5C002FE8E9E055A095589F7C430DC9C9BF5F9AE2433766505DFF39A3E89D6A5F10D81C6747AE47A9B2C1949A13755E791AF73BF0D7464A55EEFAD68B50E66F5F453C23E6CC12515F4144B333BEE052D370911681BF3096832867A8B018F9C0625CD3831335BAF059F88CBCAF3CF2561CCDBDEA8F65A8ADD1581618D2C062B5C8D7906CD5BB1E64B3D49FE080354E21DA8C81B609BD3045632801FD51A70B924CE1906A8C9349D8B81597CC7F2FB601EB2343A54D9130248C76A2535FC4F62AC1AB2C5B937539C8D35FE0D4AA3CBB143E84764AF54C9884D27E797DCDFA936E8B61108DA34889FBC34C6AE3546CA60925D6C727E83330B23B8654E631D8836EE82C1C04BA0CCD5A9ED7F150E6304E73533D4F7B2338AF52CF414D64366F85A796B9699B0B31F6308E73A2744D3083BF8A6F3B4A1029026ED6AEAEFDA428D0EE87326718F7582E1AFB951FEA5C7E93F4C8282A284660AEC923C2011EB07DAAFBE334B58D5C4FC5C9C90DDE9E84141CA46297D6CF825C092E720B3601E63FA1323D52294D0521953EF2CBFEC24182BAD9E8F23F1805B7FCE605FE43B7AD60D7DDE1B109FB5A5E6B8EADF1A3CD575452833BEF7C5007917D1115A39B1F0B6B02B635437279B17F777F615D343DDD8346D8355453041C25EBAB481FA88522B0C4BC26B850CFCD4E26AA0C71820FE961F293603172DF2CE2C22A75C36395732498132D9A664B861C160968856A6E3D23176138D3CEBA388DC12ED843C6F171B95630FAF8DF81491359FADFBC0DC970A9CE787CECA4F4A3152062BA7A20C938B247CD68F7049B5105D5F5DD850FB8B0B1301A33419EEC1DBEF722B0A41A1ABFCA74CACB0C904A859E3C9C0EC3FF313774BBB1D3D449744F0A03CDB00377BA83B5CC4D7DF57115CBFEF8199180CE667C60305CC80AC4676ABCDBECD74E315B2E6FECE43FA1B88A56933994ACDFAAA24C379BC2F28F532DB1BE9C6B6E5ED1F5AF4D143FC75"
"OODEFRAG10.00.00.01WORKSTATION"="C7EEF17B6E4F8F40C5E8A85A774E2A6355DF2931E5BEE35E8B644CC4EF735A930FA22DF212BE40F853AEBECDB4022344A8DAC6501D55859A15A79597B335445D00381EB39947D37C35E1CF860DAE475FA842CC329A6B26591A6FE596A4CA97317D2D6EE0B97058BA39B8D92732650975B0A4AE9CACB8BF4CA4C3464A4EB5F154DA215B62D6A23328208DEE998796334D8E357399D4D99F2AAE5051FEEDD9498B625BB6E60F2B1ABDA0DD350BA619E0B006C9B678C84E682E29E4B9C2F78161A45042E45B313A1AF7E54BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B555A7F90EB1E7682EBD8441B9638F9EBD34761A85BC7B75FA828CA057773FDB93B1F1614485DBCA28C405ADADD1789A46BBAE781F12696BBBB19A4303AA8899AC09B61FAC20E0C48521FD39A59921E631252178D8F2EB7AABE36F3080E1E9B15A3C9C5B7024B33A3B954F6AA8C58D97E0EB01A33772EB88BA6BB091EF574FF9391660807015E792B385688DF2C394462AAD15C57307A67E4BBD9A54A7AA7BCC5708D2BDBCDAE4394B7ACEB4F165630F57AC3773F9892C4934F7FB2BB05F840B3BA458061DC2E49D51A01C31CADEF811274DD57D6BBAE15C42D7B88CC75BD2145BA467918CFCF5B40D4AFD9ED5CAA8F34B9BF1011BBA00ACB140C7335F6DA6D1A4E30F5B371DFCF3366B34561C259B5EE8C323D713121433B738331C9D420FAB76626DA1039CAE59FA9C16F85FD04B7D1B9793268EA8FEEE7A6A1D8ADA6D7393A442B768835716637A9C8B6B13918A81EF8E81CE7F4F73DF16263683A5678DF978CDB475858D1316CCC912D5DC13FA20E8C13F7B89377C0D175F45D1BD8A69D52DEFC3D506E4D678772A3BA3996194907CEE321A8577F580032AA8049B18EB23F1B852D6B7E36A96F9E62B06D86D2411947855DB0088114650C34E6BE5B0485EEBDBE60D02F7A680444D9CEF5E8DC8600F6438B4B84BD2EFE98AB79D7B5D090C333218CFFE72BAC83BCC5D9A217A75453D5B7ADE25019295AD80FD77ED0A8C32D2B591397C052A0839FB4D024C52F287E6AB54D6EC51FDCD6F4E4C93020684DBCB8795A77E4B4A5A0A12E165BF955E73C4C7105EED4416B876BCE1573182F496126B7740BA4048DD6EED24498F2AA4D984468A7A37C930F5FD3D11E6AA99BA750D4A20E91BC220B69C0EB2F503DA8A0FC9DE37F30FB3F32DB560C2ACCFC5808F19AD0B4F3F99260E3D993D789452A9ECA9721C576BB85F073E5D7057B3E54A7F0748C85EF76C810D6CD80A20F523EACEAD7FD3787B744130B090AA58A1BDEBE399EB7C4CCE47AC66BBB7720109441016D42F0CE81FE2BFDB17F7936717F4915F8990610F7B9AF4CA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1040)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1100)
d:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(3416)
d:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
d:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\windows\system32\CTsvcCDA.exe
d:\program files\Canon\IJPLM\IJPLMSVC.EXE
d:\program files\Nero\Nero8\InCD\InCDsrv.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\windows\system32\oodag.exe
d:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
d:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\windows\system32\MsPMSPSv.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
d:\program files\MediaKey v2.00\OSD.EXE
d:\program files\Common Files\Nero\Lib\NMIndexingService.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2010-01-10 17:07:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-10 16:07
ComboFix2.txt 2010-01-10 15:42
ComboFix3.txt 2010-01-10 09:10
ComboFix4.txt 2010-01-09 20:49
Před spuštěním: Volných bajtů: 33 441 976 320
Po spuštění: Volných bajtů: 33 401 364 480
- - End Of File - - 4ED7CA228B49C3E7A237FF86E8E7C0D5
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2532 [GMT 1:00]
Omlouvám se tady je výsledek jak jsi mi to psal. Byl jsem rychlejší než tvá odpověď Sorry.
)Spuštěný z: f:\zaloha_d\Downloads\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Libor\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\Freedom Scientific
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\soft602
2010-01-09 22:45 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:45 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-09 22:07 . 2010-01-10 08:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-01-09 20:10 . 2010-01-09 20:31 -------- d-----w- d:\windows\system32\oodag
2010-01-09 20:07 . 2010-01-09 20:07 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-01-09 19:54 . 2010-01-09 19:54 -------- d-----r- d:\documents and settings\LocalService\Oblíbené položky
2010-01-09 19:26 . 2010-01-09 19:59 -------- d-----w- d:\program files\OO Software
2010-01-06 20:36 . 2010-01-06 20:36 0 ----a-w- d:\windows\nsreg.dat
2010-01-06 13:34 . 2010-01-06 13:34 -------- d-----w- d:\program files\MSXML 4.0
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\Libor\data aplikac??
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\All Users\data aplikac??
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Common Files\Nero
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Nero
2010-01-05 21:27 . 2010-01-05 21:44 -------- d-----w- d:\program files\Zoner
2010-01-03 20:02 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2010-01-03 20:02 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-01-03 20:02 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-01-03 20:02 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-03 20:02 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-01-03 20:02 . 2010-01-03 20:03 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-01-03 19:59 . 2010-01-03 19:59 -------- d-----w- d:\program files\FLVPlayer4Free
2009-12-25 21:56 . 2009-12-25 21:56 -------- d-----w- D:\WinFast WorkArea
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\Common Files\Ulead Systems
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\WinFast
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- d:\program files\CCleaner
2009-12-24 23:25 . 2008-04-14 07:52 54272 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll
2009-12-24 23:25 . 2008-04-14 07:52 54272 ----a-w- d:\windows\system32\vfwwdm32.dll
2009-12-24 23:22 . 2003-09-19 14:45 21248 ----a-w- d:\windows\system32\drivers\pfc.sys
2009-12-24 23:22 . 1995-08-01 03:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-12-24 23:18 . 2002-07-03 10:44 53248 ----a-w- d:\windows\amcap.exe
2009-12-24 23:18 . 2004-08-30 15:37 286720 ----a-w- d:\windows\vsnpstd2.exe
2009-12-24 23:18 . 2004-06-08 17:25 53248 ----a-w- d:\windows\system32\dsnpstd2.dll
2009-12-24 23:17 . 2004-10-14 16:12 347264 ----a-w- d:\windows\system32\drivers\snpstd2.sys
2009-12-24 23:17 . 2004-09-24 15:24 57344 ----a-w- d:\windows\system32\rsnpstd2.dll
2009-12-24 23:17 . 2004-09-24 12:52 36864 ----a-w- d:\windows\system32\vsnpstd2.dll
2009-12-24 23:17 . 2004-02-16 12:59 61440 ----a-w- d:\windows\system32\csnpstd2.dll
2009-12-24 23:17 . 2009-12-24 23:17 -------- d-----w- d:\program files\Trust
2009-12-24 23:17 . 2004-06-09 15:00 20480 ----a-w- d:\windows\usnpstd2.exe
2009-12-24 23:13 . 2009-12-24 23:13 -------- d-----w- d:\program files\MediaKey v2.00
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- d:\program files\KYE
2009-12-24 23:11 . 2002-05-17 13:35 6656 ----a-w- d:\windows\system32\drivers\gmfiltr.sys
2009-12-24 23:11 . 2001-09-14 08:29 4096 ----a-w- d:\windows\system32\drivers\gmcoinst.dll
2009-12-24 21:59 . 2000-09-25 15:02 11864 ----a-w- d:\windows\system32\drivers\kbfilter.sys
2009-12-24 21:59 . 2009-12-24 22:33 -------- d-----w- d:\program files\Genius Multimedia Keyboard Driver
2009-12-24 21:14 . 1997-12-23 01:00 5600 ----a-w- d:\windows\system\WINASPI.DLL
2009-12-24 21:14 . 1997-12-23 01:00 48128 ----a-w- d:\windows\system32\WNASPI32.DLL
2009-12-24 21:14 . 1997-12-23 01:00 4672 ----a-w- d:\windows\system\WOWPOST.EXE
2009-12-24 21:14 . 1997-12-23 01:00 23936 ----a-w- d:\windows\system32\drivers\ASPI32.SYS
2009-12-24 15:23 . 2009-09-23 09:51 282624 ------w- d:\windows\system32\fppr332.dll
2009-12-24 15:23 . 2009-09-20 13:27 389120 ------w- d:\windows\system32\fppmon3.dll
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-12-24 15:14 . 2009-08-19 22:50 22872 ----a-r- d:\windows\system32\AdobePDFUI.dll
2009-12-24 15:14 . 2009-08-19 22:50 46928 ----a-r- d:\windows\system32\AdobePDF.dll
2009-12-24 15:11 . 2009-12-26 22:35 -------- d-----w- d:\program files\Common Files\Adobe
2009-12-23 18:35 . 2009-12-23 18:37 -------- d-----w- D:\TRANSLAT
2009-12-23 18:21 . 2009-12-23 18:21 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2009-12-23 18:21 . 2009-12-23 18:21 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2009-12-23 18:21 . 2009-12-23 18:21 129248 ----a-w- d:\windows\system32\drivers\snapman.sys
2009-12-23 18:20 . 2009-12-23 18:20 368736 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Common Files\Acronis
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Acronis
2009-12-23 18:16 . 2009-12-23 18:16 -------- d-----w- D:\d29a712d75c390c652de0a
2009-12-23 18:16 . 2009-12-23 18:22 -------- d-----w- d:\windows\SxsCaPendDel
2009-12-22 18:31 . 2009-12-22 18:31 -------- d-----w- d:\program files\Microsoft Silverlight
2009-12-22 18:27 . 2009-12-23 18:16 -------- d-----w- d:\windows\system32\XPSViewer
2009-12-22 18:27 . 2009-12-22 18:27 -------- d-----w- d:\program files\Reference Assemblies
2009-12-22 18:27 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-22 18:27 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-12-22 18:13 . 2009-12-22 18:13 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-22 18:10 . 2009-09-29 20:15 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-22 17:02 . 2009-12-22 17:02 -------- d-----w- d:\program files\Marvell
2009-12-22 16:57 . 2008-08-01 15:46 122880 ----a-w- d:\windows\system32\NVCOSMB.DLL
2009-12-22 16:50 . 2009-12-22 18:11 -------- d-----w- d:\program files\ATI Technologies
2009-12-22 16:50 . 2009-12-22 16:53 -------- d-----w- d:\program files\ATI
2009-12-21 23:18 . 2009-12-21 23:19 -------- d-----w- d:\program files\Common Files\Macromedia
2009-12-21 23:16 . 2009-12-21 23:16 -------- d-----w- d:\windows\Downloaded Installations
2009-12-21 22:21 . 2004-06-14 13:56 427864 ----a-w- d:\windows\system32\XceedZip.dll
2009-12-21 22:21 . 2009-12-21 22:21 -------- d-----w- d:\program files\Driver-Soft
2009-12-21 20:26 . 2009-12-21 20:26 -------- d-----w- d:\program files\iXi Tools
2009-12-21 17:21 . 2009-12-21 17:21 -------- d-----w- d:\program files\Flat Panel Adjust
2009-12-21 17:20 . 2009-12-21 17:20 -------- d-----w- d:\documents and settings\Libor\WINDOWS
2009-12-20 21:42 . 2009-12-20 21:42 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:31 . 2009-12-20 21:42 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-12-20 20:51 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-12-20 20:51 . 2009-08-06 18:23 215920 ----a-w- d:\windows\system32\muweb.dll
2009-12-20 20:40 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-12-20 20:40 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-20 20:39 . 2009-12-21 17:56 -------- d-----w- d:\program files\Microsoft Works
2009-12-20 20:39 . 2009-12-20 20:39 -------- d-----w- d:\program files\MSBuild
2009-12-20 20:36 . 2009-12-20 20:38 -------- d-----w- d:\windows\SHELLNEW
2009-12-20 20:35 . 2009-12-20 20:35 -------- d-----r- D:\MSOCache
2009-12-20 20:04 . 2009-12-20 20:04 -------- d-----w- d:\program files\Windows Media Connect 2
2009-12-20 20:03 . 2009-12-20 20:04 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-12-20 20:03 . 2009-12-20 20:03 -------- d-----w- d:\windows\system32\LogFiles
2009-12-20 19:56 . 2002-07-19 02:56 270336 ----a-w- d:\windows\system32\SFMS32.DLL
2009-12-20 19:55 . 1999-12-13 00:01 44032 ----a-w- d:\windows\system32\CTSVCCDA.EXE
2009-12-20 19:55 . 1999-11-18 00:00 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2009-12-20 19:55 . 2009-12-20 19:55 -------- d-----w- D:\Media
2009-12-20 19:55 . 2001-09-13 00:12 73728 ------w- d:\windows\system32\CTDrmRes.dll
2009-12-20 19:55 . 2001-05-04 09:29 28672 ------w- d:\windows\system32\CTIntRes.dll
2009-12-20 19:55 . 2001-03-30 01:00 62976 ------w- d:\windows\system32\CTDetres.dll
2009-12-20 19:55 . 2000-04-20 00:00 24576 ------w- d:\windows\system32\CTMERes.DLL
2009-12-20 19:55 . 2002-02-20 03:00 331776 ------w- d:\windows\system32\CTMedEng.dll
2009-12-20 19:55 . 2002-01-22 01:12 163840 ------w- d:\windows\system32\CTDRMUI.dll
2009-12-20 19:55 . 1998-10-20 08:05 54784 ------w- d:\windows\system32\Inetwh32.dll
2009-12-20 19:54 . 2001-05-28 12:47 12288 ----a-w- d:\windows\system32\AHQCpURes.dll
2009-12-20 19:54 . 2009-12-25 21:49 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-20 19:53 . 1999-10-11 01:01 41984 ------w- d:\windows\CTRegRun.exe
2009-12-20 19:53 . 2009-12-20 20:00 -------- d-----w- d:\program files\Creative
2009-12-20 19:53 . 1999-12-17 00:00 6752 ------w- d:\windows\system32\PFMODNT.SYS
