ComboFix 10-02-16.03 - Tatka 17.02.2010  20:25:32.1.1 - x86
Systm Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.511.212 [GMT 1:00]
Sputn z: c:\documents and settings\Tatka\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tatka\Local Settings\Temporary Internet Files\101.gif
c:\documents and settings\Tatka\Local Settings\Temporary Internet Files\102.gif
c:\documents and settings\Tatka\Local Settings\Temporary Internet Files\103.gif
c:\documents and settings\Tatka\Local Settings\Temporary Internet Files\104.gif
c:\documents and settings\Tatka\Local Settings\Temporary Internet Files\105.gif
c:\documents and settings\Tatka\Local Settings\Temporary Internet Files\106.gif
c:\windows\system32\_id.dat
c:\windows\system32\3170451503.dat
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\E95THK16.EXE
c:\windows\system32\Chip.dll
c:\windows\UA000106.DLL

.
(((((((((((((((((((((((((((((((((((((((   Ovladae/Sluby   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT


(((((((((((((((((((((((((   Soubory vytvoen od 2010-01-17 do 2010-02-17  )))))))))))))))))))))))))))))))
.

2010-02-16 16:24 . 2010-02-16 23:47	--------	d-----w-	C:\rsit
2010-02-15 00:35 . 2009-06-30 08:37	28552	----a-w-	c:\windows\system32\drivers\pavboot.sys
2010-02-15 00:32 . 2010-02-15 00:32	--------	d-----w-	c:\program files\Panda Security
2010-02-14 21:07 . 2010-02-14 21:07	116	----a-w-	c:\windows\system32\fjhdyfhsn.bat
2010-02-11 19:46 . 2010-02-11 19:46	--------	d-----w-	c:\program files\CCleaner
2010-02-11 19:28 . 2008-12-26 14:23	271	----a-w-	c:\windows\system32\Setup.dll
2010-02-05 19:06 . 2010-02-05 19:06	--------	d-----w-	c:\temp\RTS
2010-02-05 17:39 . 2010-02-05 19:18	--------	d-----w-	C:\C_DILLA

