Kontrola logu combofix
Napsal: 10 led 2010 13:25
Prosím o kontrolu logu combofix. Někde je problém a nemůžu na to přijít, podezření mám na soubory winlogon.exe, services.exe, sass.exe, svchost.exe. Avira pořád hlásí napadení uvedených souborů. Předem děkuji.
ComboFix 10-01-04.01 - Libor 10.01.2010 10:01:58.2.1 - x86
Spuštěný z: f:\zaloha_d\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
Nakažená kopie d:\windows\system32\lsass.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\ServicePackFiles\i386\lsass.exe
Nakažená kopie d:\windows\system32\services.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
Nakažená kopie d:\windows\system32\svchost.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\ServicePackFiles\i386\svchost.exe
Nakažená kopie d:\windows\system32\spoolsv.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\ServicePackFiles\i386\spoolsv.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\Freedom Scientific
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\soft602
2010-01-09 22:45 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:45 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-09 22:07 . 2010-01-10 08:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-01-09 20:10 . 2010-01-09 20:31 -------- d-----w- d:\windows\system32\oodag
2010-01-09 20:07 . 2010-01-09 20:07 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-01-09 19:54 . 2010-01-09 19:54 -------- d-----r- d:\documents and settings\LocalService\Oblíbené položky
2010-01-09 19:26 . 2010-01-09 19:59 -------- d-----w- d:\program files\OO Software
2010-01-06 20:36 . 2010-01-06 20:36 0 ----a-w- d:\windows\nsreg.dat
2010-01-06 13:34 . 2010-01-06 13:34 -------- d-----w- d:\program files\MSXML 4.0
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\Libor\data aplikac??
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\All Users\data aplikac??
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Common Files\Nero
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Nero
2010-01-05 21:27 . 2010-01-05 21:44 -------- d-----w- d:\program files\Zoner
2010-01-03 20:02 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2010-01-03 20:02 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-01-03 20:02 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-01-03 20:02 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-03 20:02 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-01-03 20:02 . 2010-01-03 20:03 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-01-03 19:59 . 2010-01-03 19:59 -------- d-----w- d:\program files\FLVPlayer4Free
2009-12-25 21:56 . 2009-12-25 21:56 -------- d-----w- D:\WinFast WorkArea
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\Common Files\Ulead Systems
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\WinFast
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- d:\program files\CCleaner
2009-12-24 23:25 . 2008-04-14 07:52 54272 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll
2009-12-24 23:25 . 2008-04-14 07:52 54272 ----a-w- d:\windows\system32\vfwwdm32.dll
2009-12-24 23:22 . 2003-09-19 14:45 21248 ----a-w- d:\windows\system32\drivers\pfc.sys
2009-12-24 23:22 . 1995-08-01 03:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-12-24 23:18 . 2002-07-03 10:44 53248 ----a-w- d:\windows\amcap.exe
2009-12-24 23:18 . 2004-08-30 15:37 286720 ----a-w- d:\windows\vsnpstd2.exe
2009-12-24 23:18 . 2004-06-08 17:25 53248 ----a-w- d:\windows\system32\dsnpstd2.dll
2009-12-24 23:17 . 2004-10-14 16:12 347264 ----a-w- d:\windows\system32\drivers\snpstd2.sys
2009-12-24 23:17 . 2004-09-24 15:24 57344 ----a-w- d:\windows\system32\rsnpstd2.dll
2009-12-24 23:17 . 2004-09-24 12:52 36864 ----a-w- d:\windows\system32\vsnpstd2.dll
2009-12-24 23:17 . 2004-02-16 12:59 61440 ----a-w- d:\windows\system32\csnpstd2.dll
2009-12-24 23:17 . 2009-12-24 23:17 -------- d-----w- d:\program files\Trust
2009-12-24 23:17 . 2004-06-09 15:00 20480 ----a-w- d:\windows\usnpstd2.exe
2009-12-24 23:13 . 2009-12-24 23:13 -------- d-----w- d:\program files\MediaKey v2.00
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- d:\program files\KYE
2009-12-24 23:11 . 2002-05-17 13:35 6656 ----a-w- d:\windows\system32\drivers\gmfiltr.sys
2009-12-24 23:11 . 2001-09-14 08:29 4096 ----a-w- d:\windows\system32\drivers\gmcoinst.dll
2009-12-24 21:59 . 2000-09-25 15:02 11864 ----a-w- d:\windows\system32\drivers\kbfilter.sys
2009-12-24 21:59 . 2009-12-24 22:33 -------- d-----w- d:\program files\Genius Multimedia Keyboard Driver
2009-12-24 21:14 . 1997-12-23 01:00 5600 ----a-w- d:\windows\system\WINASPI.DLL
2009-12-24 21:14 . 1997-12-23 01:00 48128 ----a-w- d:\windows\system32\WNASPI32.DLL
2009-12-24 21:14 . 1997-12-23 01:00 4672 ----a-w- d:\windows\system\WOWPOST.EXE
2009-12-24 21:14 . 1997-12-23 01:00 23936 ----a-w- d:\windows\system32\drivers\ASPI32.SYS
2009-12-24 15:23 . 2009-09-23 09:51 282624 ------w- d:\windows\system32\fppr332.dll
2009-12-24 15:23 . 2009-09-20 13:27 389120 ------w- d:\windows\system32\fppmon3.dll
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-12-24 15:14 . 2009-08-19 22:50 22872 ----a-r- d:\windows\system32\AdobePDFUI.dll
2009-12-24 15:14 . 2009-08-19 22:50 46928 ----a-r- d:\windows\system32\AdobePDF.dll
2009-12-24 15:11 . 2009-12-26 22:35 -------- d-----w- d:\program files\Common Files\Adobe
2009-12-23 18:35 . 2009-12-23 18:37 -------- d-----w- D:\TRANSLAT
2009-12-23 18:21 . 2009-12-23 18:21 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2009-12-23 18:21 . 2009-12-23 18:21 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2009-12-23 18:21 . 2009-12-23 18:21 129248 ----a-w- d:\windows\system32\drivers\snapman.sys
2009-12-23 18:20 . 2009-12-23 18:20 368736 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Common Files\Acronis
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Acronis