2009-12-20 19:36 . 2008-06-14 17:35 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-12-20 19:36 . 2009-06-21 21:48 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2009-12-20 19:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-12-20 19:35 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-12-20 19:35 . 2008-04-11 19:06 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-12-20 19:35 . 2009-07-10 13:28 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:12 . 2004-08-18 12:00 77850 ----a-w- d:\windows\system32\perfc005.dat
2009-12-24 14:12 . 2004-08-18 12:00 428744 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 18:44 . 2009-12-20 18:43 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 19:53 . 2009-12-20 18:29 -------- d-----w- d:\program files\Common Files\InstallShield
2009-12-20 19:32 . 2009-12-20 19:32 -------- d--h--w- d:\program files\CanonBJ
2009-12-20 18:56 . 2009-12-20 18:06 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:56 . 2009-12-20 18:06 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-20 18:56 . 2009-12-20 18:07 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-20 18:43 . 2009-12-20 18:43 -------- d-----w- d:\program files\Avira
2009-12-20 18:31 . 2009-12-20 18:31 -------- d-----w- d:\program files\Gigabyte
2009-12-20 18:07 . 2009-12-20 18:07 -------- d-----w- d:\program files\microsoft frontpage
2009-12-20 18:04 . 2009-12-20 18:04 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- d:\windows\system32\wininet.dll
2009-10-21 09:22 . 2009-10-21 09:22 364544 ----a-w- d:\windows\system32\yk51x86.dll
2009-10-21 09:22 . 2009-10-21 09:22 298752 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- d:\windows\system32\oakley.dll
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\ERDNT\cache\lsass.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 \RP63\A0022978.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\ERDNT\cache\services.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 \RP63\A0022982.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\ERDNT\cache\spoolsv.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 \RP63\A0022983.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\ERDNT\cache\svchost.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 \RP63\A0023000.exe
d:\windows\system32\dllcache\services.exe [x]
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021951.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\dllcache\winlogon.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022924.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022925.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\system32\lsass.exe
[7] 82A362FE1D4980B71B588D9C10748511 13312 \RP4\A0002163.exe
\RP63\A0022783.exe [x]
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\system32\services.exe
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021952.exe
\RP63\A0022784.exe [x]
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\system32\spoolsv.exe
[7] 21B6FAA88044A41640E03EBB68BE93E8 57856 \RP4\A0001859.exe
[-] C5A3F4F3EF18F50040921C29B12C8A73 58880 \RP63\A0022786.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\system32\svchost.exe
[7] DFBA2915B0BF58ABB288CD4C9318CB3F 14336 \RP4\A0001836.exe
\RP63\A0022785.exe [x]
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\winlogon.exe
[7] 221C29AE1B4CC61D11D8B27DE78B2307 502272 \RP4\A0003528.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP61\A0021950.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-09_20.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 03:16 . 2009-01-22 03:16 88904 d:\windows\system32\msxml4r.dll
+ 2009-03-25 10:43 . 2009-03-25 10:43 44544 d:\windows\system32\msxml4a.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut31_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut3_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_CA3F6736196D49668BD5097CC47A5C65.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut1_3575D6B9E84F4FD591F78BFF09FFF450.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 8854 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\Uninstall_602XML_F_DA564D32E3614401A2BB7B7E5BC41DD2.exe
+ 2008-10-01 11:29 . 2008-10-01 11:29 749605 d:\windows\system32\spool\drivers\w32x86\3\acpdfui301.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 633299 d:\windows\system32\spool\drivers\w32x86\3\acpdf301.dll
+ 2009-05-05 09:35 . 2009-05-05 09:35 132232 d:\windows\system32\GDTWAIN.DLL
+ 2010-01-09 23:15 . 2010-01-09 23:15 418816 d:\windows\Installer\8197a3.msi
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\shrFiller1_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\ARPPRODUCTICON.exe
+ 2009-01-22 03:14 . 2009-01-22 03:14 1328968 d:\windows\system32\msxml4.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 3833856 d:\windows\system32\cdintf300.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 2352640 d:\windows\Installer\81979f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 ----a-w- d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"OEXPRESS"="d:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-23 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="d:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"pdfFactory Pro Dispatcher v3"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-20 606208]
"mouseElf"="d:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"SNPSTD2"="d:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WinFastDTV"="d:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-01-31 69632]
"WinFast Schedule"="d:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-01-30 397312]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="d:\program files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Genius Multimedia Keyboard Driver.lnk - d:\program files\MediaKey v2.00\Versato.exe [2009-12-25 745984]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Libor\\Data aplikací\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [20.12.2009 22:31 691696]
R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [24.12.2009 22:59 11864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [20.12.2009 19:43 108289]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.1.2010 23:45 236368]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [13.12.2007 22:02 50984]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9.1.2010 23:45 19160]
R3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFDTV\WFIOCTL.sys [25.12.2009 22:49 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 d:\windows\Tasks\User_Feed_Synchronization-{2FA2815D-27C6-4B3A-91CA-F22156996EDF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF} = 192.168.10.1
TCP: {87F2DEEB-940E-4E4B-B1AA-7652AEF69A16} = 192.168.10.1
FF - ProfilePath - d:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\ybixrucv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:04
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = d:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????:??????\??? ??? ???\???\???????????5?7~e?7~\???\?????????a??????C@?\???\??????s????\??????s\????:??A??s?:???C@?x???`|?w\?????@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A4C61F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9df8b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ceabb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cf7a21
SendHandler -> NDIS.sys @ 0xb9cd587b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="48D76DC5147C679A55D3F7723DA862DB5850E78E48DA43548E7B89AC24FCCEB565799B955B2511E68165BFF6A0821B52C22B01DBE61C4C09EE25E26E8358AD31D119039967E0D9498A7351E9E546F7B5CE62494B8883C923CDB8CE1079C843B4A1A009C5F5933588C5A2D6E3592406822E79553F2EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B5552FDC3D5910C3782E14F8BB503245D97DCC5FDAE7B2F5205BF14384E7ABAF4449B7DBA3685C2C2DCE571EF1DBFE082A0C498B1E3069D7395F580A34FD0745212278CC674517C35B69F4521BBD4957C8DD6DECC833975FBA22A15DAAF607FE4F4B8DFC4359208F96E558792740CC1E0D0C8E9E223D7702E08B2E32A5C002FE8E9E055A095589F7C430DC9C9BF5F9AE2433766505DFF39A3E89D6A5F10D81C6747AE47A9B2C1949A13755E791AF73BF0D7464A55EEFAD68B50E66F5F453C23E6CC12515F4144B333BEE052D370911681BF3096832867A8B018F9C0625CD3831335BAF059F88CBCAF3CF2561CCDBDEA8F65A8ADD1581618D2C062B5C8D7906CD5BB1E64B3D49FE080354E21DA8C81B609BD3045632801FD51A70B924CE1906A8C9349D8B81597CC7F2FB601EB2343A54D9130248C76A2535FC4F62AC1AB2C5B937539C8D35FE0D4AA3CBB143E84764AF54C9884D27E797DCDFA936E8B61108DA34889FBC34C6AE3546CA60925D6C727E83330B23B8654E631D8836EE82C1C04BA0CCD5A9ED7F150E6304E73533D4F7B2338AF52CF414D64366F85A796B9699B0B31F6308E73A2744D3083BF8A6F3B4A1029026ED6AEAEFDA428D0EE87326718F7582E1AFB951FEA5C7E93F4C8282A284660AEC923C2011EB07DAAFBE334B58D5C4FC5C9C90DDE9E84141CA46297D6CF825C092E720B3601E63FA1323D52294D0521953EF2CBFEC24182BAD9E8F23F1805B7FCE605FE43B7AD60D7DDE1B109FB5A5E6B8EADF1A3CD575452833BEF7C5007917D1115A39B1F0B6B02B635437279B17F777F615D343DDD8346D8355453041C25EBAB481FA88522B0C4BC26B850CFCD4E26AA0C71820FE961F293603172DF2CE2C22A75C36395732498132D9A664B861C160968856A6E3D23176138D3CEBA388DC12ED843C6F171B95630FAF8DF81491359FADFBC0DC970A9CE787CECA4F4A3152062BA7A20C938B247CD68F7049B5105D5F5DD850FB8B0B1301A33419EEC1DBEF722B0A41A1ABFCA74CACB0C904A859E3C9C0EC3FF313774BBB1D3D449744F0A03CDB00377BA83B5CC4D7DF57115CBFEF8199180CE667C60305CC80AC4676ABCDBECD74E315B2E6FECE43FA1B88A56933994ACDFAAA24C379BC2F28F532DB1BE9C6B6E5ED1F5AF4D143FC75"
"OODEFRAG10.00.00.01WORKSTATION"="C7EEF17B6E4F8F40C5E8A85A774E2A6355DF2931E5BEE35E8B644CC4EF735A930FA22DF212BE40F853AEBECDB4022344A8DAC6501D55859A15A79597B335445D00381EB39947D37C35E1CF860DAE475FA842CC329A6B26591A6FE596A4CA97317D2D6EE0B97058BA39B8D92732650975B0A4AE9CACB8BF4CA4C3464A4EB5F154DA215B62D6A23328208DEE998796334D8E357399D4D99F2AAE5051FEEDD9498B625BB6E60F2B1ABDA0DD350BA619E0B006C9B678C84E682E29E4B9C2F78161A45042E45B313A1AF7E54BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B555A7F90EB1E7682EBD8441B9638F9EBD34761A85BC7B75FA828CA057773FDB93B1F1614485DBCA28C405ADADD1789A46BBAE781F12696BBBB19A4303AA8899AC09B61FAC20E0C48521FD39A59921E631252178D8F2EB7AABE36F3080E1E9B15A3C9C5B7024B33A3B954F6AA8C58D97E0EB01A33772EB88BA6BB091EF574FF9391660807015E792B385688DF2C394462AAD15C57307A67E4BBD9A54A7AA7BCC5708D2BDBCDAE4394B7ACEB4F165630F57AC3773F9892C4934F7FB2BB05F840B3BA458061DC2E49D51A01C31CADEF811274DD57D6BBAE15C42D7B88CC75BD2145BA467918CFCF5B40D4AFD9ED5CAA8F34B9BF1011BBA00ACB140C7335F6DA6D1A4E30F5B371DFCF3366B34561C259B5EE8C323D713121433B738331C9D420FAB76626DA1039CAE59FA9C16F85FD04B7D1B9793268EA8FEEE7A6A1D8ADA6D7393A442B768835716637A9C8B6B13918A81EF8E81CE7F4F73DF16263683A5678DF978CDB475858D1316CCC912D5DC13FA20E8C13F7B89377C0D175F45D1BD8A69D52DEFC3D506E4D678772A3BA3996194907CEE321A8577F580032AA8049B18EB23F1B852D6B7E36A96F9E62B06D86D2411947855DB0088114650C34E6BE5B0485EEBDBE60D02F7A680444D9CEF5E8DC8600F6438B4B84BD2EFE98AB79D7B5D090C333218CFFE72BAC83BCC5D9A217A75453D5B7ADE25019295AD80FD77ED0A8C32D2B591397C052A0839FB4D024C52F287E6AB54D6EC51FDCD6F4E4C93020684DBCB8795A77E4B4A5A0A12E165BF955E73C4C7105EED4416B876BCE1573182F496126B7740BA4048DD6EED24498F2AA4D984468A7A37C930F5FD3D11E6AA99BA750D4A20E91BC220B69C0EB2F503DA8A0FC9DE37F30FB3F32DB560C2ACCFC5808F19AD0B4F3F99260E3D993D789452A9ECA9721C576BB85F073E5D7057B3E54A7F0748C85EF76C810D6CD80A20F523EACEAD7FD3787B744130B090AA58A1BDEBE399EB7C4CCE47AC66BBB7720109441016D42F0CE81FE2BFDB17F7936717F4915F8990610F7B9AF4CA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1040)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1100)
d:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(3416)
d:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
d:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\windows\system32\CTsvcCDA.exe
d:\program files\Canon\IJPLM\IJPLMSVC.EXE
d:\program files\Nero\Nero8\InCD\InCDsrv.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\windows\system32\oodag.exe
d:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
d:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\windows\system32\MsPMSPSv.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
d:\program files\MediaKey v2.00\OSD.EXE
d:\program files\Common Files\Nero\Lib\NMIndexingService.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2010-01-10 17:07:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-10 16:07
ComboFix2.txt 2010-01-10 15:42
ComboFix3.txt 2010-01-10 09:10
ComboFix4.txt 2010-01-09 20:49
Před spuštěním: Volných bajtů: 33 441 976 320
Po spuštění: Volných bajtů: 33 401 364 480
- - End Of File - - 4ED7CA228B49C3E7A237FF86E8E7C0D5
Re: Kontrola logu combofix
Omlouvám se teď už to bude snad správně, já byl fakt rychlejší než myšlenka, sorry. )
Já si nevšimnul, že jsem kopíroval combofix jako zástupce.
ComboFix 10-01-04.01 - Libor 10.01.2010 17:17:27.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2648 [GMT 1:00]
Spuštěný z: d:\documents and settings\Libor\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Libor\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\Freedom Scientific
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\soft602
2010-01-09 22:45 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:45 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-09 22:07 . 2010-01-10 08:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-01-09 20:10 . 2010-01-09 20:31 -------- d-----w- d:\windows\system32\oodag
2010-01-09 20:07 . 2010-01-09 20:07 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-01-09 19:54 . 2010-01-09 19:54 -------- d-----r- d:\documents and settings\LocalService\Oblíbené položky
2010-01-09 19:26 . 2010-01-09 19:59 -------- d-----w- d:\program files\OO Software
2010-01-06 20:36 . 2010-01-06 20:36 0 ----a-w- d:\windows\nsreg.dat
2010-01-06 13:34 . 2010-01-06 13:34 -------- d-----w- d:\program files\MSXML 4.0
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\Libor\data aplikac??
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\All Users\data aplikac??
