ComboFix 12-03-26.01 - Administrator 02.04.2012  21:40:35.2.2 - x86
Systm Microsoft Windows XP Professional  5.1.2600.2.1250.420.1029.18.1944.1283 [GMT 2:00]
Sputn z: d:\install\_sw_Win\_antivir\_rootkit tools\ComboFix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
- REIM S OMEZENOU FUNKNOST -
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2012-03-02 do 2012-04-02  )))))))))))))))))))))))))))))))
.
.
2012-04-02 19:29 . 2012-04-02 19:29	--------	d-----w-	C:\f
2012-04-02 13:29 . 2012-04-02 13:29	--------	d-----w-	d:\program files\trend micro
2012-04-02 13:29 . 2012-04-02 13:29	--------	d-----w-	C:\rsit
2012-03-28 21:53 . 2012-03-28 21:54	--------	d-----w-	d:\program files\WinStrom
2012-03-27 12:01 . 2012-03-27 12:06	--------	d-----w-	d:\program files\Java
2012-03-26 09:17 . 2011-07-16 20:21	302592	----a-w-	C:\gmer.exe
2012-03-26 08:30 . 2012-03-26 08:30	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-03-24 08:53 . 2012-03-16 22:10	--------	d-----w-	d:\program files\Tor Browser
2012-03-23 10:38 . 2012-03-23 10:38	--------	d-----w-	d:\program files\Microsoft Works
2012-03-23 10:38 . 2012-03-23 10:38	--------	d-----w-	d:\program files\Microsoft.NET
2012-03-23 10:29 . 2012-03-23 10:29	--------	d-----r-	C:\MSOCache
2012-03-21 22:33 . 2012-03-21 22:33	--------	d-----w-	d:\program files\COMODO
2012-03-21 11:37 . 2012-03-21 11:37	--------	d-----w-	d:\program files\Samsung Network Printer Utilities
2012-03-21 11:13 . 2012-03-21 11:13	--------	d--h--w-	d:\program files\Zero G Registry
2012-03-21 11:11 . 2012-03-21 11:14	--------	d-----w-	d:\program files\CUAgent
2012-03-21 06:50 . 2012-03-21 06:51	--------	d-----w-	d:\program files\Skype
2012-03-19 11:47 . 2012-03-19 11:47	--------	d-----w-	d:\program files\Mozilla Thunderbird
2012-03-16 08:08 . 2012-03-16 08:08	--------	d-----w-	d:\program files\Toolbar Cleaner
2012-03-16 08:08 . 2012-03-16 08:08	--------	d-----w-	d:\program files\adawaretb
2012-03-16 08:07 . 2012-03-16 08:07	--------	d-----w-	d:\program files\Lavasoft
2012-03-16 02:47 . 2012-03-16 02:47	--------	d-----w-	d:\program files\Google
2012-03-16 02:46 . 2012-03-16 02:46	--------	d-----w-	d:\program files\AVAST Software
2012-03-15 22:10 . 2012-03-16 00:11	--------	d-----w-	d:\program files\CIGLER SOFTWARE
2012-03-15 20:37 . 2012-03-15 20:37	--------	d-----w-	d:\program files\Symantec Ghost Explorer 11.0.2
2012-03-15 18:52 . 2012-03-15 18:52	--------	d-----w-	d:\program files\CCleaner
2012-03-15 08:49 . 2012-03-15 08:49	--------	d-----w-	d:\program files\Microcom
2012-03-14 18:07 . 2012-03-14 18:07	--------	d-----w-	d:\program files\VideoLAN
2012-03-14 18:05 . 2012-03-14 18:05	--------	d-----w-	d:\program files\PDFCreator
2012-03-14 15:22 . 2012-03-14 15:22	--------	d-----w-	d:\program files\Ecd
2012-03-14 12:28 . 2012-03-30 21:37	--------	d-----w-	d:\program files\XnView
2012-03-14 12:26 . 2012-03-14 12:27	--------	d-----w-	d:\program files\PhotoFiltre
2012-03-13 23:01 . 2012-03-17 07:10	--------	d-----w-	d:\program files\Apoint2K
2012-03-13 19:31 . 2012-03-13 19:31	--------	d-----w-	d:\program files\Foxit Software
2012-03-13 19:29 . 2012-03-13 19:29	--------	d-----w-	d:\program files\PSPad editor
2012-03-13 19:12 . 2012-03-18 18:05	--------	d-----w-	d:\program files\Total Commander
2012-03-13 17:43 . 2012-03-13 17:43	--------	d-----w-	d:\program files\Lenovo
2012-03-13 16:48 . 2012-03-13 16:48	--------	d-----w-	d:\program files\MSBuild
2012-03-13 16:48 . 2012-03-13 16:48	--------	d-----w-	d:\program files\Reference Assemblies
2012-03-13 16:46 . 2012-03-13 16:46	--------	d-----w-	d:\program files\MSXML 6.0
2012-03-13 14:01 . 2012-03-20 15:57	--------	d-----w-	d:\program files\ThinkPad
2012-03-13 13:40 . 2012-03-13 13:41	--------	d-----w-	d:\program files\CONEXANT
2012-03-13 13:37 . 2012-03-21 11:13	--------	d--h--w-	d:\program files\InstallShield Installation Information
2012-03-13 13:37 . 2012-03-18 17:00	--------	d-----w-	d:\program files\Realtek
2012-03-13 13:34 . 2012-03-13 17:49	--------	d-----w-	d:\program files\Intel
2012-03-13 13:33 . 2012-03-13 13:33	--------	d-----w-	C:\Intel
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 04:38 . 2012-03-15 19:43	97208	----a-w-	d:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-11-07 . 07DE423FB70EBAC5136677E3956FDBC3 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot@2012-03-26_08.57.14   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 17:24 . 2009-08-06 17:24	44768              c:\windows\system32\wups2.dll
+ 2012-03-13 07:30 . 2009-08-06 17:24	35552              c:\windows\system32\wups.dll
+ 2012-03-13 07:30 . 2009-08-06 17:24	53472              c:\windows\system32\wuauclt.exe
+ 2012-03-26 14:34 . 2009-08-06 17:24	35552              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-18 11:00 . 2012-03-26 09:41	67646              c:\windows\system32\perfc009.dat