2009-12-23 18:16 . 2009-12-23 18:16 -------- d-----w- D:\d29a712d75c390c652de0a
2009-12-23 18:16 . 2009-12-23 18:22 -------- d-----w- d:\windows\SxsCaPendDel
2009-12-22 18:31 . 2009-12-22 18:31 -------- d-----w- d:\program files\Microsoft Silverlight
2009-12-22 18:27 . 2009-12-23 18:16 -------- d-----w- d:\windows\system32\XPSViewer
2009-12-22 18:27 . 2009-12-22 18:27 -------- d-----w- d:\program files\Reference Assemblies
2009-12-22 18:27 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-22 18:27 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-12-22 18:13 . 2009-12-22 18:13 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-22 18:10 . 2009-09-29 20:15 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-22 17:02 . 2009-12-22 17:02 -------- d-----w- d:\program files\Marvell
2009-12-22 16:57 . 2008-08-01 15:46 122880 ----a-w- d:\windows\system32\NVCOSMB.DLL
2009-12-22 16:50 . 2009-12-22 18:11 -------- d-----w- d:\program files\ATI Technologies
2009-12-22 16:50 . 2009-12-22 16:53 -------- d-----w- d:\program files\ATI
2009-12-21 23:18 . 2009-12-21 23:19 -------- d-----w- d:\program files\Common Files\Macromedia
2009-12-21 23:16 . 2009-12-21 23:16 -------- d-----w- d:\windows\Downloaded Installations
2009-12-21 22:21 . 2004-06-14 13:56 427864 ----a-w- d:\windows\system32\XceedZip.dll
2009-12-21 22:21 . 2009-12-21 22:21 -------- d-----w- d:\program files\Driver-Soft
2009-12-21 20:26 . 2009-12-21 20:26 -------- d-----w- d:\program files\iXi Tools
2009-12-21 17:21 . 2009-12-21 17:21 -------- d-----w- d:\program files\Flat Panel Adjust
2009-12-21 17:20 . 2009-12-21 17:20 -------- d-----w- d:\documents and settings\Libor\WINDOWS
2009-12-20 21:42 . 2009-12-20 21:42 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:31 . 2009-12-20 21:42 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-12-20 20:51 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-12-20 20:51 . 2009-08-06 18:23 215920 ----a-w- d:\windows\system32\muweb.dll
2009-12-20 20:40 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-12-20 20:40 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-20 20:39 . 2009-12-21 17:56 -------- d-----w- d:\program files\Microsoft Works
2009-12-20 20:39 . 2009-12-20 20:39 -------- d-----w- d:\program files\MSBuild
2009-12-20 20:36 . 2009-12-20 20:38 -------- d-----w- d:\windows\SHELLNEW
2009-12-20 20:35 . 2009-12-20 20:35 -------- d-----r- D:\MSOCache
2009-12-20 20:04 . 2009-12-20 20:04 -------- d-----w- d:\program files\Windows Media Connect 2
2009-12-20 20:03 . 2009-12-20 20:04 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-12-20 20:03 . 2009-12-20 20:03 -------- d-----w- d:\windows\system32\LogFiles
2009-12-20 19:56 . 2002-07-19 02:56 270336 ----a-w- d:\windows\system32\SFMS32.DLL
2009-12-20 19:55 . 1999-12-13 00:01 44032 ----a-w- d:\windows\system32\CTSVCCDA.EXE
2009-12-20 19:55 . 1999-11-18 00:00 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2009-12-20 19:55 . 2009-12-20 19:55 -------- d-----w- D:\Media
2009-12-20 19:55 . 2001-09-13 00:12 73728 ------w- d:\windows\system32\CTDrmRes.dll
2009-12-20 19:55 . 2001-05-04 09:29 28672 ------w- d:\windows\system32\CTIntRes.dll
2009-12-20 19:55 . 2001-03-30 01:00 62976 ------w- d:\windows\system32\CTDetres.dll
2009-12-20 19:55 . 2000-04-20 00:00 24576 ------w- d:\windows\system32\CTMERes.DLL
2009-12-20 19:55 . 2002-02-20 03:00 331776 ------w- d:\windows\system32\CTMedEng.dll
2009-12-20 19:55 . 2002-01-22 01:12 163840 ------w- d:\windows\system32\CTDRMUI.dll
2009-12-20 19:55 . 1998-10-20 08:05 54784 ------w- d:\windows\system32\Inetwh32.dll
2009-12-20 19:54 . 2001-05-28 12:47 12288 ----a-w- d:\windows\system32\AHQCpURes.dll
2009-12-20 19:54 . 2009-12-25 21:49 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-20 19:53 . 1999-10-11 01:01 41984 ------w- d:\windows\CTRegRun.exe
2009-12-20 19:53 . 2009-12-20 20:00 -------- d-----w- d:\program files\Creative
2009-12-20 19:53 . 1999-12-17 00:00 6752 ------w- d:\windows\system32\PFMODNT.SYS
2009-12-20 19:36 . 2008-06-14 17:35 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-12-20 19:36 . 2009-06-21 21:48 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2009-12-20 19:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-12-20 19:35 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-12-20 19:35 . 2008-04-11 19:06 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-12-20 19:35 . 2009-07-10 13:28 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:12 . 2004-08-18 12:00 77850 ----a-w- d:\windows\system32\perfc005.dat
2009-12-24 14:12 . 2004-08-18 12:00 428744 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 18:44 . 2009-12-20 18:43 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 19:53 . 2009-12-20 18:29 -------- d-----w- d:\program files\Common Files\InstallShield
2009-12-20 19:32 . 2009-12-20 19:32 -------- d--h--w- d:\program files\CanonBJ
2009-12-20 18:56 . 2009-12-20 18:06 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:56 . 2009-12-20 18:06 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-20 18:56 . 2009-12-20 18:07 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-20 18:43 . 2009-12-20 18:43 -------- d-----w- d:\program files\Avira
2009-12-20 18:31 . 2009-12-20 18:31 -------- d-----w- d:\program files\Gigabyte
2009-12-20 18:07 . 2009-12-20 18:07 -------- d-----w- d:\program files\microsoft frontpage
2009-12-20 18:04 . 2009-12-20 18:04 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- d:\windows\system32\wininet.dll
2009-10-21 09:22 . 2009-10-21 09:22 364544 ----a-w- d:\windows\system32\yk51x86.dll
2009-10-21 09:22 . 2009-10-21 09:22 298752 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- d:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 12:00 79872 ----a-w- d:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 12:00 150016 ----a-w- d:\windows\system32\rastls.dll
.