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Common Files\Nero
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Nero
2010-01-05 21:27 . 2010-01-05 21:44 -------- d-----w- d:\program files\Zoner
2010-01-03 20:02 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2010-01-03 20:02 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-01-03 20:02 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-01-03 20:02 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-03 20:02 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-01-03 20:02 . 2010-01-03 20:03 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-01-03 19:59 . 2010-01-03 19:59 -------- d-----w- d:\program files\FLVPlayer4Free
2009-12-25 21:56 . 2009-12-25 21:56 -------- d-----w- D:\WinFast WorkArea
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\Common Files\Ulead Systems
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\WinFast
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- d:\program files\CCleaner
2009-12-24 23:25 . 2008-04-14 07:52 54272 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll
2009-12-24 23:25 . 2008-04-14 07:52 54272 ----a-w- d:\windows\system32\vfwwdm32.dll
2009-12-24 23:22 . 2003-09-19 14:45 21248 ----a-w- d:\windows\system32\drivers\pfc.sys
2009-12-24 23:22 . 1995-08-01 03:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-12-24 23:18 . 2002-07-03 10:44 53248 ----a-w- d:\windows\amcap.exe
2009-12-24 23:18 . 2004-08-30 15:37 286720 ----a-w- d:\windows\vsnpstd2.exe
2009-12-24 23:18 . 2004-06-08 17:25 53248 ----a-w- d:\windows\system32\dsnpstd2.dll
2009-12-24 23:17 . 2004-10-14 16:12 347264 ----a-w- d:\windows\system32\drivers\snpstd2.sys
2009-12-24 23:17 . 2004-09-24 15:24 57344 ----a-w- d:\windows\system32\rsnpstd2.dll
2009-12-24 23:17 . 2004-09-24 12:52 36864 ----a-w- d:\windows\system32\vsnpstd2.dll
2009-12-24 23:17 . 2004-02-16 12:59 61440 ----a-w- d:\windows\system32\csnpstd2.dll
2009-12-24 23:17 . 2009-12-24 23:17 -------- d-----w- d:\program files\Trust
2009-12-24 23:17 . 2004-06-09 15:00 20480 ----a-w- d:\windows\usnpstd2.exe
2009-12-24 23:13 . 2009-12-24 23:13 -------- d-----w- d:\program files\MediaKey v2.00
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- d:\program files\KYE
2009-12-24 23:11 . 2002-05-17 13:35 6656 ----a-w- d:\windows\system32\drivers\gmfiltr.sys
2009-12-24 23:11 . 2001-09-14 08:29 4096 ----a-w- d:\windows\system32\drivers\gmcoinst.dll
2009-12-24 21:59 . 2000-09-25 15:02 11864 ----a-w- d:\windows\system32\drivers\kbfilter.sys
2009-12-24 21:59 . 2009-12-24 22:33 -------- d-----w- d:\program files\Genius Multimedia Keyboard Driver
2009-12-24 21:14 . 1997-12-23 01:00 5600 ----a-w- d:\windows\system\WINASPI.DLL
2009-12-24 21:14 . 1997-12-23 01:00 48128 ----a-w- d:\windows\system32\WNASPI32.DLL
2009-12-24 21:14 . 1997-12-23 01:00 4672 ----a-w- d:\windows\system\WOWPOST.EXE
2009-12-24 21:14 . 1997-12-23 01:00 23936 ----a-w- d:\windows\system32\drivers\ASPI32.SYS
2009-12-24 15:23 . 2009-09-23 09:51 282624 ------w- d:\windows\system32\fppr332.dll
2009-12-24 15:23 . 2009-09-20 13:27 389120 ------w- d:\windows\system32\fppmon3.dll
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-12-24 15:14 . 2009-08-19 22:50 22872 ----a-r- d:\windows\system32\AdobePDFUI.dll
2009-12-24 15:14 . 2009-08-19 22:50 46928 ----a-r- d:\windows\system32\AdobePDF.dll
2009-12-24 15:11 . 2009-12-26 22:35 -------- d-----w- d:\program files\Common Files\Adobe
2009-12-23 18:35 . 2009-12-23 18:37 -------- d-----w- D:\TRANSLAT
2009-12-23 18:21 . 2009-12-23 18:21 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2009-12-23 18:21 . 2009-12-23 18:21 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2009-12-23 18:21 . 2009-12-23 18:21 129248 ----a-w- d:\windows\system32\drivers\snapman.sys
2009-12-23 18:20 . 2009-12-23 18:20 368736 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Common Files\Acronis
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Acronis
2009-12-23 18:16 . 2009-12-23 18:16 -------- d-----w- D:\d29a712d75c390c652de0a
2009-12-23 18:16 . 2009-12-23 18:22 -------- d-----w- d:\windows\SxsCaPendDel
2009-12-22 18:31 . 2009-12-22 18:31 -------- d-----w- d:\program files\Microsoft Silverlight
2009-12-22 18:27 . 2009-12-23 18:16 -------- d-----w- d:\windows\system32\XPSViewer
2009-12-22 18:27 . 2009-12-22 18:27 -------- d-----w- d:\program files\Reference Assemblies
2009-12-22 18:27 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-22 18:27 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-12-22 18:13 . 2009-12-22 18:13 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-22 18:10 . 2009-09-29 20:15 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-22 17:02 . 2009-12-22 17:02 -------- d-----w- d:\program files\Marvell
2009-12-22 16:57 . 2008-08-01 15:46 122880 ----a-w- d:\windows\system32\NVCOSMB.DLL
2009-12-22 16:50 . 2009-12-22 18:11 -------- d-----w- d:\program files\ATI Technologies
2009-12-22 16:50 . 2009-12-22 16:53 -------- d-----w- d:\program files\ATI
2009-12-21 23:18 . 2009-12-21 23:19 -------- d-----w- d:\program files\Common Files\Macromedia
2009-12-21 23:16 . 2009-12-21 23:16 -------- d-----w- d:\windows\Downloaded Installations
2009-12-21 22:21 . 2004-06-14 13:56 427864 ----a-w- d:\windows\system32\XceedZip.dll
2009-12-21 22:21 . 2009-12-21 22:21 -------- d-----w- d:\program files\Driver-Soft
2009-12-21 20:26 . 2009-12-21 20:26 -------- d-----w- d:\program files\iXi Tools
2009-12-21 17:21 . 2009-12-21 17:21 -------- d-----w- d:\program files\Flat Panel Adjust
2009-12-21 17:20 . 2009-12-21 17:20 -------- d-----w- d:\documents and settings\Libor\WINDOWS
2009-12-20 21:42 . 2009-12-20 21:42 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:31 . 2009-12-20 21:42 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-12-20 20:51 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-12-20 20:51 . 2009-08-06 18:23 215920 ----a-w- d:\windows\system32\muweb.dll
2009-12-20 20:40 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-12-20 20:40 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-20 20:39 . 2009-12-21 17:56 -------- d-----w- d:\program files\Microsoft Works
2009-12-20 20:39 . 2009-12-20 20:39 -------- d-----w- d:\program files\MSBuild
2009-12-20 20:36 . 2009-12-20 20:38 -------- d-----w- d:\windows\SHELLNEW
2009-12-20 20:35 . 2009-12-20 20:35 -------- d-----r- D:\MSOCache
2009-12-20 20:04 . 2009-12-20 20:04 -------- d-----w- d:\program files\Windows Media Connect 2
2009-12-20 20:03 . 2009-12-20 20:04 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-12-20 20:03 . 2009-12-20 20:03 -------- d-----w- d:\windows\system32\LogFiles
2009-12-20 19:56 . 2002-07-19 02:56 270336 ----a-w- d:\windows\system32\SFMS32.DLL
2009-12-20 19:55 . 1999-12-13 00:01 44032 ----a-w- d:\windows\system32\CTSVCCDA.EXE
2009-12-20 19:55 . 1999-11-18 00:00 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2009-12-20 19:55 . 2009-12-20 19:55 -------- d-----w- D:\Media
2009-12-20 19:55 . 2001-09-13 00:12 73728 ------w- d:\windows\system32\CTDrmRes.dll
2009-12-20 19:55 . 2001-05-04 09:29 28672 ------w- d:\windows\system32\CTIntRes.dll
2009-12-20 19:55 . 2001-03-30 01:00 62976 ------w- d:\windows\system32\CTDetres.dll
2009-12-20 19:55 . 2000-04-20 00:00 24576 ------w- d:\windows\system32\CTMERes.DLL
2009-12-20 19:55 . 2002-02-20 03:00 331776 ------w- d:\windows\system32\CTMedEng.dll
2009-12-20 19:55 . 2002-01-22 01:12 163840 ------w- d:\windows\system32\CTDRMUI.dll
2009-12-20 19:55 . 1998-10-20 08:05 54784 ------w- d:\windows\system32\Inetwh32.dll
2009-12-20 19:54 . 2001-05-28 12:47 12288 ----a-w- d:\windows\system32\AHQCpURes.dll
2009-12-20 19:54 . 2009-12-25 21:49 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-20 19:53 . 1999-10-11 01:01 41984 ------w- d:\windows\CTRegRun.exe
2009-12-20 19:53 . 2009-12-20 20:00 -------- d-----w- d:\program files\Creative
2009-12-20 19:53 . 1999-12-17 00:00 6752 ------w- d:\windows\system32\PFMODNT.SYS
2009-12-20 19:36 . 2008-06-14 17:35 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-12-20 19:36 . 2009-06-21 21:48 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2009-12-20 19:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-12-20 19:35 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-12-20 19:35 . 2008-04-11 19:06 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-12-20 19:35 . 2009-07-10 13:28 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:12 . 2004-08-18 12:00 77850 ----a-w- d:\windows\system32\perfc005.dat
2009-12-24 14:12 . 2004-08-18 12:00 428744 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 18:44 . 2009-12-20 18:43 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 19:53 . 2009-12-20 18:29 -------- d-----w- d:\program files\Common Files\InstallShield
2009-12-20 19:32 . 2009-12-20 19:32 -------- d--h--w- d:\program files\CanonBJ
2009-12-20 18:56 . 2009-12-20 18:06 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:56 . 2009-12-20 18:06 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-20 18:56 . 2009-12-20 18:07 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-20 18:43 . 2009-12-20 18:43 -------- d-----w- d:\program files\Avira
2009-12-20 18:31 . 2009-12-20 18:31 -------- d-----w- d:\program files\Gigabyte
2009-12-20 18:07 . 2009-12-20 18:07 -------- d-----w- d:\program files\microsoft frontpage
2009-12-20 18:04 . 2009-12-20 18:04 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- d:\windows\system32\wininet.dll
2009-10-21 09:22 . 2009-10-21 09:22 364544 ----a-w- d:\windows\system32\yk51x86.dll
2009-10-21 09:22 . 2009-10-21 09:22 298752 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- d:\windows\system32\oakley.dll
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\ERDNT\cache\lsass.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 \RP63\A0022978.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 \RP63\A0023949.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\ERDNT\cache\services.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 \RP63\A0022982.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 \RP63\A0023953.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\ERDNT\cache\spoolsv.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 \RP63\A0022983.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 \RP63\A0023954.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\ERDNT\cache\svchost.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 \RP63\A0023000.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 \RP63\A0023972.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\ERDNT\cache\winlogon.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0023955.exe
d:\windows\system32\dllcache\services.exe [x]
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021951.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\dllcache\winlogon.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022924.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022925.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\system32\lsass.exe
[7] 82A362FE1D4980B71B588D9C10748511 13312 \RP4\A0002163.exe
\RP63\A0022783.exe [x]
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\system32\services.exe
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021952.exe
\RP63\A0022784.exe [x]
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\system32\spoolsv.exe
[7] 21B6FAA88044A41640E03EBB68BE93E8 57856 \RP4\A0001859.exe
[-] C5A3F4F3EF18F50040921C29B12C8A73 58880 \RP63\A0022786.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\system32\svchost.exe
[7] DFBA2915B0BF58ABB288CD4C9318CB3F 14336 \RP4\A0001836.exe
\RP63\A0022785.exe [x]
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\winlogon.exe
[7] 221C29AE1B4CC61D11D8B27DE78B2307 502272 \RP4\A0003528.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP61\A0021950.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-09_20.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 03:16 . 2009-01-22 03:16 88904 d:\windows\system32\msxml4r.dll
+ 2009-03-25 10:43 . 2009-03-25 10:43 44544 d:\windows\system32\msxml4a.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut31_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut3_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_CA3F6736196D49668BD5097CC47A5C65.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut1_3575D6B9E84F4FD591F78BFF09FFF450.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 8854 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\Uninstall_602XML_F_DA564D32E3614401A2BB7B7E5BC41DD2.exe
+ 2008-10-01 11:29 . 2008-10-01 11:29 749605 d:\windows\system32\spool\drivers\w32x86\3\acpdfui301.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 633299 d:\windows\system32\spool\drivers\w32x86\3\acpdf301.dll
+ 2009-05-05 09:35 . 2009-05-05 09:35 132232 d:\windows\system32\GDTWAIN.DLL
+ 2010-01-09 23:15 . 2010-01-09 23:15 418816 d:\windows\Installer\8197a3.msi
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\shrFiller1_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\ARPPRODUCTICON.exe
+ 2009-01-22 03:14 . 2009-01-22 03:14 1328968 d:\windows\system32\msxml4.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 3833856 d:\windows\system32\cdintf300.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 2352640 d:\windows\Installer\81979f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 ----a-w- d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"OEXPRESS"="d:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-23 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="d:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"pdfFactory Pro Dispatcher v3"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-20 606208]
"mouseElf"="d:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"SNPSTD2"="d:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WinFastDTV"="d:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-01-31 69632]
"WinFast Schedule"="d:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-01-30 397312]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="d:\program files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Genius Multimedia Keyboard Driver.lnk - d:\program files\MediaKey v2.00\Versato.exe [2009-12-25 745984]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Libor\\Data aplikací\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [20.12.2009 22:31 691696]
R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [24.12.2009 22:59 11864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [20.12.2009 19:43 108289]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.1.2010 23:45 236368]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [13.12.2007 22:02 50984]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9.1.2010 23:45 19160]
