ComboFix 10-03-07.05 - spravce 08.03.2010  17:31:00.1.1 - x86
Systm Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.479.136 [GMT 1:00]
Sputn z: d:\install\Combofix\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Kerio Personal Firewall *disabled* {A990EAA7-8941-4621-BC27-4F16261D3180}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.

(((((((((((((((((((((((((   Soubory vytvoen od 2010-02-08 do 2010-03-08  )))))))))))))))))))))))))))))))
.

2010-03-08 16:18 . 2010-03-08 16:18	--------	d-----w-	c:\program files\Trend Micro
2010-02-22 09:49 . 2010-02-22 09:49	--------	d-----w-	c:\program files\CCleaner
2010-02-16 13:51 . 2008-04-13 19:39	5504	-c--a-w-	c:\windows\system32\dllcache\mstee.sys
2010-02-16 13:51 . 2008-04-13 19:39	5504	----a-w-	c:\windows\system32\drivers\MSTEE.sys
2010-02-16 13:49 . 2008-04-13 19:46	10880	-c--a-w-	c:\windows\system32\dllcache\ndisip.sys
2010-02-16 13:49 . 2008-04-13 19:46	10880	----a-w-	c:\windows\system32\drivers\NdisIP.sys
2010-02-16 13:47 . 2008-04-13 19:46	15232	-c--a-w-	c:\windows\system32\dllcache\streamip.sys
2010-02-16 13:47 . 2008-04-13 19:46	15232	----a-w-	c:\windows\system32\drivers\StreamIP.sys
2010-02-16 13:46 . 2008-04-13 19:46	11136	-c--a-w-	c:\windows\system32\dllcache\slip.sys
2010-02-16 13:46 . 2008-04-13 19:46	11136	----a-w-	c:\windows\system32\drivers\SLIP.sys
2010-02-16 13:45 . 2008-04-13 19:46	19200	-c--a-w-	c:\windows\system32\dllcache\wstcodec.sys
2010-02-16 13:45 . 2008-04-13 19:46	19200	----a-w-	c:\windows\system32\drivers\WSTCODEC.SYS
2010-02-16 13:45 . 2008-04-13 19:46	85248	-c--a-w-	c:\windows\system32\dllcache\nabtsfec.sys
2010-02-16 13:45 . 2008-04-13 19:46	85248	----a-w-	c:\windows\system32\drivers\NABTSFEC.sys
2010-02-16 13:45 . 2008-04-13 19:46	17024	-c--a-w-	c:\windows\system32\dllcache\ccdecode.sys
2010-02-16 13:45 . 2008-04-13 19:46	17024	----a-w-	c:\windows\system32\drivers\CCDECODE.sys
2010-02-16 13:44 . 2008-04-14 04:22	54272	-c--a-w-	c:\windows\system32\dllcache\vfwwdm32.dll
2010-02-16 13:44 . 2008-04-14 04:22	54272	----a-w-	c:\windows\system32\vfwwdm32.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 23:01 . 2009-11-16 13:14	15688	----a-w-	c:\windows\system32\lsdelete.exe
2010-02-23 13:47 . 2010-01-11 10:51	--------	d-----w-	c:\program files\BS_Player
2010-01-14 11:21 . 2010-01-13 15:32	12464	----a-w-	c:\windows\system32\avgrsstx.dll
2010-01-14 11:21 . 2010-01-13 15:32	28424	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-01-13 15:32 . 2010-01-13 15:32	360584	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-01-13 15:32 . 2010-01-13 15:32	333192	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-01-11 12:37 . 2010-01-11 12:37	820	---ha-w-	C:\hpothb07.dat
2010-01-11 12:37 . 2010-01-11 12:37	0	---ha-w-	c:\documents and settings\spravce\hpothb07.dat
2010-01-11 10:52 . 2010-01-11 10:52	--------	d-----w-	c:\program files\Conduit
2010-01-11 10:51 . 2010-01-11 10:51	--------	d-----w-	c:\program files\Webteh
2009-12-31 16:50 . 2001-10-25 12:00	353792	----a-w-	c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-23 17:14	916480	----a-w-	c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2006-03-01 09:17	343552	----a-w-	c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2001-10-25 12:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2009-12-10 11:18 . 2001-10-25 12:00	46196	----a-w-	c:\windows\system32\perfc005.dat
2009-12-10 11:18 . 2001-10-25 12:00	309990	----a-w-	c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2001-10-25 12:00	2191360	----a-w-	c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2001-10-24 11:46	2068224	----a-w-	c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01	1230080	----a-w-	c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-02-23 13:47	2349080	----a-w-	c:\program files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-02-23 2349080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-02-23 2349080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\spravce\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe" [2009-12-19 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-14 11:21	12464	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files_2\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1.6.2009 11:49 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.1.2010 16:32 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.1.2010 16:32 360584]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 9:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 9:21 72624]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13.1.2010 16:31 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 20:06 1029456]
R2 SPF4;Sunbelt Personal Firewall 4;d:\program files_2\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 9:21 1234480]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [31.7.2009 18:57 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [31.7.2009 18:57 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [31.7.2009 18:57 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [31.7.2009 18:57 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [31.7.2009 18:57 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [31.7.2009 18:57 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [31.7.2009 18:57 110120]
.
Obsah adrese 'Naplnovan lohy'

2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:00]

2010-03-07 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8141810149.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -

URLSearchHooks-*{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 17:45
Windows 5.1.2600 Service Pack 3 NTFS

skenovn skrytch proces ...  

skenovn skrytch poloek 'Po sputn' ... 

skenovn skrytch soubor ...  

sken byl spen dokonen
skryt soubory: 0

**************************************************************************
.
--------------------- Knihovny navzan na bc procesy ---------------------

- - - - - - - > 'explorer.exe'(3044)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkov as: 2010-03-08  17:50:34
ComboFix-quarantined-files.txt  2010-03-08 16:50

Ped sputnm: 8786620416
Po sputn: 8938037248

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=signature(2680268)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
signature(2680268)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 4AC98A61116EB469E0624384E49B9C1E
