ComboFix 12-02-22.01 - Tonda 23.02.2012  18:10:00.1.2 - x86
Systm Microsoft Windows XP Professional  5.1.2600.2.1250.420.1029.18.3071.2653 [GMT 1:00]
Sputn z: c:\documents and settings\Tonda\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
VAROVN - NA TOMTO POTAI NEN NAINSTALOVNA KONZOLA PRO ZOTAVEN !!
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\cdbxp_setup_4.4.0.2838.exe
c:\program files\KMPlayer_EN_3.0.0.1442.exe
c:\program files\XMediaRecode3016_setup.exe
c:\windows\IsUn0405.exe
D:\Setup.exe
F:\autorun.inf
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2012-01-23 do 2012-02-23  )))))))))))))))))))))))))))))))
.
.
2012-02-09 20:30 . 2012-02-09 20:30	--------	d-----w-	c:\program files\Rychl nastaven st
2012-01-29 20:20 . 2012-01-29 20:20	--------	d-----w-	c:\documents and settings\Tonda\Data aplikac\Kingsoft
2012-01-29 20:20 . 2012-01-29 20:20	--------	d-----w-	c:\documents and settings\All Users\Data aplikac\Kingsoft
2012-01-29 20:20 . 2012-01-29 20:20	--------	d-----w-	c:\program files\Kingsoft
2012-01-29 20:19 . 2012-01-29 20:19	45158704	----a-w-	c:\program files\spreadsheets_free.exe
2012-01-29 20:15 . 2012-01-29 20:15	--------	d-----w-	c:\program files\Bytescout XLS Viewer
2012-01-29 20:10 . 2012-01-29 20:10	495952	----a-w-	c:\program files\XLSViewer.exe
2012-01-25 20:05 . 2012-01-25 20:12	--------	d-----w-	c:\documents and settings\Tonda\Data aplikac\NwDocx
2012-01-25 20:04 . 2012-01-25 20:13	--------	d-----w-	c:\documents and settings\Tonda\Data aplikac\Docx2Rtf
2012-01-25 20:03 . 2012-01-25 20:03	--------	d-----w-	c:\program files\Docx2Rtf
2012-01-25 20:01 . 2012-01-25 20:01	--------	d-----w-	c:\program files\PdbConvertor
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 15:43 . 2012-01-04 15:43	462992	----a-w-	c:\program files\lkpdetect.exe
2012-01-04 15:42 . 2012-01-04 15:42	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-01-04 15:42 . 2012-01-04 15:42	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-12-22 21:15 . 2011-12-22 21:15	889416	----a-w-	c:\program files\dotNetFx40_Full_setup.exe
2011-12-22 21:08 . 2011-12-22 21:08	505528	----a-w-	c:\program files\ytd-0.99.exe
2011-12-22 20:22 . 2011-12-22 20:22	24526992	----a-w-	c:\program files\avc-free.exe
2011-12-21 22:56 . 2011-12-21 22:56	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-12-21 22:58	41184	----a-w-	c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-21 22:58	199816	----a-w-	c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-12-21 22:58	435032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-21 22:58	314456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-12-21 22:58	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-21 22:58	52952	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-21 22:58	111320	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-12-21 22:58	105176	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-12-21 22:58	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-12-21 22:58	30808	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-02-19 18:58 . 2011-12-22 08:56	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-05-09 08:49	176936	----a-w-	c:\program files\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-17 18:29	1515688	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-17 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-17 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-17 901800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.12.2011 23:58 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.12.2011 23:58 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.12.2011 23:58 20568]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [15.2.2011 16:25 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [15.2.2011 16:25 488952]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
--- Ostatn sluby/ovladae v pamti ---
.
*NewlyCreated* - 03277176
*Deregistered* - 03277176
.
Obsah adrese 'Naplnovan lohy'
.
2012-02-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-11-17 18:29]
.
2012-02-23 c:\windows\Tasks\WpsUpdateTask_Tonda.job
- c:\program files\Kingsoft\Kingsoft Spreadsheets\office6\wpsupdate.exe [2011-11-03 16:00]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Nhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Pidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostn tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 213.109.68.247 192.168.1.254
FF - ProfilePath - c:\documents and settings\Tonda\Data aplikac\Mozilla\Firefox\Profiles\d88gq98v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=FF_3&q=
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
AddRemove-Easy-WebPrint - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-23 18:17
Windows 5.1.2600 Service Pack 2 NTFS
.
skenovn skrytch proces ...  
.
skenovn skrytch poloek 'Po sputn' ... 
.
skenovn skrytch soubor ...  
.
.
c:\docume~1\Tonda\LOCALS~1\Temp\catchme.dll 53248 bytes executable
.
sken byl spen dokonen
skryt soubory: 1
.
**************************************************************************
.
--------------------- Knihovny navzan na bc procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(992)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Celkov as: 2012-02-23  18:21:07
ComboFix-quarantined-files.txt  2012-02-23 17:21
.
Ped sputnm: 30356598784
Po sputn: 30474391552
.
- - End Of File - - 67E5EBB3A356CAF255051542B77ED4F3