R3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFDTV\WFIOCTL.sys [25.12.2009 22:49 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 d:\windows\Tasks\User_Feed_Synchronization-{2FA2815D-27C6-4B3A-91CA-F22156996EDF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF} = 192.168.10.1
TCP: {87F2DEEB-940E-4E4B-B1AA-7652AEF69A16} = 192.168.10.1
FF - ProfilePath - d:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\ybixrucv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:25
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = d:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???H????:??????\??? ??? ???\???\???????????5?7~e?7~\???\?????????a??????C@?\???\??????sH???\??????s\????:??A??s?:???C@?x???`|?w\?????@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A4C61F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9df8b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ceabb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cf7a21
SendHandler -> NDIS.sys @ 0xb9cd587b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="48D76DC5147C679A55D3F7723DA862DB5850E78E48DA43548E7B89AC24FCCEB565799B955B2511E68165BFF6A0821B52C22B01DBE61C4C09EE25E26E8358AD31D119039967E0D9498A7351E9E546F7B5CE62494B8883C923CDB8CE1079C843B4A1A009C5F5933588C5A2D6E3592406822E79553F2EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B5552FDC3D5910C3782E14F8BB503245D97DCC5FDAE7B2F5205BF14384E7ABAF4449B7DBA3685C2C2DCE571EF1DBFE082A0C498B1E3069D7395F580A34FD0745212278CC674517C35B69F4521BBD4957C8DD6DECC833975FBA22A15DAAF607FE4F4B8DFC4359208F96E558792740CC1E0D0C8E9E223D7702E08B2E32A5C002FE8E9E055A095589F7C430DC9C9BF5F9AE2433766505DFF39A3E89D6A5F10D81C6747AE47A9B2C1949A13755E791AF73BF0D7464A55EEFAD68B50E66F5F453C23E6CC12515F4144B333BEE052D370911681BF3096832867A8B018F9C0625CD3831335BAF059F88CBCAF3CF2561CCDBDEA8F65A8ADD1581618D2C062B5C8D7906CD5BB1E64B3D49FE080354E21DA8C81B609BD3045632801FD51A70B924CE1906A8C9349D8B81597CC7F2FB601EB2343A54D9130248C76A2535FC4F62AC1AB2C5B937539C8D35FE0D4AA3CBB143E84764AF54C9884D27E797DCDFA936E8B61108DA34889FBC34C6AE3546CA60925D6C727E83330B23B8654E631D8836EE82C1C04BA0CCD5A9ED7F150E6304E73533D4F7B2338AF52CF414D64366F85A796B9699B0B31F6308E73A2744D3083BF8A6F3B4A1029026ED6AEAEFDA428D0EE87326718F7582E1AFB951FEA5C7E93F4C8282A284660AEC923C2011EB07DAAFBE334B58D5C4FC5C9C90DDE9E84141CA46297D6CF825C092E720B3601E63FA1323D52294D0521953EF2CBFEC24182BAD9E8F23F1805B7FCE605FE43B7AD60D7DDE1B109FB5A5E6B8EADF1A3CD575452833BEF7C5007917D1115A39B1F0B6B02B635437279B17F777F615D343DDD8346D8355453041C25EBAB481FA88522B0C4BC26B850CFCD4E26AA0C71820FE961F293603172DF2CE2C22A75C36395732498132D9A664B861C160968856A6E3D23176138D3CEBA388DC12ED843C6F171B95630FAF8DF81491359FADFBC0DC970A9CE787CECA4F4A3152062BA7A20C938B247CD68F7049B5105D5F5DD850FB8B0B1301A33419EEC1DBEF722B0A41A1ABFCA74CACB0C904A859E3C9C0EC3FF313774BBB1D3D449744F0A03CDB00377BA83B5CC4D7DF57115CBFEF8199180CE667C60305CC80AC4676ABCDBECD74E315B2E6FECE43FA1B88A56933994ACDFAAA24C379BC2F28F532DB1BE9C6B6E5ED1F5AF4D143FC75"
"OODEFRAG10.00.00.01WORKSTATION"="C7EEF17B6E4F8F40C5E8A85A774E2A6355DF2931E5BEE35E8B644CC4EF735A930FA22DF212BE40F853AEBECDB4022344A8DAC6501D55859A15A79597B335445D00381EB39947D37C35E1CF860DAE475FA842CC329A6B26591A6FE596A4CA97317D2D6EE0B97058BA39B8D92732650975B0A4AE9CACB8BF4CA4C3464A4EB5F154DA215B62D6A23328208DEE998796334D8E357399D4D99F2AAE5051FEEDD9498B625BB6E60F2B1ABDA0DD350BA619E0B006C9B678C84E682E29E4B9C2F78161A45042E45B313A1AF7E54BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B555A7F90EB1E7682EBD8441B9638F9EBD34761A85BC7B75FA828CA057773FDB93B1F1614485DBCA28C405ADADD1789A46BBAE781F12696BBBB19A4303AA8899AC09B61FAC20E0C48521FD39A59921E631252178D8F2EB7AABE36F3080E1E9B15A3C9C5B7024B33A3B954F6AA8C58D97E0EB01A33772EB88BA6BB091EF574FF9391660807015E792B385688DF2C394462AAD15C57307A67E4BBD9A54A7AA7BCC5708D2BDBCDAE4394B7ACEB4F165630F57AC3773F9892C4934F7FB2BB05F840B3BA458061DC2E49D51A01C31CADEF811274DD57D6BBAE15C42D7B88CC75BD2145BA467918CFCF5B40D4AFD9ED5CAA8F34B9BF1011BBA00ACB140C7335F6DA6D1A4E30F5B371DFCF3366B34561C259B5EE8C323D713121433B738331C9D420FAB76626DA1039CAE59FA9C16F85FD04B7D1B9793268EA8FEEE7A6A1D8ADA6D7393A442B768835716637A9C8B6B13918A81EF8E81CE7F4F73DF16263683A5678DF978CDB475858D1316CCC912D5DC13FA20E8C13F7B89377C0D175F45D1BD8A69D52DEFC3D506E4D678772A3BA3996194907CEE321A8577F580032AA8049B18EB23F1B852D6B7E36A96F9E62B06D86D2411947855DB0088114650C34E6BE5B0485EEBDBE60D02F7A680444D9CEF5E8DC8600F6438B4B84BD2EFE98AB79D7B5D090C333218CFFE72BAC83BCC5D9A217A75453D5B7ADE25019295AD80FD77ED0A8C32D2B591397C052A0839FB4D024C52F287E6AB54D6EC51FDCD6F4E4C93020684DBCB8795A77E4B4A5A0A12E165BF955E73C4C7105EED4416B876BCE1573182F496126B7740BA4048DD6EED24498F2AA4D984468A7A37C930F5FD3D11E6AA99BA750D4A20E91BC220B69C0EB2F503DA8A0FC9DE37F30FB3F32DB560C2ACCFC5808F19AD0B4F3F99260E3D993D789452A9ECA9721C576BB85F073E5D7057B3E54A7F0748C85EF76C810D6CD80A20F523EACEAD7FD3787B744130B090AA58A1BDEBE399EB7C4CCE47AC66BBB7720109441016D42F0CE81FE2BFDB17F7936717F4915F8990610F7B9AF4CA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1040)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1096)
d:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(3684)
d:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
d:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\windows\system32\CTsvcCDA.exe
d:\program files\Canon\IJPLM\IJPLMSVC.EXE
d:\program files\Nero\Nero8\InCD\InCDsrv.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\windows\system32\oodag.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
d:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
d:\program files\MediaKey v2.00\OSD.EXE
d:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\windows\system32\MsPMSPSv.exe
d:\program files\Common Files\Nero\Lib\NMIndexingService.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2010-01-10 17:28:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-10 16:28
ComboFix2.txt 2010-01-10 16:07
ComboFix3.txt 2010-01-10 15:42
ComboFix4.txt 2010-01-10 09:10
ComboFix5.txt 2010-01-10 16:15
Před spuštěním: Volných bajtů: 33 407 922 176
Po spuštění: Volných bajtů: 33 364 910 080
- - End Of File - - 7A8CCB3B6248D4B8286BB1BF3E56C213
)Já si nevšimnul, že jsem kopíroval combofix jako zástupce.
ComboFix 10-01-04.01 - Libor 10.01.2010 17:17:27.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2648 [GMT 1:00]
Spuštěný z: d:\documents and settings\Libor\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Libor\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\Freedom Scientific
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\soft602
2010-01-09 22:45 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:45 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-09 22:07 . 2010-01-10 08:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-01-09 20:10 . 2010-01-09 20:31 -------- d-----w- d:\windows\system32\oodag
2010-01-09 20:07 . 2010-01-09 20:07 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-01-09 19:54 . 2010-01-09 19:54 -------- d-----r- d:\documents and settings\LocalService\Oblíbené položky
2010-01-09 19:26 . 2010-01-09 19:59 -------- d-----w- d:\program files\OO Software
2010-01-06 20:36 . 2010-01-06 20:36 0 ----a-w- d:\windows\nsreg.dat
2010-01-06 13:34 . 2010-01-06 13:34 -------- d-----w- d:\program files\MSXML 4.0
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\Libor\data aplikac??
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\All Users\data aplikac??
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Common Files\Nero
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Nero
2010-01-05 21:27 . 2010-01-05 21:44 -------- d-----w- d:\program files\Zoner
2010-01-03 20:02 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2010-01-03 20:02 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-01-03 20:02 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-01-03 20:02 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-03 20:02 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-01-03 20:02 . 2010-01-03 20:03 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-01-03 19:59 . 2010-01-03 19:59 -------- d-----w- d:\program files\FLVPlayer4Free
2009-12-25 21:56 . 2009-12-25 21:56 -------- d-----w- D:\WinFast WorkArea
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\Common Files\Ulead Systems
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\WinFast
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- d:\program files\CCleaner
2009-12-24 23:25 . 2008-04-14 07:52 54272 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll
2009-12-24 23:25 . 2008-04-14 07:52 54272 ----a-w- d:\windows\system32\vfwwdm32.dll
2009-12-24 23:22 . 2003-09-19 14:45 21248 ----a-w- d:\windows\system32\drivers\pfc.sys
2009-12-24 23:22 . 1995-08-01 03:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-12-24 23:18 . 2002-07-03 10:44 53248 ----a-w- d:\windows\amcap.exe
2009-12-24 23:18 . 2004-08-30 15:37 286720 ----a-w- d:\windows\vsnpstd2.exe
2009-12-24 23:18 . 2004-06-08 17:25 53248 ----a-w- d:\windows\system32\dsnpstd2.dll
2009-12-24 23:17 . 2004-10-14 16:12 347264 ----a-w- d:\windows\system32\drivers\snpstd2.sys
2009-12-24 23:17 . 2004-09-24 15:24 57344 ----a-w- d:\windows\system32\rsnpstd2.dll
2009-12-24 23:17 . 2004-09-24 12:52 36864 ----a-w- d:\windows\system32\vsnpstd2.dll
2009-12-24 23:17 . 2004-02-16 12:59 61440 ----a-w- d:\windows\system32\csnpstd2.dll
2009-12-24 23:17 . 2009-12-24 23:17 -------- d-----w- d:\program files\Trust
2009-12-24 23:17 . 2004-06-09 15:00 20480 ----a-w- d:\windows\usnpstd2.exe
2009-12-24 23:13 . 2009-12-24 23:13 -------- d-----w- d:\program files\MediaKey v2.00
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- d:\program files\KYE
2009-12-24 23:11 . 2002-05-17 13:35 6656 ----a-w- d:\windows\system32\drivers\gmfiltr.sys
2009-12-24 23:11 . 2001-09-14 08:29 4096 ----a-w- d:\windows\system32\drivers\gmcoinst.dll
2009-12-24 21:59 . 2000-09-25 15:02 11864 ----a-w- d:\windows\system32\drivers\kbfilter.sys
2009-12-24 21:59 . 2009-12-24 22:33 -------- d-----w- d:\program files\Genius Multimedia Keyboard Driver
2009-12-24 21:14 . 1997-12-23 01:00 5600 ----a-w- d:\windows\system\WINASPI.DLL
2009-12-24 21:14 . 1997-12-23 01:00 48128 ----a-w- d:\windows\system32\WNASPI32.DLL
2009-12-24 21:14 . 1997-12-23 01:00 4672 ----a-w- d:\windows\system\WOWPOST.EXE
2009-12-24 21:14 . 1997-12-23 01:00 23936 ----a-w- d:\windows\system32\drivers\ASPI32.SYS
2009-12-24 15:23 . 2009-09-23 09:51 282624 ------w- d:\windows\system32\fppr332.dll
2009-12-24 15:23 . 2009-09-20 13:27 389120 ------w- d:\windows\system32\fppmon3.dll
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-12-24 15:14 . 2009-08-19 22:50 22872 ----a-r- d:\windows\system32\AdobePDFUI.dll
2009-12-24 15:14 . 2009-08-19 22:50 46928 ----a-r- d:\windows\system32\AdobePDF.dll
2009-12-24 15:11 . 2009-12-26 22:35 -------- d-----w- d:\program files\Common Files\Adobe
2009-12-23 18:35 . 2009-12-23 18:37 -------- d-----w- D:\TRANSLAT
2009-12-23 18:21 . 2009-12-23 18:21 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2009-12-23 18:21 . 2009-12-23 18:21 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2009-12-23 18:21 . 2009-12-23 18:21 129248 ----a-w- d:\windows\system32\drivers\snapman.sys
2009-12-23 18:20 . 2009-12-23 18:20 368736 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Common Files\Acronis
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Acronis
2009-12-23 18:16 . 2009-12-23 18:16 -------- d-----w- D:\d29a712d75c390c652de0a
2009-12-23 18:16 . 2009-12-23 18:22 -------- d-----w- d:\windows\SxsCaPendDel
2009-12-22 18:31 . 2009-12-22 18:31 -------- d-----w- d:\program files\Microsoft Silverlight
2009-12-22 18:27 . 2009-12-23 18:16 -------- d-----w- d:\windows\system32\XPSViewer
2009-12-22 18:27 . 2009-12-22 18:27 -------- d-----w- d:\program files\Reference Assemblies
2009-12-22 18:27 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-22 18:27 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-12-22 18:13 . 2009-12-22 18:13 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-22 18:10 . 2009-09-29 20:15 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-22 17:02 . 2009-12-22 17:02 -------- d-----w- d:\program files\Marvell
2009-12-22 16:57 . 2008-08-01 15:46 122880 ----a-w- d:\windows\system32\NVCOSMB.DLL
2009-12-22 16:50 . 2009-12-22 18:11 -------- d-----w- d:\program files\ATI Technologies
2009-12-22 16:50 . 2009-12-22 16:53 -------- d-----w- d:\program files\ATI
2009-12-21 23:18 . 2009-12-21 23:19 -------- d-----w- d:\program files\Common Files\Macromedia
2009-12-21 23:16 . 2009-12-21 23:16 -------- d-----w- d:\windows\Downloaded Installations
2009-12-21 22:21 . 2004-06-14 13:56 427864 ----a-w- d:\windows\system32\XceedZip.dll
2009-12-21 22:21 . 2009-12-21 22:21 -------- d-----w- d:\program files\Driver-Soft
2009-12-21 20:26 . 2009-12-21 20:26 -------- d-----w- d:\program files\iXi Tools
2009-12-21 17:21 . 2009-12-21 17:21 -------- d-----w- d:\program files\Flat Panel Adjust
2009-12-21 17:20 . 2009-12-21 17:20 -------- d-----w- d:\documents and settings\Libor\WINDOWS
2009-12-20 21:42 . 2009-12-20 21:42 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:31 . 2009-12-20 21:42 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-12-20 20:51 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-12-20 20:51 . 2009-08-06 18:23 215920 ----a-w- d:\windows\system32\muweb.dll
2009-12-20 20:40 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-12-20 20:40 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-20 20:39 . 2009-12-21 17:56 -------- d-----w- d:\program files\Microsoft Works
2009-12-20 20:39 . 2009-12-20 20:39 -------- d-----w- d:\program files\MSBuild
2009-12-20 20:36 . 2009-12-20 20:38 -------- d-----w- d:\windows\SHELLNEW
2009-12-20 20:35 . 2009-12-20 20:35 -------- d-----r- D:\MSOCache
2009-12-20 20:04 . 2009-12-20 20:04 -------- d-----w- d:\program files\Windows Media Connect 2
2009-12-20 20:03 . 2009-12-20 20:04 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-12-20 20:03 . 2009-12-20 20:03 -------- d-----w- d:\windows\system32\LogFiles
2009-12-20 19:56 . 2002-07-19 02:56 270336 ----a-w- d:\windows\system32\SFMS32.DLL
2009-12-20 19:55 . 1999-12-13 00:01 44032 ----a-w- d:\windows\system32\CTSVCCDA.EXE
2009-12-20 19:55 . 1999-11-18 00:00 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2009-12-20 19:55 . 2009-12-20 19:55 -------- d-----w- D:\Media
2009-12-20 19:55 . 2001-09-13 00:12 73728 ------w- d:\windows\system32\CTDrmRes.dll
2009-12-20 19:55 . 2001-05-04 09:29 28672 ------w- d:\windows\system32\CTIntRes.dll
2009-12-20 19:55 . 2001-03-30 01:00 62976 ------w- d:\windows\system32\CTDetres.dll
2009-12-20 19:55 . 2000-04-20 00:00 24576 ------w- d:\windows\system32\CTMERes.DLL
2009-12-20 19:55 . 2002-02-20 03:00 331776 ------w- d:\windows\system32\CTMedEng.dll