------- Sigcheck -------
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 07:52 . !HASH: COULD NOT OPEN FILE !!!!! . 512000 . . [------] . . d:\windows\system32\winlogon.exe
[7] 2004-08-18 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-09_20.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-18 12:00 . 2008-04-14 07:52 14336 d:\windows\system32\svchost.exe
+ 2004-08-18 12:00 . 2008-04-14 07:52 57856 d:\windows\system32\spoolsv.exe
+ 2009-01-22 03:16 . 2009-01-22 03:16 88904 d:\windows\system32\msxml4r.dll
+ 2009-03-25 10:43 . 2009-03-25 10:43 44544 d:\windows\system32\msxml4a.dll
+ 2004-08-18 12:00 . 2008-04-14 07:52 13312 d:\windows\system32\lsass.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut31_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut3_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_CA3F6736196D49668BD5097CC47A5C65.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut1_3575D6B9E84F4FD591F78BFF09FFF450.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 8854 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\Uninstall_602XML_F_DA564D32E3614401A2BB7B7E5BC41DD2.exe
+ 2008-10-01 11:29 . 2008-10-01 11:29 749605 d:\windows\system32\spool\drivers\w32x86\3\acpdfui301.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 633299 d:\windows\system32\spool\drivers\w32x86\3\acpdf301.dll
+ 2004-08-18 12:00 . 2009-02-09 11:18 111104 d:\windows\system32\services.exe
+ 2009-05-05 09:35 . 2009-05-05 09:35 132232 d:\windows\system32\GDTWAIN.DLL
+ 2010-01-09 23:15 . 2010-01-09 23:15 418816 d:\windows\Installer\8197a3.msi
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\shrFiller1_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\ARPPRODUCTICON.exe
+ 2009-01-22 03:14 . 2009-01-22 03:14 1328968 d:\windows\system32\msxml4.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 3833856 d:\windows\system32\cdintf300.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 2352640 d:\windows\Installer\81979f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 ----a-w- d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"OEXPRESS"="d:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-23 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="d:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"pdfFactory Pro Dispatcher v3"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-20 606208]
"mouseElf"="d:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"SNPSTD2"="d:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WinFastDTV"="d:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-01-31 69632]
"WinFast Schedule"="d:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-01-30 397312]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="d:\program files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Genius Multimedia Keyboard Driver.lnk - d:\program files\MediaKey v2.00\Versato.exe [2009-12-25 745984]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Libor\\Data aplikací\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [20.12.2009 22:31 691696]
R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [24.12.2009 22:59 11864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [20.12.2009 19:43 108289]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.1.2010 23:45 236368]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [13.12.2007 22:02 50984]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9.1.2010 23:45 19160]
R3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFDTV\WFIOCTL.sys [25.12.2009 22:49 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 d:\windows\Tasks\User_Feed_Synchronization-{2FA2815D-27C6-4B3A-91CA-F22156996EDF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF} = 192.168.10.1
TCP: {87F2DEEB-940E-4E4B-B1AA-7652AEF69A16} = 192.168.10.1
FF - ProfilePath - d:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\ybixrucv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 10:08
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = d:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???Z????:??????\??? ??? ???\???\???????????5?7~e?7~\???\???????p?_??????C@?\???\??????sZ???\??????s\????:??A??s?:???C@?x???`|?w\?????@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A45B1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9df8b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ceabb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cf7a21
SendHandler -> NDIS.sys @ 0xb9cd587b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="48D76DC5147C679A55D3F7723DA862DB5850E78E48DA43548E7B89AC24FCCEB565799B955B2511E68165BFF6A0821B52C22B01DBE61C4C09EE25E26E8358AD31D119039967E0D9498A7351E9E546F7B5CE62494B8883C923CDB8CE1079C843B4A1A009C5F5933588C5A2D6E3592406822E79553F2EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B5552FDC3D5910C3782E14F8BB503245D97DCC5FDAE7B2F5205BF14384E7ABAF4449B7DBA3685C2C2DCE571EF1DBFE082A0C498B1E3069D7395F580A34FD0745212278CC674517C35B69F4521BBD4957C8DD6DECC833975FBA22A15DAAF607FE4F4B8DFC4359208F96E558792740CC1E0D0C8E9E223D7702E08B2E32A5C002FE8E9E055A095589F7C430DC9C9BF5F9AE2433766505DFF39A3E89D6A5F10D81C6747AE47A9B2C1949A13755E791AF73BF0D7464A55EEFAD68B50E66F5F453C23E6CC12515F4144B333BEE052D370911681BF3096832867A8B018F9C0625CD3831335BAF059F88CBCAF3CF2561CCDBDEA8F65A8ADD1581618D2C062B5C8D7906CD5BB1E64B3D49FE080354E21DA8C81B609BD3045632801FD51A70B924CE1906A8C9349D8B81597CC7F2FB601EB2343A54D9130248C76A2535FC4F62AC1AB2C5B937539C8D35FE0D4AA3CBB143E84764AF54C9884D27E797DCDFA936E8B61108DA34889FBC34C6AE3546CA60925D6C727E83330B23B8654E631D8836EE82C1C04BA0CCD5A9ED7F150