ComboFix 10-02-24.01 - David 24.02.2010  22:31:04.2.1 - x86
Systm Microsoft Windows XP Professional  5.1.2600.2.1250.420.1029.18.255.134 [GMT 1:00]
Sputn z: c:\documents and settings\David\Plocha\ComboFix.exe
Pouit ovldac pepnae :: c:\documents and settings\David\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 100224-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}

file zipped: c:\program files\bit.bat
file zipped: c:\program files\bit2.bat
file zipped: c:\program files\bit3.bat
file zipped: c:\program files\inc1.bat
file zipped: c:\program files\sleep.bat
file zipped: c:\program files\temp1.exe.txt
file zipped: c:\program files\temp2.exe.txt
file zipped: c:\program files\temp3.exe.txt
.

(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\bit.bat
c:\program files\bit2.bat
c:\program files\bit3.bat
c:\program files\inc1.bat
c:\program files\sleep.bat
c:\program files\temp1.exe.txt
c:\program files\temp2.exe.txt
c:\program files\temp3.exe.txt
c:\recycler\NPROTECT
c:\recycler\NPROTECT\NPROTECT.LOG

.
(((((((((((((((((((((((((   Soubory vytvoen od 2010-01-24 do 2010-02-24  )))))))))))))))))))))))))))))))
.

V tomto asovm seku nebyly vytvoeny dn nov soubory.

.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
2003-11-26 16:54	217088	----a-w-	c:\program files\Common Files\ACD Systems\EN\DevDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 12:19	4841472	----a-w-	c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-07-28 12:19	49152	----a-w-	c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-01-10 17:19	155648	----a-w-	c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\wincmd\\WINCMD32.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"20914:TCP"= 20914:TCP:BitComet 20914 TCP
"20914:UDP"= 20914:UDP:BitComet 20914 UDP
"12494:TCP"= 12494:TCP:BitComet 12494 TCP
"12494:UDP"= 12494:UDP:BitComet 12494 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.4.2008 12:45 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.4.2008 12:45 20560]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.3.2007 18:34 639224]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AEB9D4A0-199B-4dfa-A18D-E2DD5D989EDF}]
2004-08-17 22:49	100352	----a-w-	c:\windows\system32\advpack.dll
.
.
------- Doplkov sken -------
.
uStart Page = www.centrum.cz
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
Trusted Zone: sleduj.org\www
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 22:52
Windows 5.1.2600 Service Pack 2 NTFS

skenovn skrytch proces ...  

skenovn skrytch poloek 'Po sputn' ... 

skenovn skrytch soubor ...  

sken byl spen dokonen
skryt soubory: 0

**************************************************************************
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):22,31,cc,2c,df,e7,bb,9c,d9,18,0a,41,8e,d9,e9,b4,42,98,7d,9e,53,
   52,fa,ff,e6,f4,8a,e4,20,07,1b,60,e9,83,55,26,10,27,53,8b,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91ff8535-6df7-4222-a02b-c16976280501}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fa
"Therad"=dword:0000000e
.
--------------------- Knihovny navzan na bc procesy ---------------------

- - - - - - - > 'explorer.exe'(3792)
c:\windows\system32\msi.dll
.
------------------------ Jin sputen procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\NORTON~1\AdvTools\NPROTECT.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkov as: 2010-02-24  23:15:07 - pota byl restartovn
ComboFix-quarantined-files.txt  2010-02-24 22:15
ComboFix2.txt  2010-02-20 22:42

Ped sputnm: Volnch bajt: 18194698240
Po sputn: Volnch bajt: 18001772544

- - End Of File - - 434282835EA9CB4403402D677C1B19B0