2009-12-20 19:55 . 2002-01-22 01:12 163840 ------w- d:\windows\system32\CTDRMUI.dll
2009-12-20 19:55 . 1998-10-20 08:05 54784 ------w- d:\windows\system32\Inetwh32.dll
2009-12-20 19:54 . 2001-05-28 12:47 12288 ----a-w- d:\windows\system32\AHQCpURes.dll
2009-12-20 19:54 . 2009-12-25 21:49 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-20 19:53 . 1999-10-11 01:01 41984 ------w- d:\windows\CTRegRun.exe
2009-12-20 19:53 . 2009-12-20 20:00 -------- d-----w- d:\program files\Creative
2009-12-20 19:53 . 1999-12-17 00:00 6752 ------w- d:\windows\system32\PFMODNT.SYS
2009-12-20 19:36 . 2008-06-14 17:35 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-12-20 19:36 . 2009-06-21 21:48 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2009-12-20 19:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-12-20 19:35 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-12-20 19:35 . 2008-04-11 19:06 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-12-20 19:35 . 2009-07-10 13:28 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:12 . 2004-08-18 12:00 77850 ----a-w- d:\windows\system32\perfc005.dat
2009-12-24 14:12 . 2004-08-18 12:00 428744 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 18:44 . 2009-12-20 18:43 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 19:53 . 2009-12-20 18:29 -------- d-----w- d:\program files\Common Files\InstallShield
2009-12-20 19:32 . 2009-12-20 19:32 -------- d--h--w- d:\program files\CanonBJ
2009-12-20 18:56 . 2009-12-20 18:06 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:56 . 2009-12-20 18:06 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-20 18:56 . 2009-12-20 18:07 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-20 18:43 . 2009-12-20 18:43 -------- d-----w- d:\program files\Avira
2009-12-20 18:31 . 2009-12-20 18:31 -------- d-----w- d:\program files\Gigabyte
2009-12-20 18:07 . 2009-12-20 18:07 -------- d-----w- d:\program files\microsoft frontpage
2009-12-20 18:04 . 2009-12-20 18:04 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- d:\windows\system32\wininet.dll
2009-10-21 09:22 . 2009-10-21 09:22 364544 ----a-w- d:\windows\system32\yk51x86.dll
2009-10-21 09:22 . 2009-10-21 09:22 298752 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- d:\windows\system32\oakley.dll
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\ERDNT\cache\lsass.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 \RP63\A0022978.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 \RP63\A0023949.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\ERDNT\cache\services.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 \RP63\A0022982.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 \RP63\A0023953.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\ERDNT\cache\spoolsv.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 \RP63\A0022983.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 \RP63\A0023954.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\ERDNT\cache\svchost.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 \RP63\A0023000.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 \RP63\A0023972.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\ERDNT\cache\winlogon.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0023955.exe
d:\windows\system32\dllcache\services.exe [x]
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021951.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\dllcache\winlogon.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022924.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022925.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\system32\lsass.exe
[7] 82A362FE1D4980B71B588D9C10748511 13312 \RP4\A0002163.exe
\RP63\A0022783.exe [x]
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\system32\services.exe
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021952.exe
\RP63\A0022784.exe [x]
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\system32\spoolsv.exe
[7] 21B6FAA88044A41640E03EBB68BE93E8 57856 \RP4\A0001859.exe
[-] C5A3F4F3EF18F50040921C29B12C8A73 58880 \RP63\A0022786.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\system32\svchost.exe
[7] DFBA2915B0BF58ABB288CD4C9318CB3F 14336 \RP4\A0001836.exe
\RP63\A0022785.exe [x]
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\winlogon.exe
[7] 221C29AE1B4CC61D11D8B27DE78B2307 502272 \RP4\A0003528.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP61\A0021950.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-09_20.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 03:16 . 2009-01-22 03:16 88904 d:\windows\system32\msxml4r.dll
+ 2009-03-25 10:43 . 2009-03-25 10:43 44544 d:\windows\system32\msxml4a.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut31_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut3_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_CA3F6736196D49668BD5097CC47A5C65.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut1_3575D6B9E84F4FD591F78BFF09FFF450.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 8854 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\Uninstall_602XML_F_DA564D32E3614401A2BB7B7E5BC41DD2.exe
+ 2008-10-01 11:29 . 2008-10-01 11:29 749605 d:\windows\system32\spool\drivers\w32x86\3\acpdfui301.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 633299 d:\windows\system32\spool\drivers\w32x86\3\acpdf301.dll
+ 2009-05-05 09:35 . 2009-05-05 09:35 132232 d:\windows\system32\GDTWAIN.DLL
+ 2010-01-09 23:15 . 2010-01-09 23:15 418816 d:\windows\Installer\8197a3.msi
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\shrFiller1_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\ARPPRODUCTICON.exe
+ 2009-01-22 03:14 . 2009-01-22 03:14 1328968 d:\windows\system32\msxml4.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 3833856 d:\windows\system32\cdintf300.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 2352640 d:\windows\Installer\81979f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 ----a-w- d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"OEXPRESS"="d:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-23 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="d:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"pdfFactory Pro Dispatcher v3"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-20 606208]
"mouseElf"="d:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"SNPSTD2"="d:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WinFastDTV"="d:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-01-31 69632]
"WinFast Schedule"="d:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-01-30 397312]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="d:\program files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Genius Multimedia Keyboard Driver.lnk - d:\program files\MediaKey v2.00\Versato.exe [2009-12-25 745984]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Libor\\Data aplikací\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [20.12.2009 22:31 691696]
R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [24.12.2009 22:59 11864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [20.12.2009 19:43 108289]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.1.2010 23:45 236368]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [13.12.2007 22:02 50984]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9.1.2010 23:45 19160]
R3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFDTV\WFIOCTL.sys [25.12.2009 22:49 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 d:\windows\Tasks\User_Feed_Synchronization-{2FA2815D-27C6-4B3A-91CA-F22156996EDF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF} = 192.168.10.1
TCP: {87F2DEEB-940E-4E4B-B1AA-7652AEF69A16} = 192.168.10.1
FF - ProfilePath - d:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\ybixrucv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:25
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = d:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???H????:??????\??? ??? ???\???\???????????5?7~e?7~\???\?????????a??????C@?\???\??????sH???\??????s\????:??A??s?:???C@?x???`|?w\?????@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A4C61F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9df8b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ceabb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cf7a21
SendHandler -> NDIS.sys @ 0xb9cd587b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="48D76DC5147C679A55D3F7723DA862DB5850E78E48DA43548E7B89AC24FCCEB565799B955B2511E68165BFF6A0821B52C22B01DBE61C4C09EE25E26E8358AD31D119039967E0D9498A7351E9E546F7B5CE62494B8883C923CDB8CE1079C843B4A1A009C5F5933588C5A2D6E3592406822E79553F2EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B5552FDC3D5910C3782E14F8BB503245D97DCC5FDAE7B2F5205BF14384E7ABAF4449B7DBA3685C2C2DCE571EF1DBFE082A0C498B1E3069D7395F580A34FD0745212278CC674517C35B69F4521BBD4957C8DD6DECC833975FBA22A15DAAF607FE4F4B8DFC4359208F96E558792740CC1E0D0C8E9E223D7702E08B2E32A5C002FE8E9E055A095589F7C430DC9C9BF5F9AE2433766505DFF39A3E89D6A5F10D81C6747AE47A9B2C1949A13755E791AF73BF0D7464A55EEFAD68B50E66F5F453C23E6CC12515F4144B333BEE052D370911681BF3096832867A8B018F9C0625CD3831335BAF059F88CBCAF3CF2561CCDBDEA8F65A8ADD1581618D2C062B5C8D7906CD5BB1E64B3D49FE080354E21DA8C81B609BD3045632801FD51A70B924CE1906A8C9349D8B81597CC7F2FB601EB2343A54D9130248C76A2535FC4F62AC1AB2C5B937539C8D35FE0D4AA3CBB143E84764AF54C9884D27E797DCDFA936E8B61108DA34889FBC34C6AE3546CA60925D6C727E83330B23B8654E631D8836EE82C1C04BA0CCD5A9ED7F150E6304E73533D4F7B2338AF52CF414D64366F85A796B9699B0B31F6308E73A2744D3083BF8A6F3B4A1029026ED6AEAEFDA428D0EE87326718F7582E1AFB951FEA5C7E93F4C8282A284660AEC923C2011EB07DAAFBE334B58D5C4FC5C9C90DDE9E84141CA46297D6CF825C092E720B3601E63FA1323D52294D0521953EF2CBFEC24182BAD9E8F23F1805B7FCE605FE43B7AD60D7DDE1B109FB5A5E6B8EADF1A3CD575452833BEF7C5007917D1115A39B1F0B6B02B635437279B17F777F615D343DDD8346D8355453041C25EBAB481FA88522B0C4BC26B850CFCD4E26AA0C71820FE961F293603172DF2CE2C22A75C36395732498132D9A664B861C160968856A6E3D23176138D3CEBA388DC12ED843C6F171B95630FAF8DF81491359FADFBC0DC970A9CE787CECA4F4A3152062BA7A20C938B247CD68F7049B5105D5F5DD850FB8B0B1301A33419EEC1DBEF722B0A41A1ABFCA74CACB0C904A859E3C9C0EC3FF313774BBB1D3D449744F0A03CDB00377BA83B5CC4D7DF57115CBFEF8199180CE667C60305CC80AC4676ABCDBECD74E315B2E6FECE43FA1B88A56933994ACDFAAA24C379BC2F28F532DB1BE9C6B6E5ED1F5AF4D143FC75"
"OODEFRAG10.00.00.01WORKSTATION"="C7EEF17B6E4F8F40C5E8A85A774E2A6355DF2931E5BEE35E8B644CC4EF735A930FA22DF212BE40F853AEBECDB4022344A8DAC6501D55859A15A79597B335445D00381EB39947D37C35E1CF860DAE475FA842CC329A6B26591A6FE596A4CA97317D2D6EE0B97058BA39B8D92732650975B0A4AE9CACB8BF4CA4C3464A4EB5F154DA215B62D6A23328208DEE998796334D8E357399D4D99F2AAE5051FEEDD9498B625BB6E60F2B1ABDA0DD350BA619E0B006C9B678C84E682E29E4B9C2F78161A45042E45B313A1AF7E54BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B555A7F90EB1E7682EBD8441B9638F9EBD34761A85BC7B75FA828CA057773FDB93B1F1614485DBCA28C405ADADD1789A46BBAE781F12696BBBB19A4303AA8899AC09B61FAC20E0C48521FD39A59921E631252178D8F2EB7AABE36F3080E1E9B15A3C9C5B7024B33A3B954F6AA8C58D97E0EB01A33772EB88BA6BB091EF574FF9391660807015E792B385688DF2C394462AAD15C57307A67E4BBD9A54A7AA7BCC5708D2BDBCDAE4394B7ACEB4F165630F57AC3773F9892C4934F7FB2BB05F840B3BA458061DC2E49D51A01C31CADEF811274DD57D6BBAE15C42D7B88CC75BD2145BA467918CFCF5B40D4AFD9ED5CAA8F34B9BF1011BBA00ACB140C7335F6DA6D1A4E30F5B371DFCF3366B34561C259B5EE8C323D713121433B738331C9D420FAB76626DA1039CAE59FA9C16F85FD04B7D1B9793268EA8FEEE7A6A1D8ADA6D7393A442B768835716637A9C8B6B13918A81EF8E81CE7F4F73DF16263683A5678DF978CDB475858D1316CCC912D5DC13FA20E8C13F7B89377C0D175F45D1BD8A69D52DEFC3D506E4D678772A3BA3996194907CEE321A8577F580032AA8049B18EB23F1B852D6B7E36A96F9E62B06D86D2411947855DB0088114650C34E6BE5B0485EEBDBE60D02F7A680444D9CEF5E8DC8600F6438B4B84BD2EFE98AB79D7B5D090C333218CFFE72BAC83BCC5D9A217A75453D5B7ADE25019295AD80FD77ED0A8C32D2B591397C052A0839FB4D024C52F287E6AB54D6EC51FDCD6F4E4C93020684DBCB8795A77E4B4A5A0A12E165BF955E73C4C7105EED4416B876BCE1573182F496126B7740BA4048DD6EED24498F2AA4D984468A7A37C930F5FD3D11E6AA99BA750D4A20E91BC220B69C0EB2F503DA8A0FC9DE37F30FB3F32DB560C2ACCFC5808F19AD0B4F3F99260E3D993D789452A9ECA9721C576BB85F073E5D7057B3E54A7F0748C85EF76C810D6CD80A20F523EACEAD7FD3787B744130B090AA58A1BDEBE399EB7C4CCE47AC66BBB7720109441016D42F0CE81FE2BFDB17F7936717F4915F8990610F7B9AF4CA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1040)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1096)
d:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(3684)
d:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
d:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\windows\system32\CTsvcCDA.exe
d:\program files\Canon\IJPLM\IJPLMSVC.EXE
d:\program files\Nero\Nero8\InCD\InCDsrv.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\windows\system32\oodag.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
d:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
d:\program files\MediaKey v2.00\OSD.EXE
d:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\windows\system32\MsPMSPSv.exe
d:\program files\Common Files\Nero\Lib\NMIndexingService.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2010-01-10 17:28:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-10 16:28
ComboFix2.txt 2010-01-10 16:07
ComboFix3.txt 2010-01-10 15:42
ComboFix4.txt 2010-01-10 09:10
ComboFix5.txt 2010-01-10 16:15
Před spuštěním: Volných bajtů: 33 407 922 176
Po spuštění: Volných bajtů: 33 364 910 080
- - End Of File - - 7A8CCB3B6248D4B8286BB1BF3E56C213
Re: Kontrola logu combofix
Teď jsem už snad provedl vše správně.
ComboFix 10-01-04.01 - Libor 10.01.2010 17:41:16.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2474 [GMT 1:00]
Spuštěný z: d:\documents and settings\Libor\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Libor\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\Freedom Scientific
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\soft602
2010-01-09 22:45 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:45 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-09 22:07 . 2010-01-10 08:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-01-09 20:10 . 2010-01-09 20:31 -------- d-----w- d:\windows\system32\oodag
2010-01-09 20:07 . 2010-01-09 20:07 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-01-09 19:54 . 2010-01-09 19:54 -------- d-----r- d:\documents and settings\LocalService\Oblíbené položky
2010-01-09 19:26 . 2010-01-09 19:59 -------- d-----w- d:\program files\OO Software
2010-01-06 20:36 . 2010-01-06 20:36 0 ----a-w- d:\windows\nsreg.dat
2010-01-06 13:34 . 2010-01-06 13:34 -------- d-----w- d:\program files\MSXML 4.0
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\Libor\data aplikac??
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\All Users\data aplikac??