E6304E73533D4F7B2338AF52CF414D64366F85A796B9699B0B31F6308E73A2744D3083BF8A6F3B4A1029026ED6AEAEFDA428D0EE87326718F7582E1AFB951FEA5C7E93F4C8282A284660AEC923C2011EB07DAAFBE334B58D5C4FC5C9C90DDE9E84141CA46297D6CF825C092E720B3601E63FA1323D52294D0521953EF2CBFEC24182BAD9E8F23F1805B7FCE605FE43B7AD60D7DDE1B109FB5A5E6B8EADF1A3CD575452833BEF7C5007917D1115A39B1F0B6B02B635437279B17F777F615D343DDD8346D8355453041C25EBAB481FA88522B0C4BC26B850CFCD4E26AA0C71820FE961F293603172DF2CE2C22A75C36395732498132D9A664B861C160968856A6E3D23176138D3CEBA388DC12ED843C6F171B95630FAF8DF81491359FADFBC0DC970A9CE787CECA4F4A3152062BA7A20C938B247CD68F7049B5105D5F5DD850FB8B0B1301A33419EEC1DBEF722B0A41A1ABFCA74CACB0C904A859E3C9C0EC3FF313774BBB1D3D449744F0A03CDB00377BA83B5CC4D7DF57115CBFEF8199180CE667C60305CC80AC4676ABCDBECD74E315B2E6FECE43FA1B88A56933994ACDFAAA24C379BC2F28F532DB1BE9C6B6E5ED1F5AF4D143FC75"
"OODEFRAG10.00.00.01WORKSTATION"="C7EEF17B6E4F8F40C5E8A85A774E2A6355DF2931E5BEE35E8B644CC4EF735A930FA22DF212BE40F853AEBECDB4022344A8DAC6501D55859A15A79597B335445D00381EB39947D37C35E1CF860DAE475FA842CC329A6B26591A6FE596A4CA97317D2D6EE0B97058BA39B8D92732650975B0A4AE9CACB8BF4CA4C3464A4EB5F154DA215B62D6A23328208DEE998796334D8E357399D4D99F2AAE5051FEEDD9498B625BB6E60F2B1ABDA0DD350BA619E0B006C9B678C84E682E29E4B9C2F78161A45042E45B313A1AF7E54BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B555A7F90EB1E7682EBD8441B9638F9EBD34761A85BC7B75FA828CA057773FDB93B1F1614485DBCA28C405ADADD1789A46BBAE781F12696BBBB19A4303AA8899AC09B61FAC20E0C48521FD39A59921E631252178D8F2EB7AABE36F3080E1E9B15A3C9C5B7024B33A3B954F6AA8C58D97E0EB01A33772EB88BA6BB091EF574FF9391660807015E792B385688DF2C394462AAD15C57307A67E4BBD9A54A7AA7BCC5708D2BDBCDAE4394B7ACEB4F165630F57AC3773F9892C4934F7FB2BB05F840B3BA458061DC2E49D51A01C31CADEF811274DD57D6BBAE15C42D7B88CC75BD2145BA467918CFCF5B40D4AFD9ED5CAA8F34B9BF1011BBA00ACB140C7335F6DA6D1A4E30F5B371DFCF3366B34561C259B5EE8C323D713121433B738331C9D420FAB76626DA1039CAE59FA9C16F85FD04B7D1B9793268EA8FEEE7A6A1D8ADA6D7393A442B768835716637A9C8B6B13918A81EF8E81CE7F4F73DF16263683A5678DF978CDB475858D1316CCC912D5DC13FA20E8C13F7B89377C0D175F45D1BD8A69D52DEFC3D506E4D678772A3BA3996194907CEE321A8577F580032AA8049B18EB23F1B852D6B7E36A96F9E62B06D86D2411947855DB0088114650C34E6BE5B0485EEBDBE60D02F7A680444D9CEF5E8DC8600F6438B4B84BD2EFE98AB79D7B5D090C333218CFFE72BAC83BCC5D9A217A75453D5B7ADE25019295AD80FD77ED0A8C32D2B591397C052A0839FB4D024C52F287E6AB54D6EC51FDCD6F4E4C93020684DBCB8795A77E4B4A5A0A12E165BF955E73C4C7105EED4416B876BCE1573182F496126B7740BA4048DD6EED24498F2AA4D984468A7A37C930F5FD3D11E6AA99BA750D4A20E91BC220B69C0EB2F503DA8A0FC9DE37F30FB3F32DB560C2ACCFC5808F19AD0B4F3F99260E3D993D789452A9ECA9721C576BB85F073E5D7057B3E54A7F0748C85EF76C810D6CD80A20F523EACEAD7FD3787B744130B090AA58A1BDEBE399EB7C4CCE47AC66BBB7720109441016D42F0CE81FE2BFDB17F7936717F4915F8990610F7B9AF4CA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1000)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1060)
d:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(1792)
d:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
d:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\windows\system32\CTsvcCDA.exe
d:\program files\Canon\IJPLM\IJPLMSVC.EXE
d:\program files\Nero\Nero8\InCD\InCDsrv.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\windows\system32\oodag.exe
d:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
d:\program files\MediaKey v2.00\OSD.EXE
d:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\windows\system32\MsPMSPSv.exe
d:\program files\Common Files\Nero\Lib\NMIndexingService.exe
d:\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-10 10:10:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-10 09:10
ComboFix2.txt 2010-01-09 20:49
Před spuštěním: Volných bajtů: 33 523 216 384
Po spuštění: Volných bajtů: 33 492 631 552
- - End Of File - - 707E89F767019E026CD6269B68CBBBBA
ComboFix 10-01-04.01 - Libor 10.01.2010 10:01:58.2.1 - x86
Spuštěný z: f:\zaloha_d\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
Nakažená kopie d:\windows\system32\lsass.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\ServicePackFiles\i386\lsass.exe
Nakažená kopie d:\windows\system32\services.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
Nakažená kopie d:\windows\system32\svchost.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\ServicePackFiles\i386\svchost.exe
Nakažená kopie d:\windows\system32\spoolsv.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\ServicePackFiles\i386\spoolsv.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\Freedom Scientific
2010-01-09 23:14 . 2010-01-09 23:14 -------- d-----w- d:\program files\Common Files\soft602
2010-01-09 22:45 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 22:45 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 22:26 . 2010-01-09 22:26 -------- d-----w- d:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-09 22:07 . 2010-01-10 08:42 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-01-09 20:10 . 2010-01-09 20:31 -------- d-----w- d:\windows\system32\oodag
2010-01-09 20:07 . 2010-01-09 20:07 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2010-01-09 19:54 . 2010-01-09 19:54 -------- d-----r- d:\documents and settings\LocalService\Oblíbené položky
2010-01-09 19:26 . 2010-01-09 19:59 -------- d-----w- d:\program files\OO Software
2010-01-06 20:36 . 2010-01-06 20:36 0 ----a-w- d:\windows\nsreg.dat
2010-01-06 13:34 . 2010-01-06 13:34 -------- d-----w- d:\program files\MSXML 4.0
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\Libor\data aplikac??
