ComboFix 10-02-27.04 - Administrator 03.03.2010  15:18:07.5.1 - x86
Systm Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.1535.1084 [GMT 1:00]
Sputn z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((   Soubory vytvoen od 2010-02-03 do 2010-03-03  )))))))))))))))))))))))))))))))
.

2010-03-02 19:44 . 2009-08-05 20:55	123904	----a-w-	C:\MbrFix.exe
2010-03-02 19:44 . 2009-08-05 20:55	133632	----a-w-	C:\MbrFix64.exe
2010-03-02 18:45 . 2010-03-02 18:40	731136	----a-w-	C:\avenger.exe
2010-03-01 17:41 . 2010-03-01 20:27	--------	d-----r-	c:\documents and settings\LocalService\Dokumenty
2010-02-28 17:27 . 2010-02-28 20:11	--------	d-----w-	C:\Utils
2010-02-28 16:05 . 2010-02-28 16:06	--------	d-----w-	c:\documents and settings\Administrator\.gimp-2.6
2010-02-28 16:05 . 2010-02-28 16:05	--------	d-----w-	c:\documents and settings\Administrator\.gegl-0.0
2010-02-28 12:01 . 2010-02-28 12:01	--------	d-----w-	c:\program files\QuickTime
2010-02-28 07:44 . 2010-02-28 07:44	0	----a-w-	c:\windows\ativpsrm.bin
2010-02-11 04:46 . 2010-02-11 04:46	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:37 . 2010-02-11 04:37	290816	----a-w-	c:\windows\system32\atiok3x2.dll
2010-02-11 04:23 . 2010-02-11 04:23	45056	----a-w-	c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22	45056	----a-w-	c:\windows\system32\aticalcl.dll
2010-02-11 04:21 . 2010-02-11 04:21	3227648	----a-w-	c:\windows\system32\aticaldd.dll
2010-02-11 04:12 . 2010-02-11 04:12	887724	----a-w-	c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12	3107788	----a-w-	c:\windows\system32\ativva5x.dat
2010-02-11 03:59 . 2010-02-11 03:59	49664	----a-w-	c:\windows\system32\amdpcom32.dll
2010-02-11 03:54 . 2010-02-11 03:54	126976	----a-w-	c:\windows\system32\atiadlxx.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 16:09 . 2009-05-27 19:59	--------	d-----w-	c:\program files\Spyware Terminator
2010-02-28 12:33 . 2009-05-27 13:40	--------	d-----w-	c:\program files\CCleaner
2010-02-28 12:11 . 2008-02-02 14:50	23	----a-w-	c:\windows\popcinfot.dat
2010-02-28 07:41 . 2006-10-25 19:45	--------	d-----w-	c:\program files\ATI Technologies
2010-02-28 07:40 . 2006-10-25 19:41	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-02-28 07:14 . 2007-09-06 17:28	--------	d-----w-	c:\program files\Common Files\Adobe
2010-02-27 20:27 . 2009-08-21 16:53	--------	d-----w-	c:\program files\DAEMON Tools
2010-02-27 16:29 . 2009-05-31 09:47	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-02-11 07:38 . 2006-01-04 19:46	3565056	----a-w-	c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:17 . 2006-01-04 19:01	11845632	----a-w-	c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2006-10-25 19:45	307200	----a-w-	c:\windows\system32\atiiiexx.dll
2010-02-11 04:45 . 2006-01-04 19:47	325120	----a-w-	c:\windows\system32\ati2dvag.dll
2010-02-11 04:36 . 2006-01-04 19:41	204800	----a-w-	c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2006-01-04 19:41	155648	----a-w-	c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2006-01-04 19:41	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2006-01-04 19:41	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2006-01-04 19:41	155648	----a-w-	c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2006-01-04 19:39	602112	----a-w-	c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2006-01-04 19:39	53248	----a-w-	c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2006-01-04 19:31	3818144	----a-w-	c:\windows\system32\ati3duag.dll
2010-02-11 04:19 . 2006-01-04 19:10	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2010-02-11 04:12 . 2006-01-04 19:25	2670592	----a-w-	c:\windows\system32\ativvaxx.dll
2010-02-11 03:55 . 2006-01-04 19:11	475136	----a-w-	c:\windows\system32\atikvmag.dll
2010-02-11 03:53 . 2006-01-04 19:11	17408	----a-w-	c:\windows\system32\atitvo32.dll
2010-02-11 03:47 . 2006-01-04 19:05	626688	----a-w-	c:\windows\system32\ati2cqag.dll
2010-02-10 20:20 . 2006-10-25 20:06	593920	------w-	c:\windows\system32\ati2sgag.exe
2010-02-06 13:08 . 2008-11-15 16:01	--------	d-----w-	c:\program files\Google
2009-12-31 16:50 . 2007-11-03 18:10	353792	----a-w-	c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 13:49	916480	------w-	c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2006-10-25 19:15	343552	----a-w-	c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49	33280	----a-w-	c:\windows\system32\csrsrv.dll
2009-12-09 18:51 . 2001-10-25 14:00	82720	-c--a-w-	c:\windows\system32\perfc005.dat
2009-12-09 18:51 . 2001-10-25 14:00	437890	-c--a-w-	c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2007-11-03 18:01	2191360	------w-	c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2007-11-03 18:01	2068224	------w-	c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2007-11-03 18:01	455424	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36	1258808	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-05-27 949376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-09-26 35328]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\documents and settings\Uivatel\Plocha\Programy\QTTask.exe" [2009-05-26 413696]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\Ubi Soft\\IL2 Sturmovik\\il2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dbeng6.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Track Mania\\TrackMania.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [27.5.2009 15:07 15424]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [27.5.2009 20:59 142592]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3.8.2009 19:28 55152]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.2.2009 10:55 222968]
S2 gupdate;Sluba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2010 14:08 135664]
S3 fsssvc;Windows Live Zabezpeen rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 17:08 533360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [20.7.2007 17:01 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [20.7.2007 17:01 85696]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adrese 'Naplnovan lohy'

2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 13:08]

2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 13:08]

2010-03-02 c:\windows\Tasks\Norton Security Scan for Uivatel.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-13 12:12]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: WikiKomente Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\windows\system32\imon.dll
TCP: {BDDF3F45-9035-4AC9-8D76-6124F2EF5990} = 10.1.1.1,10.1.1.2
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 15:22
Windows 5.1.2600 Service Pack 3 NTFS

skenovn skrytch proces ...  

skenovn skrytch poloek 'Po sputn' ... 

skenovn skrytch soubor ...  

sken byl spen dokonen
skryt soubory: 0

**************************************************************************
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-682003330-562591055-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,7c,95,e8,e9,fe,6f,40,86,94,e0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,7c,95,e8,e9,fe,6f,40,86,94,e0,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navzan na bc procesy ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(1292)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkov as: 2010-03-03  15:24:00
ComboFix-quarantined-files.txt  2010-03-03 14:23
ComboFix2.txt  2010-03-02 16:28

Ped sputnm: Volnch bajt: 15314534400
Po sputn: Volnch bajt: 15273840640

- - End Of File - - A32A6436B4E8C3B60EBB7E0AED689AC6