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Common Files\Nero
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Nero
2010-01-05 21:27 . 2010-01-05 21:44 -------- d-----w- d:\program files\Zoner
2010-01-03 20:02 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2010-01-03 20:02 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-01-03 20:02 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-01-03 20:02 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-03 20:02 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-01-03 20:02 . 2010-01-03 20:03 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-01-03 19:59 . 2010-01-03 19:59 -------- d-----w- d:\program files\FLVPlayer4Free
2009-12-25 21:56 . 2009-12-25 21:56 -------- d-----w- D:\WinFast WorkArea
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\Common Files\Ulead Systems
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\WinFast
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- d:\program files\CCleaner
2009-12-24 23:25 . 2008-04-14 07:52 54272 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll
2009-12-24 23:25 . 2008-04-14 07:52 54272 ----a-w- d:\windows\system32\vfwwdm32.dll
2009-12-24 23:22 . 2003-09-19 14:45 21248 ----a-w- d:\windows\system32\drivers\pfc.sys
2009-12-24 23:22 . 1995-08-01 03:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-12-24 23:18 . 2002-07-03 10:44 53248 ----a-w- d:\windows\amcap.exe
2009-12-24 23:18 . 2004-08-30 15:37 286720 ----a-w- d:\windows\vsnpstd2.exe
2009-12-24 23:18 . 2004-06-08 17:25 53248 ----a-w- d:\windows\system32\dsnpstd2.dll
2009-12-24 23:17 . 2004-10-14 16:12 347264 ----a-w- d:\windows\system32\drivers\snpstd2.sys
2009-12-24 23:17 . 2004-09-24 15:24 57344 ----a-w- d:\windows\system32\rsnpstd2.dll
2009-12-24 23:17 . 2004-09-24 12:52 36864 ----a-w- d:\windows\system32\vsnpstd2.dll
2009-12-24 23:17 . 2004-02-16 12:59 61440 ----a-w- d:\windows\system32\csnpstd2.dll
2009-12-24 23:17 . 2009-12-24 23:17 -------- d-----w- d:\program files\Trust
2009-12-24 23:17 . 2004-06-09 15:00 20480 ----a-w- d:\windows\usnpstd2.exe
2009-12-24 23:13 . 2009-12-24 23:13 -------- d-----w- d:\program files\MediaKey v2.00
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- d:\program files\KYE
2009-12-24 23:11 . 2002-05-17 13:35 6656 ----a-w- d:\windows\system32\drivers\gmfiltr.sys
2009-12-24 23:11 . 2001-09-14 08:29 4096 ----a-w- d:\windows\system32\drivers\gmcoinst.dll
2009-12-24 21:59 . 2000-09-25 15:02 11864 ----a-w- d:\windows\system32\drivers\kbfilter.sys
2009-12-24 21:59 . 2009-12-24 22:33 -------- d-----w- d:\program files\Genius Multimedia Keyboard Driver
2009-12-24 21:14 . 1997-12-23 01:00 5600 ----a-w- d:\windows\system\WINASPI.DLL
2009-12-24 21:14 . 1997-12-23 01:00 48128 ----a-w- d:\windows\system32\WNASPI32.DLL
2009-12-24 21:14 . 1997-12-23 01:00 4672 ----a-w- d:\windows\system\WOWPOST.EXE
2009-12-24 21:14 . 1997-12-23 01:00 23936 ----a-w- d:\windows\system32\drivers\ASPI32.SYS
2009-12-24 15:23 . 2009-09-23 09:51 282624 ------w- d:\windows\system32\fppr332.dll
2009-12-24 15:23 . 2009-09-20 13:27 389120 ------w- d:\windows\system32\fppmon3.dll
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-12-24 15:14 . 2009-08-19 22:50 22872 ----a-r- d:\windows\system32\AdobePDFUI.dll
2009-12-24 15:14 . 2009-08-19 22:50 46928 ----a-r- d:\windows\system32\AdobePDF.dll
2009-12-24 15:11 . 2009-12-26 22:35 -------- d-----w- d:\program files\Common Files\Adobe
2009-12-23 18:35 . 2009-12-23 18:37 -------- d-----w- D:\TRANSLAT
2009-12-23 18:21 . 2009-12-23 18:21 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2009-12-23 18:21 . 2009-12-23 18:21 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2009-12-23 18:21 . 2009-12-23 18:21 129248 ----a-w- d:\windows\system32\drivers\snapman.sys
2009-12-23 18:20 . 2009-12-23 18:20 368736 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Common Files\Acronis
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Acronis
2009-12-23 18:16 . 2009-12-23 18:16 -------- d-----w- D:\d29a712d75c390c652de0a
2009-12-23 18:16 . 2009-12-23 18:22 -------- d-----w- d:\windows\SxsCaPendDel
2009-12-22 18:31 . 2009-12-22 18:31 -------- d-----w- d:\program files\Microsoft Silverlight
2009-12-22 18:27 . 2009-12-23 18:16 -------- d-----w- d:\windows\system32\XPSViewer
2009-12-22 18:27 . 2009-12-22 18:27 -------- d-----w- d:\program files\Reference Assemblies
2009-12-22 18:27 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-22 18:27 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-12-22 18:13 . 2009-12-22 18:13 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-22 18:10 . 2009-09-29 20:15 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-22 17:02 . 2009-12-22 17:02 -------- d-----w- d:\program files\Marvell
2009-12-22 16:57 . 2008-08-01 15:46 122880 ----a-w- d:\windows\system32\NVCOSMB.DLL
2009-12-22 16:50 . 2009-12-22 18:11 -------- d-----w- d:\program files\ATI Technologies
2009-12-22 16:50 . 2009-12-22 16:53 -------- d-----w- d:\program files\ATI
2009-12-21 23:18 . 2009-12-21 23:19 -------- d-----w- d:\program files\Common Files\Macromedia
2009-12-21 23:16 . 2009-12-21 23:16 -------- d-----w- d:\windows\Downloaded Installations
2009-12-21 22:21 . 2004-06-14 13:56 427864 ----a-w- d:\windows\system32\XceedZip.dll
2009-12-21 22:21 . 2009-12-21 22:21 -------- d-----w- d:\program files\Driver-Soft
2009-12-21 20:26 . 2009-12-21 20:26 -------- d-----w- d:\program files\iXi Tools
2009-12-21 17:21 . 2009-12-21 17:21 -------- d-----w- d:\program files\Flat Panel Adjust
2009-12-21 17:20 . 2009-12-21 17:20 -------- d-----w- d:\documents and settings\Libor\WINDOWS
2009-12-20 21:42 . 2009-12-20 21:42 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 20:51 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-12-20 20:51 . 2009-08-06 18:23 215920 ----a-w- d:\windows\system32\muweb.dll
2009-12-20 20:40 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-12-20 20:40 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-20 20:39 . 2009-12-21 17:56 -------- d-----w- d:\program files\Microsoft Works
2009-12-20 20:39 . 2009-12-20 20:39 -------- d-----w- d:\program files\MSBuild
2009-12-20 20:36 . 2009-12-20 20:38 -------- d-----w- d:\windows\SHELLNEW
2009-12-20 20:35 . 2009-12-20 20:35 -------- d-----r- D:\MSOCache
2009-12-20 20:04 . 2009-12-20 20:04 -------- d-----w- d:\program files\Windows Media Connect 2
2009-12-20 20:03 . 2009-12-20 20:04 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-12-20 20:03 . 2009-12-20 20:03 -------- d-----w- d:\windows\system32\LogFiles
2009-12-20 19:56 . 2002-07-19 02:56 270336 ----a-w- d:\windows\system32\SFMS32.DLL
2009-12-20 19:55 . 1999-12-13 00:01 44032 ----a-w- d:\windows\system32\CTSVCCDA.EXE
2009-12-20 19:55 . 1999-11-18 00:00 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2009-12-20 19:55 . 2009-12-20 19:55 -------- d-----w- D:\Media
2009-12-20 19:55 . 2001-09-13 00:12 73728 ------w- d:\windows\system32\CTDrmRes.dll
2009-12-20 19:55 . 2001-05-04 09:29 28672 ------w- d:\windows\system32\CTIntRes.dll
2009-12-20 19:55 . 2001-03-30 01:00 62976 ------w- d:\windows\system32\CTDetres.dll
2009-12-20 19:55 . 2000-04-20 00:00 24576 ------w- d:\windows\system32\CTMERes.DLL
2009-12-20 19:55 . 2002-02-20 03:00 331776 ------w- d:\windows\system32\CTMedEng.dll
2009-12-20 19:55 . 2002-01-22 01:12 163840 ------w- d:\windows\system32\CTDRMUI.dll
2009-12-20 19:55 . 1998-10-20 08:05 54784 ------w- d:\windows\system32\Inetwh32.dll
2009-12-20 19:54 . 2001-05-28 12:47 12288 ----a-w- d:\windows\system32\AHQCpURes.dll
2009-12-20 19:54 . 2009-12-25 21:49 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-20 19:53 . 1999-10-11 01:01 41984 ------w- d:\windows\CTRegRun.exe
2009-12-20 19:53 . 2009-12-20 20:00 -------- d-----w- d:\program files\Creative
2009-12-20 19:53 . 1999-12-17 00:00 6752 ------w- d:\windows\system32\PFMODNT.SYS
2009-12-20 19:36 . 2008-06-14 17:35 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-12-20 19:36 . 2009-06-21 21:48 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2009-12-20 19:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-12-20 19:35 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-12-20 19:35 . 2008-04-11 19:06 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-12-20 19:35 . 2009-07-10 13:28 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
2009-12-20 19:35 . 2009-02-06 10:10 227840 -c----w- d:\windows\system32\dllcache\wmiprvse.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:12 . 2004-08-18 12:00 77850 ----a-w- d:\windows\system32\perfc005.dat
2009-12-24 14:12 . 2004-08-18 12:00 428744 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 18:44 . 2009-12-20 18:43 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 19:53 . 2009-12-20 18:29 -------- d-----w- d:\program files\Common Files\InstallShield
2009-12-20 19:32 . 2009-12-20 19:32 -------- d--h--w- d:\program files\CanonBJ
2009-12-20 18:56 . 2009-12-20 18:06 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:56 . 2009-12-20 18:06 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-20 18:56 . 2009-12-20 18:07 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-20 18:43 . 2009-12-20 18:43 -------- d-----w- d:\program files\Avira
2009-12-20 18:31 . 2009-12-20 18:31 -------- d-----w- d:\program files\Gigabyte
2009-12-20 18:07 . 2009-12-20 18:07 -------- d-----w- d:\program files\microsoft frontpage
2009-12-20 18:04 . 2009-12-20 18:04 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- d:\windows\system32\wininet.dll
2009-10-21 09:22 . 2009-10-21 09:22 364544 ----a-w- d:\windows\system32\yk51x86.dll
2009-10-21 09:22 . 2009-10-21 09:22 298752 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- d:\windows\system32\oakley.dll
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\ERDNT\cache\lsass.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 \RP63\A0022978.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 \RP63\A0025079.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\ERDNT\cache\services.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 \RP63\A0022982.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 \RP63\A0025083.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\ERDNT\cache\spoolsv.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 \RP63\A0022983.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 \RP63\A0025084.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\ERDNT\cache\svchost.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 \RP63\A0023000.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 \RP63\A0025102.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\ERDNT\cache\winlogon.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0023955.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0025085.exe
d:\windows\system32\dllcache\services.exe [x]
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021951.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\dllcache\winlogon.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022924.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022925.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\system32\lsass.exe
[7] 82A362FE1D4980B71B588D9C10748511 13312 \RP4\A0002163.exe
\RP63\A0022783.exe [x]
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\system32\services.exe
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021952.exe
\RP63\A0022784.exe [x]
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\system32\spoolsv.exe
[7] 21B6FAA88044A41640E03EBB68BE93E8 57856 \RP4\A0001859.exe
[-] C5A3F4F3EF18F50040921C29B12C8A73 58880 \RP63\A0022786.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\system32\svchost.exe
[7] DFBA2915B0BF58ABB288CD4C9318CB3F 14336 \RP4\A0001836.exe
\RP63\A0022785.exe [x]
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\winlogon.exe
[7] 221C29AE1B4CC61D11D8B27DE78B2307 502272 \RP4\A0003528.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP61\A0021950.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-09_20.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 03:16 . 2009-01-22 03:16 88904 d:\windows\system32\msxml4r.dll
+ 2009-03-25 10:43 . 2009-03-25 10:43 44544 d:\windows\system32\msxml4a.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut31_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut3_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_CA3F6736196D49668BD5097CC47A5C65.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut1_3575D6B9E84F4FD591F78BFF09FFF450.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 8854 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\Uninstall_602XML_F_DA564D32E3614401A2BB7B7E5BC41DD2.exe
+ 2008-10-01 11:29 . 2008-10-01 11:29 749605 d:\windows\system32\spool\drivers\w32x86\3\acpdfui301.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 633299 d:\windows\system32\spool\drivers\w32x86\3\acpdf301.dll
+ 2009-05-05 09:35 . 2009-05-05 09:35 132232 d:\windows\system32\GDTWAIN.DLL
+ 2010-01-09 23:15 . 2010-01-09 23:15 418816 d:\windows\Installer\8197a3.msi
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\shrFiller1_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\ARPPRODUCTICON.exe
+ 2009-01-22 03:14 . 2009-01-22 03:14 1328968 d:\windows\system32\msxml4.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 3833856 d:\windows\system32\cdintf300.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 2352640 d:\windows\Installer\81979f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 ----a-w- d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"OEXPRESS"="d:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-23 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="d:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"pdfFactory Pro Dispatcher v3"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-20 606208]
"mouseElf"="d:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"SNPSTD2"="d:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WinFastDTV"="d:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-01-31 69632]
"WinFast Schedule"="d:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-01-30 397312]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="d:\program files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Genius Multimedia Keyboard Driver.lnk - d:\program files\MediaKey v2.00\Versato.exe [2009-12-25 745984]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Libor\\Data aplikací\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [24.12.2009 22:59 11864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [20.12.2009 19:43 108289]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.1.2010 23:45 236368]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [13.12.2007 22:02 50984]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9.1.2010 23:45 19160]
R3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFDTV\WFIOCTL.sys [25.12.2009 22:49 9446]