2010-01-05 22:18 . 2010-01-05 22:18 -------- d-----w- d:\documents and settings\All Users\data aplikac??
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Common Files\Nero
2010-01-05 22:13 . 2010-01-05 22:13 -------- d-----w- d:\program files\Nero
2010-01-05 21:27 . 2010-01-05 21:44 -------- d-----w- d:\program files\Zoner
2010-01-03 20:02 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2010-01-03 20:02 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-01-03 20:02 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-01-03 20:02 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-01-03 20:02 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-01-03 20:02 . 2010-01-03 20:03 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-01-03 19:59 . 2010-01-03 19:59 -------- d-----w- d:\program files\FLVPlayer4Free
2009-12-25 21:56 . 2009-12-25 21:56 -------- d-----w- D:\WinFast WorkArea
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\Common Files\Ulead Systems
2009-12-25 21:49 . 2009-12-25 21:49 -------- d-----w- d:\program files\WinFast
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- d:\program files\CCleaner
2009-12-24 23:25 . 2008-04-14 07:52 54272 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll
2009-12-24 23:25 . 2008-04-14 07:52 54272 ----a-w- d:\windows\system32\vfwwdm32.dll
2009-12-24 23:22 . 2003-09-19 14:45 21248 ----a-w- d:\windows\system32\drivers\pfc.sys
2009-12-24 23:22 . 1995-08-01 03:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-12-24 23:18 . 2002-07-03 10:44 53248 ----a-w- d:\windows\amcap.exe
2009-12-24 23:18 . 2004-08-30 15:37 286720 ----a-w- d:\windows\vsnpstd2.exe
2009-12-24 23:18 . 2004-06-08 17:25 53248 ----a-w- d:\windows\system32\dsnpstd2.dll
2009-12-24 23:17 . 2004-10-14 16:12 347264 ----a-w- d:\windows\system32\drivers\snpstd2.sys
2009-12-24 23:17 . 2004-09-24 15:24 57344 ----a-w- d:\windows\system32\rsnpstd2.dll
2009-12-24 23:17 . 2004-09-24 12:52 36864 ----a-w- d:\windows\system32\vsnpstd2.dll
2009-12-24 23:17 . 2004-02-16 12:59 61440 ----a-w- d:\windows\system32\csnpstd2.dll
2009-12-24 23:17 . 2009-12-24 23:17 -------- d-----w- d:\program files\Trust
2009-12-24 23:17 . 2004-06-09 15:00 20480 ----a-w- d:\windows\usnpstd2.exe
2009-12-24 23:13 . 2009-12-24 23:13 -------- d-----w- d:\program files\MediaKey v2.00
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- d:\program files\KYE
2009-12-24 23:11 . 2002-05-17 13:35 6656 ----a-w- d:\windows\system32\drivers\gmfiltr.sys
2009-12-24 23:11 . 2001-09-14 08:29 4096 ----a-w- d:\windows\system32\drivers\gmcoinst.dll
2009-12-24 21:59 . 2000-09-25 15:02 11864 ----a-w- d:\windows\system32\drivers\kbfilter.sys
2009-12-24 21:59 . 2009-12-24 22:33 -------- d-----w- d:\program files\Genius Multimedia Keyboard Driver
2009-12-24 21:14 . 1997-12-23 01:00 5600 ----a-w- d:\windows\system\WINASPI.DLL
2009-12-24 21:14 . 1997-12-23 01:00 48128 ----a-w- d:\windows\system32\WNASPI32.DLL
2009-12-24 21:14 . 1997-12-23 01:00 4672 ----a-w- d:\windows\system\WOWPOST.EXE
2009-12-24 21:14 . 1997-12-23 01:00 23936 ----a-w- d:\windows\system32\drivers\ASPI32.SYS
2009-12-24 15:23 . 2009-09-23 09:51 282624 ------w- d:\windows\system32\fppr332.dll
2009-12-24 15:23 . 2009-09-20 13:27 389120 ------w- d:\windows\system32\fppmon3.dll
2009-12-24 15:14 . 2009-12-24 15:14 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-12-24 15:14 . 2009-08-19 22:50 22872 ----a-r- d:\windows\system32\AdobePDFUI.dll
2009-12-24 15:14 . 2009-08-19 22:50 46928 ----a-r- d:\windows\system32\AdobePDF.dll
2009-12-24 15:11 . 2009-12-26 22:35 -------- d-----w- d:\program files\Common Files\Adobe
2009-12-23 18:35 . 2009-12-23 18:37 -------- d-----w- D:\TRANSLAT
2009-12-23 18:21 . 2009-12-23 18:21 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2009-12-23 18:21 . 2009-12-23 18:21 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2009-12-23 18:21 . 2009-12-23 18:21 129248 ----a-w- d:\windows\system32\drivers\snapman.sys
2009-12-23 18:20 . 2009-12-23 18:20 368736 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Common Files\Acronis
2009-12-23 18:20 . 2009-12-23 18:20 -------- d-----w- d:\program files\Acronis
2009-12-23 18:16 . 2009-12-23 18:16 -------- d-----w- D:\d29a712d75c390c652de0a
2009-12-23 18:16 . 2009-12-23 18:22 -------- d-----w- d:\windows\SxsCaPendDel
2009-12-22 18:31 . 2009-12-22 18:31 -------- d-----w- d:\program files\Microsoft Silverlight
2009-12-22 18:27 . 2009-12-23 18:16 -------- d-----w- d:\windows\system32\XPSViewer
2009-12-22 18:27 . 2009-12-22 18:27 -------- d-----w- d:\program files\Reference Assemblies
2009-12-22 18:27 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-22 18:27 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-12-22 18:13 . 2009-12-22 18:13 0 ----a-w- d:\windows\ativpsrm.bin
2009-12-22 18:10 . 2009-09-29 20:15 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-12-22 17:02 . 2009-12-22 17:02 -------- d-----w- d:\program files\Marvell
2009-12-22 16:57 . 2008-08-01 15:46 122880 ----a-w- d:\windows\system32\NVCOSMB.DLL
2009-12-22 16:50 . 2009-12-22 18:11 -------- d-----w- d:\program files\ATI Technologies