.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 17:50 . 2009-12-01 09:11	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-01-22 00:14 . 2004-08-18 12:00	83562	----a-w-	c:\windows\system32\perfc005.dat
2010-01-22 00:14 . 2004-08-18 12:00	440812	----a-w-	c:\windows\system32\perfh005.dat
2010-01-17 16:17 . 2010-01-17 15:26	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-01-09 08:17 . 2008-04-29 16:45	3208	----a-w-	c:\windows\im32st.dat
2010-01-07 15:07 . 2010-01-17 15:26	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-01-17 15:26	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-01-05 09:57 . 2007-08-13 17:45	78336	------w-	c:\windows\system32\ieencode.dll
2009-12-31 16:50 . 2004-08-18 12:00	353792	----a-w-	c:\windows\system32\drivers\srv.sys
2009-12-28 16:05 . 2009-07-15 14:57	323584	----a-w-	c:\windows\system32\AUDIOGENIE2.DLL
2009-12-26 11:30 . 2009-12-26 11:30	--------	d-----w-	c:\program files\DIFX
2009-12-26 11:29 . 2009-12-26 11:29	--------	d-----w-	c:\program files\Garmin
2009-12-21 19:08 . 2004-08-18 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2009-12-17 22:07 . 2009-12-17 22:07	896	----a-w-	c:\windows\unins000.dat
2009-12-17 22:07 . 2001-12-29 23:00	72537	----a-w-	c:\windows\unins000.exe
2009-12-17 07:42 . 2008-02-09 13:25	343552	----a-w-	c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00	2191360	----a-w-	c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45	2068224	----a-w-	c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00	455424	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 21:04 . 2009-03-06 09:16	360584	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2009-12-01 00:46 . 2009-12-01 00:44	54	----a-w-	c:\windows\system32\rp_stats.dat
2009-12-01 00:46 . 2009-12-01 00:44	39	----a-w-	c:\windows\system32\rp_rules.dat
2009-12-01 00:44 . 2009-12-01 01:20	15688	----a-w-	c:\windows\system32\lsdelete.exe
2009-12-01 00:44 . 2009-12-01 00:44	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
2009-11-30 21:46 . 2009-11-30 21:46	1529241	----a-w-	C:\SDFix.exe
2009-11-27 17:14 . 2004-08-18 12:00	1294336	----a-w-	c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49	17920	----a-w-	c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00	28672	----a-w-	c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25	8704	----a-w-	c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00	84992	----a-w-	c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00	11264	----a-w-	c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49	48128	----a-w-	c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2004-08-18 12:00	471552	----a-w-	c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838}]
2009-02-12 22:13	311296	----a-w-	c:\program files\Snap Visual Search\snapbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01	1230080	----a-w-	c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-04-08 483328]
"RemoteControl8"="e:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="e:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-01 520024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Tatka\Nabdka Start\Programy\Po sputn\
netuza32.exe [2008-4-14 31232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-09 22:50	12464	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Family Tree Builder Update"=f:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Recosoft PDF2Office\\PDF2Office v5.0\\PDF2Office.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"=
"f:\\Program Files\\Recosoft PDF2Office\\PDF2Office v5.0\\PDF2OfficeDesktopServer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [9.11.2009 23:50 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9.11.2009 23:50 161800]
R0 fttxr5_O;fttxr5_O;c:\windows\system32\drivers\fttxr5_O.sys [9.2.2008 14:48 182168]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1.12.2009 1:44 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [15.2.2010 1:35 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.2.2009 23:33 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6.3.2009 10:16 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6.3.2009 10:16 360584]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 11:07 61424]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1.12.2009 22:04 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [1.12.2009 22:04 2304192]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 22:34 1028432]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [9.11.2009 23:49 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [9.11.2009 23:49 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [9.11.2009 23:49 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [9.11.2009 23:49 25736]
S0 accbd;accbd; [x]
S0 jghzfm;jghzfm; [x]
S0 uiagwjh;uiagwjh; [x]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [9.11.2009 23:49 5832712]
S2 NetTcpPortSharinghkmsvc;Net.Tcp Port Sharing Service NetTcpPortSharinghkmsvc;c:\windows\system32\activedsm.exe srv --> c:\windows\system32\activedsm.exe srv [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [9.11.2009 23:49 30104]
.
.
------- Doplkov sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file:///E:/Program%20Files/AutoCAD%202002%20Cz/InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file:///E:/Program%20Files/AutoCAD%202002%20Cz/InstBanr.ocx
FF - ProfilePath - c:\documents and settings\Tatka\Data aplikac\Mozilla\Firefox\Profiles\si32h7tx.default\
FF - plugin: e:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVEN FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -

HKLM-Run-UDC Integration - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 21:06
Windows 5.1.2600 Service Pack 3 NTFS

skenovn skrytch proces ...  

skenovn skrytch poloek 'Po sputn' ... 

skenovn skrytch soubor ...  

sken byl spen dokonen
skryt soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x823701F8]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf857af28
\Driver\ACPI -> ACPI.sys @ 0xf83d5cb8
\Driver\atapi -> atapi.sys @ 0xf836ab40
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Realtek RTL8029(AS)-based Ethernet Adapter (obecn) -> SendCompleteHandler -> NDIS.sys @ 0xf823fbd4
 PacketIndicateHandler -> NDIS.sys @ 0xf824ba21
 SendHandler -> NDIS.sys @ 0xf823fd44
user & kernel MBR OK 

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-220523388-1532298954-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-220523388-1532298954-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29DDE69A-A2AE-CE8C-586C-81C56A84A25C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naoknkmkphjiimeoioobamgjbmif"=hex:69,61,6c,67,6a,6b,64,66,70,6f,6c,66,65,66,
   6b,6f,65,67,00,77
"maihdhkokkoagkomocojilgigd"=hex:69,61,6c,67,6a,6b,64,66,70,6f,6c,66,65,66,6b,
   6f,65,67,00,00
.
--------------------- Knihovny navzan na bc procesy ---------------------

- - - - - - - > 'explorer.exe'(2032)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jin sputen procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkov as: 2010-02-17  21:12:37 - pota byl restartovn
ComboFix-quarantined-files.txt  2010-02-17 20:12

Ped sputnm: Volnch bajt: 27187875840
Po sputn: Volnch bajt: 27085164544

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 160C6624B1814C8C4AD1CA3856A8F32D