S4 sptd;sptd;d:\windows\system32\Drivers\sptd.sys --> d:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 d:\windows\Tasks\User_Feed_Synchronization-{2FA2815D-27C6-4B3A-91CA-F22156996EDF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF} = 192.168.10.1
TCP: {87F2DEEB-940E-4E4B-B1AA-7652AEF69A16} = 192.168.10.1
FF - ProfilePath - d:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\ybixrucv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = d:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????:??????\??? ??? ???\???\???????????5?7~e?7~\???\???????p?`??????C@?\???\??????s????\??????s\????:??A??s?:???C@?x???`|?w\?????@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="48D76DC5147C679A55D3F7723DA862DB5850E78E48DA43548E7B89AC24FCCEB565799B955B2511E68165BFF6A0821B52C22B01DBE61C4C09EE25E26E8358AD31D119039967E0D9498A7351E9E546F7B5CE62494B8883C923CDB8CE1079C843B4A1A009C5F5933588C5A2D6E3592406822E79553F2EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B5552FDC3D5910C3782E14F8BB503245D97DCC5FDAE7B2F5205BF14384E7ABAF4449B7DBA3685C2C2DCE571EF1DBFE082A0C498B1E3069D7395F580A34FD0745212278CC674517C35B69F4521BBD4957C8DD6DECC833975FBA22A15DAAF607FE4F4B8DFC4359208F96E558792740CC1E0D0C8E9E223D7702E08B2E32A5C002FE8E9E055A095589F7C430DC9C9BF5F9AE2433766505DFF39A3E89D6A5F10D81C6747AE47A9B2C1949A13755E791AF73BF0D7464A55EEFAD68B50E66F5F453C23E6CC12515F4144B333BEE052D370911681BF3096832867A8B018F9C0625CD3831335BAF059F88CBCAF3CF2561CCDBDEA8F65A8ADD1581618D2C062B5C8D7906CD5BB1E64B3D49FE080354E21DA8C81B609BD3045632801FD51A70B924CE1906A8C9349D8B81597CC7F2FB601EB2343A54D9130248C76A2535FC4F62AC1AB2C5B937539C8D35FE0D4AA3CBB143E84764AF54C9884D27E797DCDFA936E8B61108DA34889FBC34C6AE3546CA60925D6C727E83330B23B8654E631D8836EE82C1C04BA0CCD5A9ED7F150E6304E73533D4F7B2338AF52CF414D64366F85A796B9699B0B31F6308E73A2744D3083BF8A6F3B4A1029026ED6AEAEFDA428D0EE87326718F7582E1AFB951FEA5C7E93F4C8282A284660AEC923C2011EB07DAAFBE334B58D5C4FC5C9C90DDE9E84141CA46297D6CF825C092E720B3601E63FA1323D52294D0521953EF2CBFEC24182BAD9E8F23F1805B7FCE605FE43B7AD60D7DDE1B109FB5A5E6B8EADF1A3CD575452833BEF7C5007917D1115A39B1F0B6B02B635437279B17F777F615D343DDD8346D8355453041C25EBAB481FA88522B0C4BC26B850CFCD4E26AA0C71820FE961F293603172DF2CE2C22A75C36395732498132D9A664B861C160968856A6E3D23176138D3CEBA388DC12ED843C6F171B95630FAF8DF81491359FADFBC0DC970A9CE787CECA4F4A3152062BA7A20C938B247CD68F7049B5105D5F5DD850FB8B0B1301A33419EEC1DBEF722B0A41A1ABFCA74CACB0C904A859E3C9C0EC3FF313774BBB1D3D449744F0A03CDB00377BA83B5CC4D7DF57115CBFEF8199180CE667C60305CC80AC4676ABCDBECD74E315B2E6FECE43FA1B88A56933994ACDFAAA24C379BC2F28F532DB1BE9C6B6E5ED1F5AF4D143FC75"
"OODEFRAG10.00.00.01WORKSTATION"="C7EEF17B6E4F8F40C5E8A85A774E2A6355DF2931E5BEE35E8B644CC4EF735A930FA22DF212BE40F853AEBECDB4022344A8DAC6501D55859A15A79597B335445D00381EB39947D37C35E1CF860DAE475FA842CC329A6B26591A6FE596A4CA97317D2D6EE0B97058BA39B8D92732650975B0A4AE9CACB8BF4CA4C3464A4EB5F154DA215B62D6A23328208DEE998796334D8E357399D4D99F2AAE5051FEEDD9498B625BB6E60F2B1ABDA0DD350BA619E0B006C9B678C84E682E29E4B9C2F78161A45042E45B313A1AF7E54BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B555A7F90EB1E7682EBD8441B9638F9EBD34761A85BC7B75FA828CA057773FDB93B1F1614485DBCA28C405ADADD1789A46BBAE781F12696BBBB19A4303AA8899AC09B61FAC20E0C48521FD39A59921E631252178D8F2EB7AABE36F3080E1E9B15A3C9C5B7024B33A3B954F6AA8C58D97E0EB01A33772EB88BA6BB091EF574FF9391660807015E792B385688DF2C394462AAD15C57307A67E4BBD9A54A7AA7BCC5708D2BDBCDAE4394B7ACEB4F165630F57AC3773F9892C4934F7FB2BB05F840B3BA458061DC2E49D51A01C31CADEF811274DD57D6BBAE15C42D7B88CC75BD2145BA467918CFCF5B40D4AFD9ED5CAA8F34B9BF1011BBA00ACB140C7335F6DA6D1A4E30F5B371DFCF3366B34561C259B5EE8C323D713121433B738331C9D420FAB76626DA1039CAE59FA9C16F85FD04B7D1B9793268EA8FEEE7A6A1D8ADA6D7393A442B768835716637A9C8B6B13918A81EF8E81CE7F4F73DF16263683A5678DF978CDB475858D1316CCC912D5DC13FA20E8C13F7B89377C0D175F45D1BD8A69D52DEFC3D506E4D678772A3BA3996194907CEE321A8577F580032AA8049B18EB23F1B852D6B7E36A96F9E62B06D86D2411947855DB0088114650C34E6BE5B0485EEBDBE60D02F7A680444D9CEF5E8DC8600F6438B4B84BD2EFE98AB79D7B5D090C333218CFFE72BAC83BCC5D9A217A75453D5B7ADE25019295AD80FD77ED0A8C32D2B591397C052A0839FB4D024C52F287E6AB54D6EC51FDCD6F4E4C93020684DBCB8795A77E4B4A5A0A12E165BF955E73C4C7105EED4416B876BCE1573182F496126B7740BA4048DD6EED24498F2AA4D984468A7A37C930F5FD3D11E6AA99BA750D4A20E91BC220B69C0EB2F503DA8A0FC9DE37F30FB3F32DB560C2ACCFC5808F19AD0B4F3F99260E3D993D789452A9ECA9721C576BB85F073E5D7057B3E54A7F0748C85EF76C810D6CD80A20F523EACEAD7FD3787B744130B090AA58A1BDEBE399EB7C4CCE47AC66BBB7720109441016D42F0CE81FE2BFDB17F7936717F4915F8990610F7B9AF4CA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1016)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1076)
d:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(328)
d:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
d:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-01-10 17:46:55
ComboFix-quarantined-files.txt 2010-01-10 16:46
ComboFix2.txt 2010-01-10 16:28
ComboFix3.txt 2010-01-10 16:07
ComboFix4.txt 2010-01-10 15:42
ComboFix5.txt 2010-01-10 16:39
Před spuštěním: Volných bajtů: 33 376 432 128
Po spuštění: Volných bajtů: 33 338 019 840
- - End Of File - - 05496B84992981ADDF30AECCDBD55B91
ComboFix 10-01-04.01 - Libor 10.01.2010 17:41:16.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2474 [GMT 1:00]
Spuštěný z: d:\documents and settings\Libor\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Libor\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\Freedom Scientific
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\soft602
2010-01-09 22:45 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:45 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-09 22:07 . 2010-01-10 08:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-01-09 20:10 . 2010-01-09 20:31 -------- d-----w- d:\windows\system32\oodag
2010-01-09 20:07 . 2010-01-09 20:07 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-01-09 19:54 . 2010-01-09 19:54 -------- d-----r- d:\documents and settings\LocalService\Oblíbené položky
2010-01-09 19:26 . 2010-01-09 19:59 -------- d-----w- d:\program files\OO Software
2010-01-06 20:36 . 2010-01-06 20:36 0 ----a-w- d:\windows\nsreg.dat
2010-01-06 13:34 . 2010-01-06 13:34 -------- d-----w- d:\program files\MSXML 4.0
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\Libor\data aplikac??
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\All Users\data aplikac??
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Common Files\Nero
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Nero
2010-01-05 21:27 . 2010-01-05 21:44 -------- d-----w- d:\program files\Zoner
2010-01-03 20:02 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2010-01-03 20:02 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-01-03 20:02 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-01-03 20:02 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-03 20:02 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-01-03 20:02 . 2010-01-03 20:03 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-01-03 19:59 . 2010-01-03 19:59 -------- d-----w- d:\program files\FLVPlayer4Free
2009-12-25 21:56 . 2009-12-25 21:56 -------- d-----w- D:\WinFast WorkArea
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\Common Files\Ulead Systems
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\WinFast
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- d:\program files\CCleaner
2009-12-24 23:25 . 2008-04-14 07:52 54272 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll
2009-12-24 23:25 . 2008-04-14 07:52 54272 ----a-w- d:\windows\system32\vfwwdm32.dll
2009-12-24 23:22 . 2003-09-19 14:45 21248 ----a-w- d:\windows\system32\drivers\pfc.sys
2009-12-24 23:22 . 1995-08-01 03:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-12-24 23:18 . 2002-07-03 10:44 53248 ----a-w- d:\windows\amcap.exe
2009-12-24 23:18 . 2004-08-30 15:37 286720 ----a-w- d:\windows\vsnpstd2.exe
2009-12-24 23:18 . 2004-06-08 17:25 53248 ----a-w- d:\windows\system32\dsnpstd2.dll
2009-12-24 23:17 . 2004-10-14 16:12 347264 ----a-w- d:\windows\system32\drivers\snpstd2.sys
2009-12-24 23:17 . 2004-09-24 15:24 57344 ----a-w- d:\windows\system32\rsnpstd2.dll
2009-12-24 23:17 . 2004-09-24 12:52 36864 ----a-w- d:\windows\system32\vsnpstd2.dll
2009-12-24 23:17 . 2004-02-16 12:59 61440 ----a-w- d:\windows\system32\csnpstd2.dll
2009-12-24 23:17 . 2009-12-24 23:17 -------- d-----w- d:\program files\Trust
2009-12-24 23:17 . 2004-06-09 15:00 20480 ----a-w- d:\windows\usnpstd2.exe
2009-12-24 23:13 . 2009-12-24 23:13 -------- d-----w- d:\program files\MediaKey v2.00
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- d:\program files\KYE
2009-12-24 23:11 . 2002-05-17 13:35 6656 ----a-w- d:\windows\system32\drivers\gmfiltr.sys
2009-12-24 23:11 . 2001-09-14 08:29 4096 ----a-w- d:\windows\system32\drivers\gmcoinst.dll
2009-12-24 21:59 . 2000-09-25 15:02 11864 ----a-w- d:\windows\system32\drivers\kbfilter.sys
2009-12-24 21:59 . 2009-12-24 22:33 -------- d-----w- d:\program files\Genius Multimedia Keyboard Driver
2009-12-24 21:14 . 1997-12-23 01:00 5600 ----a-w- d:\windows\system\WINASPI.DLL
2009-12-24 21:14 . 1997-12-23 01:00 48128 ----a-w- d:\windows\system32\WNASPI32.DLL
2009-12-24 21:14 . 1997-12-23 01:00 4672 ----a-w- d:\windows\system\WOWPOST.EXE
2009-12-24 21:14 . 1997-12-23 01:00 23936 ----a-w- d:\windows\system32\drivers\ASPI32.SYS
2009-12-24 15:23 . 2009-09-23 09:51 282624 ------w- d:\windows\system32\fppr332.dll
2009-12-24 15:23 . 2009-09-20 13:27 389120 ------w- d:\windows\system32\fppmon3.dll
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-12-24 15:14 . 2009-08-19 22:50 22872 ----a-r- d:\windows\system32\AdobePDFUI.dll
2009-12-24 15:14 . 2009-08-19 22:50 46928 ----a-r- d:\windows\system32\AdobePDF.dll
2009-12-24 15:11 . 2009-12-26 22:35 -------- d-----w- d:\program files\Common Files\Adobe
2009-12-23 18:35 . 2009-12-23 18:37 -------- d-----w- D:\TRANSLAT
2009-12-23 18:21 . 2009-12-23 18:21 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2009-12-23 18:21 . 2009-12-23 18:21 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2009-12-23 18:21 . 2009-12-23 18:21 129248 ----a-w- d:\windows\system32\drivers\snapman.sys
2009-12-23 18:20 . 2009-12-23 18:20 368736 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Common Files\Acronis
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Acronis
2009-12-23 18:16 . 2009-12-23 18:16 -------- d-----w- D:\d29a712d75c390c652de0a
2009-12-23 18:16 . 2009-12-23 18:22 -------- d-----w- d:\windows\SxsCaPendDel
2009-12-22 18:31 . 2009-12-22 18:31 -------- d-----w- d:\program files\Microsoft Silverlight
2009-12-22 18:27 . 2009-12-23 18:16 -------- d-----w- d:\windows\system32\XPSViewer
2009-12-22 18:27 . 2009-12-22 18:27 -------- d-----w- d:\program files\Reference Assemblies
2009-12-22 18:27 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-22 18:27 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-12-22 18:13 . 2009-12-22 18:13 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-22 18:10 . 2009-09-29 20:15 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-22 17:02 . 2009-12-22 17:02 -------- d-----w- d:\program files\Marvell
2009-12-22 16:57 . 2008-08-01 15:46 122880 ----a-w- d:\windows\system32\NVCOSMB.DLL
2009-12-22 16:50 . 2009-12-22 18:11 -------- d-----w- d:\program files\ATI Technologies
2009-12-22 16:50 . 2009-12-22 16:53 -------- d-----w- d:\program files\ATI
2009-12-21 23:18 . 2009-12-21 23:19 -------- d-----w- d:\program files\Common Files\Macromedia
2009-12-21 23:16 . 2009-12-21 23:16 -------- d-----w- d:\windows\Downloaded Installations
2009-12-21 22:21 . 2004-06-14 13:56 427864 ----a-w- d:\windows\system32\XceedZip.dll
2009-12-21 22:21 . 2009-12-21 22:21 -------- d-----w- d:\program files\Driver-Soft
2009-12-21 20:26 . 2009-12-21 20:26 -------- d-----w- d:\program files\iXi Tools
2009-12-21 17:21 . 2009-12-21 17:21 -------- d-----w- d:\program files\Flat Panel Adjust
2009-12-21 17:20 . 2009-12-21 17:20 -------- d-----w- d:\documents and settings\Libor\WINDOWS
2009-12-20 21:42 . 2009-12-20 21:42 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 20:51 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-12-20 20:51 . 2009-08-06 18:23 215920 ----a-w- d:\windows\system32\muweb.dll
2009-12-20 20:40 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-12-20 20:40 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-20 20:39 . 2009-12-21 17:56 -------- d-----w- d:\program files\Microsoft Works
2009-12-20 20:39 . 2009-12-20 20:39 -------- d-----w- d:\program files\MSBuild
2009-12-20 20:36 . 2009-12-20 20:38 -------- d-----w- d:\windows\SHELLNEW
2009-12-20 20:35 . 2009-12-20 20:35 -------- d-----r- D:\MSOCache
2009-12-20 20:04 . 2009-12-20 20:04 -------- d-----w- d:\program files\Windows Media Connect 2
2009-12-20 20:03 . 2009-12-20 20:04 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-12-20 20:03 . 2009-12-20 20:03 -------- d-----w- d:\windows\system32\LogFiles
2009-12-20 19:56 . 2002-07-19 02:56 270336 ----a-w- d:\windows\system32\SFMS32.DLL
2009-12-20 19:55 . 1999-12-13 00:01 44032 ----a-w- d:\windows\system32\CTSVCCDA.EXE
2009-12-20 19:55 . 1999-11-18 00:00 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2009-12-20 19:55 . 2009-12-20 19:55 -------- d-----w- D:\Media
2009-12-20 19:55 . 2001-09-13 00:12 73728 ------w- d:\windows\system32\CTDrmRes.dll
2009-12-20 19:55 . 2001-05-04 09:29 28672 ------w- d:\windows\system32\CTIntRes.dll
2009-12-20 19:55 . 2001-03-30 01:00 62976 ------w- d:\windows\system32\CTDetres.dll
2009-12-20 19:55 . 2000-04-20 00:00 24576 ------w- d:\windows\system32\CTMERes.DLL
2009-12-20 19:55 . 2002-02-20 03:00 331776 ------w- d:\windows\system32\CTMedEng.dll
2009-12-20 19:55 . 2002-01-22 01:12 163840 ------w- d:\windows\system32\CTDRMUI.dll
2009-12-20 19:55 . 1998-10-20 08:05 54784 ------w- d:\windows\system32\Inetwh32.dll
2009-12-20 19:54 . 2001-05-28 12:47 12288 ----a-w- d:\windows\system32\AHQCpURes.dll
2009-12-20 19:54 . 2009-12-25 21:49 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-20 19:53 . 1999-10-11 01:01 41984 ------w- d:\windows\CTRegRun.exe
2009-12-20 19:53 . 2009-12-20 20:00 -------- d-----w- d:\program files\Creative
2009-12-20 19:53 . 1999-12-17 00:00 6752 ------w- d:\windows\system32\PFMODNT.SYS
2009-12-20 19:36 . 2008-06-14 17:35 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-12-20 19:36 . 2009-06-21 21:48 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2009-12-20 19:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-12-20 19:35 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-12-20 19:35 . 2008-04-11 19:06 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-12-20 19:35 . 2009-07-10 13:28 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
2009-12-20 19:35 . 2009-02-06 10:10 227840 -c----w- d:\windows\system32\dllcache\wmiprvse.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:12 . 2004-08-18 12:00 77850 ----a-w- d:\windows\system32\perfc005.dat