2009-12-22 16:50 . 2009-12-22 16:53 -------- d-----w- d:\program files\ATI
2009-12-21 23:18 . 2009-12-21 23:19 -------- d-----w- d:\program files\Common Files\Macromedia
2009-12-21 23:16 . 2009-12-21 23:16 -------- d-----w- d:\windows\Downloaded Installations
2009-12-21 22:21 . 2004-06-14 13:56 427864 ----a-w- d:\windows\system32\XceedZip.dll
2009-12-21 22:21 . 2009-12-21 22:21 -------- d-----w- d:\program files\Driver-Soft
2009-12-21 20:26 . 2009-12-21 20:26 -------- d-----w- d:\program files\iXi Tools
2009-12-21 17:21 . 2009-12-21 17:21 -------- d-----w- d:\program files\Flat Panel Adjust
2009-12-21 17:20 . 2009-12-21 17:20 -------- d-----w- d:\documents and settings\Libor\WINDOWS
2009-12-20 21:42 . 2009-12-20 21:42 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:32 . 2010-01-09 20:45 24 ----a-w- d:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2009-12-20 21:31 . 2009-12-20 21:42 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-12-20 20:51 . 2009-08-06 18:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-12-20 20:51 . 2009-08-06 18:23 215920 ----a-w- d:\windows\system32\muweb.dll
2009-12-20 20:40 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-12-20 20:40 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-20 20:39 . 2009-12-21 17:56 -------- d-----w- d:\program files\Microsoft Works
2009-12-20 20:39 . 2009-12-20 20:39 -------- d-----w- d:\program files\MSBuild
2009-12-20 20:36 . 2009-12-20 20:38 -------- d-----w- d:\windows\SHELLNEW
2009-12-20 20:35 . 2009-12-20 20:35 -------- d-----r- D:\MSOCache
2009-12-20 20:04 . 2009-12-20 20:04 -------- d-----w- d:\program files\Windows Media Connect 2
2009-12-20 20:03 . 2009-12-20 20:04 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-12-20 20:03 . 2009-12-20 20:03 -------- d-----w- d:\windows\system32\LogFiles
2009-12-20 19:56 . 2002-07-19 02:56 270336 ----a-w- d:\windows\system32\SFMS32.DLL
2009-12-20 19:55 . 1999-12-13 00:01 44032 ----a-w- d:\windows\system32\CTSVCCDA.EXE
2009-12-20 19:55 . 1999-11-18 00:00 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2009-12-20 19:55 . 2009-12-20 19:55 -------- d-----w- D:\Media
2009-12-20 19:55 . 2001-09-13 00:12 73728 ------w- d:\windows\system32\CTDrmRes.dll
2009-12-20 19:55 . 2001-05-04 09:29 28672 ------w- d:\windows\system32\CTIntRes.dll
2009-12-20 19:55 . 2001-03-30 01:00 62976 ------w- d:\windows\system32\CTDetres.dll
2009-12-20 19:55 . 2000-04-20 00:00 24576 ------w- d:\windows\system32\CTMERes.DLL
2009-12-20 19:55 . 2002-02-20 03:00 331776 ------w- d:\windows\system32\CTMedEng.dll
2009-12-20 19:55 . 2002-01-22 01:12 163840 ------w- d:\windows\system32\CTDRMUI.dll
2009-12-20 19:55 . 1998-10-20 08:05 54784 ------w- d:\windows\system32\Inetwh32.dll
2009-12-20 19:54 . 2001-05-28 12:47 12288 ----a-w- d:\windows\system32\AHQCpURes.dll
2009-12-20 19:54 . 2009-12-25 21:49 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-20 19:53 . 1999-10-11 01:01 41984 ------w- d:\windows\CTRegRun.exe
2009-12-20 19:53 . 2009-12-20 20:00 -------- d-----w- d:\program files\Creative
2009-12-20 19:53 . 1999-12-17 00:00 6752 ------w- d:\windows\system32\PFMODNT.SYS
2009-12-20 19:36 . 2008-06-14 17:35 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2009-12-20 19:36 . 2009-06-21 21:48 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2009-12-20 19:35 . 2008-05-08 14:02 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2009-12-20 19:35 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys
2009-12-20 19:35 . 2008-04-11 19:06 691712 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2009-12-20 19:35 . 2009-07-10 13:28 1315328 -c----w- d:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:12 . 2004-08-18 12:00 77850 ----a-w- d:\windows\system32\perfc005.dat
2009-12-24 14:12 . 2004-08-18 12:00 428744 ----a-w- d:\windows\system32\perfh005.dat
2009-12-22 18:44 . 2009-12-20 18:43 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 19:53 . 2009-12-20 18:29 -------- d-----w- d:\program files\Common Files\InstallShield
2009-12-20 19:32 . 2009-12-20 19:32 -------- d--h--w- d:\program files\CanonBJ
2009-12-20 18:56 . 2009-12-20 18:06 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 18:56 . 2009-12-20 18:06 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-20 18:56 . 2009-12-20 18:07 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-20 18:43 . 2009-12-20 18:43 -------- d-----w- d:\program files\Avira
2009-12-20 18:31 . 2009-12-20 18:31 -------- d-----w- d:\program files\Gigabyte
2009-12-20 18:07 . 2009-12-20 18:07 -------- d-----w- d:\program files\microsoft frontpage
2009-12-20 18:04 . 2009-12-20 18:04 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2009-10-29 07:43 . 2004-08-18 12:00 916480 ------w- d:\windows\system32\wininet.dll
2009-10-21 09:22 . 2009-10-21 09:22 364544 ----a-w- d:\windows\system32\yk51x86.dll
2009-10-21 09:22 . 2009-10-21 09:22 298752 ----a-w- d:\windows\system32\drivers\yk51x86.sys
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- d:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 12:00 79872 ----a-w- d:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 12:00 150016 ----a-w- d:\windows\system32\rastls.dll
.