2009-12-24 14:12 . 2004-08-18 12:00 428744 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 18:44 . 2009-12-20 18:43 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 19:53 . 2009-12-20 18:29 -------- d-----w- d:\program files\Common Files\InstallShield
2009-12-20 19:32 . 2009-12-20 19:32 -------- d--h--w- d:\program files\CanonBJ
2009-12-20 18:56 . 2009-12-20 18:06 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:56 . 2009-12-20 18:06 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-20 18:56 . 2009-12-20 18:07 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-20 18:43 . 2009-12-20 18:43 -------- d-----w- d:\program files\Avira
2009-12-20 18:31 . 2009-12-20 18:31 -------- d-----w- d:\program files\Gigabyte
2009-12-20 18:07 . 2009-12-20 18:07 -------- d-----w- d:\program files\microsoft frontpage
2009-12-20 18:04 . 2009-12-20 18:04 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- d:\windows\system32\wininet.dll
2009-10-21 09:22 . 2009-10-21 09:22 364544 ----a-w- d:\windows\system32\yk51x86.dll
2009-10-21 09:22 . 2009-10-21 09:22 298752 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- d:\windows\system32\oakley.dll
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\ERDNT\cache\lsass.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 \RP63\A0022978.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 \RP63\A0025079.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\ERDNT\cache\services.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 \RP63\A0022982.exe
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 \RP63\A0025083.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\ERDNT\cache\spoolsv.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 \RP63\A0022983.exe
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 \RP63\A0025084.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\ERDNT\cache\svchost.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 \RP63\A0023000.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 \RP63\A0025102.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\ERDNT\cache\winlogon.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0023955.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0025085.exe
d:\windows\system32\dllcache\services.exe [x]
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021951.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\dllcache\winlogon.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022924.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP63\A0022925.exe
[7] ED0A176354487CEED65B80A7148AB739 13312 d:\windows\system32\lsass.exe
[7] 82A362FE1D4980B71B588D9C10748511 13312 \RP4\A0002163.exe
\RP63\A0022783.exe [x]
[7] 3D107D45CCFDB266E91D84B52CD7F430 111104 d:\windows\system32\services.exe
[7] 9EF697AF07BB8DD82C3B02CA953A95B7 111104 \RP61\A0021952.exe
\RP63\A0022784.exe [x]
[7] CB1090BCA0E7B40D0B5B4E4D66531809 57856 d:\windows\system32\spoolsv.exe
[7] 21B6FAA88044A41640E03EBB68BE93E8 57856 \RP4\A0001859.exe
[-] C5A3F4F3EF18F50040921C29B12C8A73 58880 \RP63\A0022786.exe
[7] BE4A520E29B6391F49E79CCC52044D93 14336 d:\windows\system32\svchost.exe
[7] DFBA2915B0BF58ABB288CD4C9318CB3F 14336 \RP4\A0001836.exe
\RP63\A0022785.exe [x]
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 d:\windows\system32\winlogon.exe
[7] 221C29AE1B4CC61D11D8B27DE78B2307 502272 \RP4\A0003528.exe
[7] CDDB1F8E1AEA356F3AD106F2CF9B7FEA 507904 \RP61\A0021950.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-09_20.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 03:16 . 2009-01-22 03:16 88904 d:\windows\system32\msxml4r.dll
+ 2009-03-25 10:43 . 2009-03-25 10:43 44544 d:\windows\system32\msxml4a.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut31_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut3_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_CA3F6736196D49668BD5097CC47A5C65.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut1_3575D6B9E84F4FD591F78BFF09FFF450.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 8854 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\Uninstall_602XML_F_DA564D32E3614401A2BB7B7E5BC41DD2.exe
+ 2008-10-01 11:29 . 2008-10-01 11:29 749605 d:\windows\system32\spool\drivers\w32x86\3\acpdfui301.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 633299 d:\windows\system32\spool\drivers\w32x86\3\acpdf301.dll
+ 2009-05-05 09:35 . 2009-05-05 09:35 132232 d:\windows\system32\GDTWAIN.DLL
+ 2010-01-09 23:15 . 2010-01-09 23:15 418816 d:\windows\Installer\8197a3.msi
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\shrFiller1_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\ARPPRODUCTICON.exe
+ 2009-01-22 03:14 . 2009-01-22 03:14 1328968 d:\windows\system32\msxml4.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 3833856 d:\windows\system32\cdintf300.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 2352640 d:\windows\Installer\81979f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 ----a-w- d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"OEXPRESS"="d:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-23 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="d:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"pdfFactory Pro Dispatcher v3"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-20 606208]
"mouseElf"="d:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"SNPSTD2"="d:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WinFastDTV"="d:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-01-31 69632]
"WinFast Schedule"="d:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-01-30 397312]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="d:\program files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Genius Multimedia Keyboard Driver.lnk - d:\program files\MediaKey v2.00\Versato.exe [2009-12-25 745984]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Libor\\Data aplikací\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [24.12.2009 22:59 11864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [20.12.2009 19:43 108289]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.1.2010 23:45 236368]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [13.12.2007 22:02 50984]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9.1.2010 23:45 19160]
R3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFDTV\WFIOCTL.sys [25.12.2009 22:49 9446]
S4 sptd;sptd;d:\windows\system32\Drivers\sptd.sys --> d:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 d:\windows\Tasks\User_Feed_Synchronization-{2FA2815D-27C6-4B3A-91CA-F22156996EDF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF} = 192.168.10.1
TCP: {87F2DEEB-940E-4E4B-B1AA-7652AEF69A16} = 192.168.10.1
FF - ProfilePath - d:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\ybixrucv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = d:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????:??????\??? ??? ???\???\???????????5?7~e?7~\???\???????p?`??????C@?\???\??????s????\??????s\????:??A??s?:???C@?x???`|?w\?????@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="48D76DC5147C679A55D3F7723DA862DB5850E78E48DA43548E7B89AC24FCCEB565799B955B2511E68165BFF6A0821B52C22B01DBE61C4C09EE25E26E8358AD31D119039967E0D9498A7351E9E546F7B5CE62494B8883C923CDB8CE1079C843B4A1A009C5F5933588C5A2D6E3592406822E79553F2EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B5552FDC3D5910C3782E14F8BB503245D97DCC5FDAE7B2F5205BF14384E7ABAF4449B7DBA3685C2C2DCE571EF1DBFE082A0C498B1E3069D7395F580A34FD0745212278CC674517C35B69F4521BBD4957C8DD6DECC833975FBA22A15DAAF607FE4F4B8DFC4359208F96E558792740CC1E0D0C8E9E223D7702E08B2E32A5C002FE8E9E055A095589F7C430DC9C9BF5F9AE2433766505DFF39A3E89D6A5F10D81C6747AE47A9B2C1949A13755E791AF73BF0D7464A55EEFAD68B50E66F5F453C23E6CC12515F4144B333BEE052D370911681BF3096832867A8B018F9C0625CD3831335BAF059F88CBCAF3CF2561CCDBDEA8F65A8ADD1581618D2C062B5C8D7906CD5BB1E64B3D49FE080354E21DA8C81B609BD3045632801FD51A70B924CE1906A8C9349D8B81597CC7F2FB601EB2343A54D9130248C76A2535FC4F62AC1AB2C5B937539C8D35FE0D4AA3CBB143E84764AF54C9884D27E797DCDFA936E8B61108DA34889FBC34C6AE3546CA60925D6C727E83330B23B8654E631D8836EE82C1C04BA0CCD5A9ED7F150E6304E73533D4F7B2338AF52CF414D64366F85A796B9699B0B31F6308E73A2744D3083BF8A6F3B4A1029026ED6AEAEFDA428D0EE87326718F7582E1AFB951FEA5C7E93F4C8282A284660AEC923C2011EB07DAAFBE334B58D5C4FC5C9C90DDE9E84141CA46297D6CF825C092E720B3601E63FA1323D52294D0521953EF2CBFEC24182BAD9E8F23F1805B7FCE605FE43B7AD60D7DDE1B109FB5A5E6B8EADF1A3CD575452833BEF7C5007917D1115A39B1F0B6B02B635437279B17F777F615D343DDD8346D8355453041C25EBAB481FA88522B0C4BC26B850CFCD4E26AA0C71820FE961F293603172DF2CE2C22A75C36395732498132D9A664B861C160968856A6E3D23176138D3CEBA388DC12ED843C6F171B95630FAF8DF81491359FADFBC0DC970A9CE787CECA4F4A3152062BA7A20C938B247CD68F7049B5105D5F5DD850FB8B0B1301A33419EEC1DBEF722B0A41A1ABFCA74CACB0C904A859E3C9C0EC3FF313774BBB1D3D449744F0A03CDB00377BA83B5CC4D7DF57115CBFEF8199180CE667C60305CC80AC4676ABCDBECD74E315B2E6FECE43FA1B88A56933994ACDFAAA24C379BC2F28F532DB1BE9C6B6E5ED1F5AF4D143FC75"
"OODEFRAG10.00.00.01WORKSTATION"="C7EEF17B6E4F8F40C5E8A85A774E2A6355DF2931E5BEE35E8B644CC4EF735A930FA22DF212BE40F853AEBECDB4022344A8DAC6501D55859A15A79597B335445D00381EB39947D37C35E1CF860DAE475FA842CC329A6B26591A6FE596A4CA97317D2D6EE0B97058BA39B8D92732650975B0A4AE9CACB8BF4CA4C3464A4EB5F154DA215B62D6A23328208DEE998796334D8E357399D4D99F2AAE5051FEEDD9498B625BB6E60F2B1ABDA0DD350BA619E0B006C9B678C84E682E29E4B9C2F78161A45042E45B313A1AF7E54BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B555A7F90EB1E7682EBD8441B9638F9EBD34761A85BC7B75FA828CA057773FDB93B1F1614485DBCA28C405ADADD1789A46BBAE781F12696BBBB19A4303AA8899AC09B61FAC20E0C48521FD39A59921E631252178D8F2EB7AABE36F3080E1E9B15A3C9C5B7024B33A3B954F6AA8C58D97E0EB01A33772EB88BA6BB091EF574FF9391660807015E792B385688DF2C394462AAD15C57307A67E4BBD9A54A7AA7BCC5708D2BDBCDAE4394B7ACEB4F165630F57AC3773F9892C4934F7FB2BB05F840B3BA458061DC2E49D51A01C31CADEF811274DD57D6BBAE15C42D7B88CC75BD2145BA467918CFCF5B40D4AFD9ED5CAA8F34B9BF1011BBA00ACB140C7335F6DA6D1A4E30F5B371DFCF3366B34561C259B5EE8C323D713121433B738331C9D420FAB76626DA1039CAE59FA9C16F85FD04B7D1B9793268EA8FEEE7A6A1D8ADA6D7393A442B768835716637A9C8B6B13918A81EF8E81CE7F4F73DF16263683A5678DF978CDB475858D1316CCC912D5DC13FA20E8C13F7B89377C0D175F45D1BD8A69D52DEFC3D506E4D678772A3BA3996194907CEE321A8577F580032AA8049B18EB23F1B852D6B7E36A96F9E62B06D86D2411947855DB0088114650C34E6BE5B0485EEBDBE60D02F7A680444D9CEF5E8DC8600F6438B4B84BD2EFE98AB79D7B5D090C333218CFFE72BAC83BCC5D9A217A75453D5B7ADE25019295AD80FD77ED0A8C32D2B591397C052A0839FB4D024C52F287E6AB54D6EC51FDCD6F4E4C93020684DBCB8795A77E4B4A5A0A12E165BF955E73C4C7105EED4416B876BCE1573182F496126B7740BA4048DD6EED24498F2AA4D984468A7A37C930F5FD3D11E6AA99BA750D4A20E91BC220B69C0EB2F503DA8A0FC9DE37F30FB3F32DB560C2ACCFC5808F19AD0B4F3F99260E3D993D789452A9ECA9721C576BB85F073E5D7057B3E54A7F0748C85EF76C810D6CD80A20F523EACEAD7FD3787B744130B090AA58A1BDEBE399EB7C4CCE47AC66BBB7720109441016D42F0CE81FE2BFDB17F7936717F4915F8990610F7B9AF4CA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1016)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1076)
d:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(328)
d:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
d:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-01-10 17:46:55
ComboFix-quarantined-files.txt 2010-01-10 16:46
ComboFix2.txt 2010-01-10 16:28
ComboFix3.txt 2010-01-10 16:07
ComboFix4.txt 2010-01-10 15:42
ComboFix5.txt 2010-01-10 16:39
Před spuštěním: Volných bajtů: 33 376 432 128
Po spuštění: Volných bajtů: 33 338 019 840
- - End Of File - - 05496B84992981ADDF30AECCDBD55B91
Re: Kontrola logu combofix
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 19:23:39, on 10.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
D:\WINDOWS\vsnpstd2.exe
D:\Program Files\WinFast\WFDTV\DTVSchdl.exe
D:\Program Files\WinFast\WFDTV\WFWIZ.exe
D:\Program Files\Nero\Nero8\InCD\NBHGui.exe
D:\Program Files\Nero\Nero8\InCD\InCD.exe
D:\WINDOWS\system32\oodtray.exe
D:\Documents and Settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\MediaKey v2.00\Versato.exe
D:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\MediaKey v2.00\MePlayer.exe
D:\Program Files\MediaKey v2.00\OSD.EXE
D:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\Documents and Settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [mouseElf] D:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [SNPSTD2] D:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WinFastDTV] D:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [OODefragTray] D:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [combofix] "D:\ComboFix\CF13539.cfxxe" /c "D:\ComboFix\C.bat"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [OEXPRESS] D:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Genius Multimedia Keyboard Driver.lnk = D:\Program Files\MediaKey v2.00\Versato.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cam-km.nwt.cz/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF}: NameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{87F2DEEB-940E-4E4B-B1AA-7652AEF69A16}: NameServer = 192.168.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF}: NameServer = 192.168.10.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 13828 bytes
Scan saved at 19:23:39, on 10.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
D:\WINDOWS\vsnpstd2.exe
D:\Program Files\WinFast\WFDTV\DTVSchdl.exe
D:\Program Files\WinFast\WFDTV\WFWIZ.exe
D:\Program Files\Nero\Nero8\InCD\NBHGui.exe
D:\Program Files\Nero\Nero8\InCD\InCD.exe
D:\WINDOWS\system32\oodtray.exe
D:\Documents and Settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\MediaKey v2.00\Versato.exe
D:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\MediaKey v2.00\MePlayer.exe
D:\Program Files\MediaKey v2.00\OSD.EXE
D:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\Documents and Settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Libor\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [mouseElf] D:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [SNPSTD2] D:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WinFastDTV] D:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [OODefragTray] D:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [combofix] "D:\ComboFix\CF13539.cfxxe" /c "D:\ComboFix\C.bat"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [OEXPRESS] D:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Genius Multimedia Keyboard Driver.lnk = D:\Program Files\MediaKey v2.00\Versato.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cam-km.nwt.cz/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF}: NameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{87F2DEEB-940E-4E4B-B1AA-7652AEF69A16}: NameServer = 192.168.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF}: NameServer = 192.168.10.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 13828 bytes
Re: Kontrola logu combofix
Mockrát děkuji za pomoc a trpělivost. Tak jako vždy určitě pošlu příspěvek.
Přispějete na provoz fóra?