------- Sigcheck -------
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 07:52 . !HASH: COULD NOT OPEN FILE !!!!! . 512000 . . [------] . . d:\windows\system32\winlogon.exe
[7] 2004-08-18 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-09_20.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-18 12:00 . 2008-04-14 07:52 14336 d:\windows\system32\svchost.exe
+ 2004-08-18 12:00 . 2008-04-14 07:52 57856 d:\windows\system32\spoolsv.exe
+ 2009-01-22 03:16 . 2009-01-22 03:16 88904 d:\windows\system32\msxml4r.dll
+ 2009-03-25 10:43 . 2009-03-25 10:43 44544 d:\windows\system32\msxml4a.dll
+ 2004-08-18 12:00 . 2008-04-14 07:52 13312 d:\windows\system32\lsass.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut31_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut3_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_CA3F6736196D49668BD5097CC47A5C65.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 45056 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut1_3575D6B9E84F4FD591F78BFF09FFF450.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 8854 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\Uninstall_602XML_F_DA564D32E3614401A2BB7B7E5BC41DD2.exe
+ 2008-10-01 11:29 . 2008-10-01 11:29 749605 d:\windows\system32\spool\drivers\w32x86\3\acpdfui301.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 633299 d:\windows\system32\spool\drivers\w32x86\3\acpdf301.dll
+ 2004-08-18 12:00 . 2009-02-09 11:18 111104 d:\windows\system32\services.exe
+ 2009-05-05 09:35 . 2009-05-05 09:35 132232 d:\windows\system32\GDTWAIN.DLL
+ 2010-01-09 23:15 . 2010-01-09 23:15 418816 d:\windows\Installer\8197a3.msi
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\shrFiller1_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\NewShortcut2_1AEA787C781F4A88BB0654C5A9460551.exe
+ 2010-01-09 23:14 . 2010-01-09 23:14 192512 d:\windows\Installer\{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}\ARPPRODUCTICON.exe
+ 2009-01-22 03:14 . 2009-01-22 03:14 1328968 d:\windows\system32\msxml4.dll
+ 2008-10-01 11:29 . 2008-10-01 11:29 3833856 d:\windows\system32\cdintf300.dll
+ 2010-01-09 23:14 . 2010-01-09 23:14 2352640 d:\windows\Installer\81979f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 ----a-w- d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Libor\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"OEXPRESS"="d:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-23 26624]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="d:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"pdfFactory Pro Dispatcher v3"="d:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-20 606208]
"mouseElf"="d:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"SNPSTD2"="d:\windows\vsnpstd2.exe" [2004-08-30 286720]
"WinFastDTV"="d:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-01-31 69632]
"WinFast Schedule"="d:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-01-30 397312]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 2048808]
"InCD"="d:\program files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Genius Multimedia Keyboard Driver.lnk - d:\program files\MediaKey v2.00\Versato.exe [2009-12-25 745984]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Libor\\Data aplikací\\uTorrent\\utorrent.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [20.12.2009 22:31 691696]
R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [24.12.2009 22:59 11864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [20.12.2009 19:43 108289]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.1.2010 23:45 236368]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [13.12.2007 22:02 50984]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9.1.2010 23:45 19160]
R3 WFIOCTL;WFIOCTL;d:\program files\WinFast\WFDTV\WFIOCTL.sys [25.12.2009 22:49 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 d:\windows\Tasks\User_Feed_Synchronization-{2FA2815D-27C6-4B3A-91CA-F22156996EDF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {0DF9ABB8-1A45-43C6-9814-276BEA2ED1AF} = 192.168.10.1
TCP: {87F2DEEB-940E-4E4B-B1AA-7652AEF69A16} = 192.168.10.1
FF - ProfilePath - d:\documents and settings\Libor\Data aplikací\Mozilla\Firefox\Profiles\ybixrucv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 10:08
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = d:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???Z????:??????\??? ??? ???\???\???????????5?7~e?7~\???\???????p?_??????C@?\???\??????sZ???\??????s\????:??A??s?:???C@?x???`|?w\?????@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A45B1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9df8b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ceabb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cf7a21
SendHandler -> NDIS.sys @ 0xb9cd587b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="48D76DC5147C679A55D3F7723DA862DB5850E78E48DA43548E7B89AC24FCCEB565799B955B2511E68165BFF6A0821B52C22B01DBE61C4C09EE25E26E8358AD31D119039967E0D9498A7351E9E546F7B5CE62494B8883C923CDB8CE1079C843B4A1A009C5F5933588C5A2D6E3592406822E79553F2EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B5552FDC3D5910C3782E14F8BB503245D97DCC5FDAE7B2F5205BF14384E7ABAF4449B7DBA3685C2C2DCE571EF1DBFE082A0C498B1E3069D7395F580A34FD0745212278CC674517C35B69F4521BBD4957C8DD6DECC833975FBA22A15DAAF607FE4F4B8DFC4359208F96E558792740CC1E0D0C8E9E223D7702E08B2E32A5C002FE8E9E055A095589F7C430DC9C9BF5F9AE2433766505DFF39A3E89D6A5F10D81C6747AE47A9B2C1949A13755E791AF73BF0D7464A55EEFAD68B50E66F5F453C23E6CC12515F4144B333BEE052D370911681BF3096832867A8B018F9C0625CD3831335BAF059F88CBCAF3CF2561CCDBDEA8F65A8ADD1581618D2C062B5C8D7906CD5BB1E64B3D49FE080354E21DA8C81B609BD3045632801FD51A70B924CE1906A8C9349D8B81597CC7F2FB601EB2343A54D9130248C76A2535FC4F62AC1AB2C5B937539C8D35FE0D4AA3CBB143E84764AF54C9884D27E797DCDFA936E8B61108DA34889FBC34C6AE3546CA60925D6C727E83330B23B8654E631D8836EE82C1C04BA0CCD5A9ED7F150E6304E73533D4F7B2338AF52CF414D64366F85A796B9699B0B31F6308E73A2744D3083BF8A6F3B4A1029026ED6AEAEFDA428D0EE87326718F7582E1AFB951FEA5C7E93F4C8282A284660AEC923C2011EB07DAAFBE334B58D5C4FC5C9C90DDE9E84141CA46297D6CF825C092E720B3601E63FA1323D52294D0521953EF2CBFEC24182BAD9E8F23F1805B7FCE605FE43B7AD60D7DDE1B109FB5A5E6B8EADF1A3CD575452833BEF7C5007917D1115A39B1F0B6B02B635437279B17F777F615D343DDD8346D8355453041C25EBAB481FA88522B0C4BC26B850CFCD4E26AA0C71820FE961F293603172DF2CE2C22A75C36395732498132D9A664B861C160968856A6E3D23176138D3CEBA388DC12ED843C6F171B95630FAF8DF81491359FADFBC0DC970A9CE787CECA4F4A3152062BA7A20C938B247CD68F7049B5105D5F5DD850FB8B0B1301A33419EEC1DBEF722B0A41A1ABFCA74CACB0C904A859E3C9C0EC3FF313774BBB1D3D449744F0A03CDB00377BA83B5CC4D7DF57115CBFEF8199180CE667C60305CC80AC4676ABCDBECD74E315B2E6FECE43FA1B88A56933994ACDFAAA24C379BC2F28F532DB1BE9C6B6E5ED1F5AF4D143FC75"
"OODEFRAG10.00.00.01WORKSTATION"="C7EEF17B6E4F8F40C5E8A85A774E2A6355DF2931E5BEE35E8B644CC4EF735A930FA22DF212BE40F853AEBECDB4022344A8DAC6501D55859A15A79597B335445D00381EB39947D37C35E1CF860DAE475FA842CC329A6B26591A6FE596A4CA97317D2D6EE0B97058BA39B8D92732650975B0A4AE9CACB8BF4CA4C3464A4EB5F154DA215B62D6A23328208DEE998796334D8E357399D4D99F2AAE5051FEEDD9498B625BB6E60F2B1ABDA0DD350BA619E0B006C9B678C84E682E29E4B9C2F78161A45042E45B313A1AF7E54BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA2D97226D213B555A7F90EB1E7682EBD8441B9638F9EBD34761A85BC7B75FA828CA057773FDB93B1F1614485DBCA28C405ADADD1789A46BBAE781F12696BBBB19A4303AA8899AC09B61FAC20E0C48521FD39A59921E631252178D8F2EB7AABE36F3080E1E9B15A3C9C5B7024B33A3B954F6AA8C58D97E0EB01A33772EB88BA6BB091EF574FF9391660807015E792B385688DF2C394462AAD15C57307A67E4BBD9A54A7AA7BCC5708D2BDBCDAE4394B7ACEB4F165630F57AC3773F9892C4934F7FB2BB05F840B3BA458061DC2E49D51A01C31CADEF811274DD57D6BBAE15C42D7B88CC75BD2145BA467918CFCF5B40D4AFD9ED5CAA8F34B9BF1011BBA00ACB140C7335F6DA6D1A4E30F5B371DFCF3366B34561C259B5EE8C323D713121433B738331C9D420FAB76626DA1039CAE59FA9C16F85FD04B7D1B9793268EA8FEEE7A6A1D8ADA6D7393A442B768835716637A9C8B6B13918A81EF8E81CE7F4F73DF16263683A5678DF978CDB475858D1316CCC912D5DC13FA20E8C13F7B89377C0D175F45D1BD8A69D52DEFC3D506E4D678772A3BA3996194907CEE321A8577F580032AA8049B18EB23F1B852D6B7E36A96F9E62B06D86D2411947855DB0088114650C34E6BE5B0485EEBDBE60D02F7A680444D9CEF5E8DC8600F6438B4B84BD2EFE98AB79D7B5D090C333218CFFE72BAC83BCC5D9A217A75453D5B7ADE25019295AD80FD77ED0A8C32D2B591397C052A0839FB4D024C52F287E6AB54D6EC51FDCD6F4E4C93020684DBCB8795A77E4B4A5A0A12E165BF955E73C4C7105EED4416B876BCE1573182F496126B7740BA4048DD6EED24498F2AA4D984468A7A37C930F5FD3D11E6AA99BA750D4A20E91BC220B69C0EB2F503DA8A0FC9DE37F30FB3F32DB560C2ACCFC5808F19AD0B4F3F99260E3D993D789452A9ECA9721C576BB85F073E5D7057B3E54A7F0748C85EF76C810D6CD80A20F523EACEAD7FD3787B744130B090AA58A1BDEBE399EB7C4CCE47AC66BBB7720109441016D42F0CE81FE2BFDB17F7936717F4915F8990610F7B9AF4CA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1000)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1060)
d:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(1792)
d:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
d:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\windows\system32\CTsvcCDA.exe
d:\program files\Canon\IJPLM\IJPLMSVC.EXE
d:\program files\Nero\Nero8\InCD\InCDsrv.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\windows\system32\oodag.exe
d:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
d:\program files\MediaKey v2.00\OSD.EXE
d:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\windows\system32\MsPMSPSv.exe
d:\program files\Common Files\Nero\Lib\NMIndexingService.exe
d:\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-10 10:10:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-10 09:10
ComboFix2.txt 2010-01-09 20:49
Před spuštěním: Volných bajtů: 33 523 216 384
Po spuštění: Volných bajtů: 33 492 631 552
- - End Of File - - 707E89F767019E026CD6269B68CBBBBA
)