- 2004-08-18 11:00 . 2012-03-26 08:50	67646              c:\windows\system32\perfc009.dat
+ 2004-08-18 11:00 . 2012-03-26 09:41	78228              c:\windows\system32\perfc005.dat
- 2004-08-18 11:00 . 2012-03-26 08:50	78228              c:\windows\system32\perfc005.dat
+ 2012-03-13 07:30 . 2009-08-06 17:24	35552              c:\windows\system32\dllcache\wups.dll
+ 2012-03-13 07:30 . 2009-08-06 17:24	53472              c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-18 11:00 . 2009-08-06 17:24	96480              c:\windows\system32\dllcache\cdm.dll
+ 2004-08-18 11:00 . 2009-08-06 17:24	96480              c:\windows\system32\cdm.dll
+ 2012-03-13 07:30 . 2009-08-06 17:24	209632              c:\windows\system32\wuweb.dll
+ 2012-03-13 07:30 . 2009-08-06 17:24	327896              c:\windows\system32\wucltui.dll
+ 2012-03-13 07:30 . 2009-08-06 17:23	575704              c:\windows\system32\wuapi.dll
+ 2004-08-18 11:00 . 2012-03-26 09:41	432690              c:\windows\system32\perfh009.dat
- 2004-08-18 11:00 . 2012-03-26 08:50	432690              c:\windows\system32\perfh009.dat
- 2004-08-18 11:00 . 2012-03-26 08:50	429256              c:\windows\system32\perfh005.dat
+ 2004-08-18 11:00 . 2012-03-26 09:41	429256              c:\windows\system32\perfh005.dat
+ 2012-03-27 12:06 . 2012-03-27 12:06	637848              c:\windows\system32\npdeployJava1.dll
+ 2012-03-27 12:06 . 2012-03-27 12:06	224136              c:\windows\system32\javaws.exe
+ 2012-03-27 12:06 . 2012-03-27 12:06	173960              c:\windows\system32\javaw.exe
+ 2012-03-27 12:06 . 2012-03-27 12:06	173960              c:\windows\system32\java.exe
+ 2012-03-13 08:18 . 2012-03-29 09:22	171488              c:\windows\system32\FNTCACHE.DAT
+ 2012-03-13 07:30 . 2009-08-06 17:24	209632              c:\windows\system32\dllcache\wuweb.dll
+ 2012-03-13 07:30 . 2009-08-06 17:24	327896              c:\windows\system32\dllcache\wucltui.dll
+ 2012-03-13 07:30 . 2009-08-06 17:23	575704              c:\windows\system32\dllcache\wuapi.dll
+ 2012-03-27 12:06 . 2012-03-27 12:06	567696              c:\windows\system32\deployJava1.dll
+ 2012-03-27 12:06 . 2012-03-27 12:06	176128              c:\windows\Installer\5ab2c7a.msi
+ 2012-03-27 12:06 . 2012-03-27 12:06	938496              c:\windows\Installer\5ab2c74.msi
+ 2012-03-27 12:01 . 2012-03-27 12:01	519680              c:\windows\Installer\5ab2c70.msi
+ 2012-03-13 07:30 . 2009-08-06 17:23	1929952              c:\windows\system32\wuaueng.dll
+ 2012-03-13 07:30 . 2009-08-06 17:23	1929952              c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-21 15:44	87440	----a-w-	d:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "d:\program files\adawaretb\adawareDx.dll" [2011-12-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15	123536	----a-w-	d:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="d:\program files\CCleaner\CCleaner.exe" [2012-02-22 2761024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="d:\progra~2\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2012-01-23 818240]
"TPHOTKEY"="d:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"Apoint"="d:\program files\Apoint2K\Apoint.exe" [2008-03-07 167936]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"ACWLIcon"="d:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-10-20 191552]
"COMODO Internet Security"="d:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37	34344	----a-w-	d:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 18:14	28672	----a-w-	d:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2011-11-14 23:15	197288	----a-w-	c:\documents and settings\All Users\Data aplikac\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
2002-03-12 09:37	28672	----a-w-	c:\windows\system32\nwtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [13.3.2012 18:57 24304]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.3.2012 10:08 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.3.2012 4:47 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.3.2012 4:47 337880]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11.3.2012 22:13 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11.3.2012 22:13 31704]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.3.2012 4:47 20696]
R2 DozeSvc;Lenovo Doze Mode Service;d:\program files\ThinkPad\Utilities\DOZESVC.EXE [17.3.2012 0:11 292200]
R2 Power Manager DBC Service;Power Manager DBC Service;d:\program files\ThinkPad\Utilities\PWMDBSVC.exe [17.3.2012 0:11 69632]
S2 gupdate;Sluba Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [16.3.2012 4:47 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [23.12.2011 8:12 2152152]
S2 WinStrom-PostgreSQL;WinStrom-PostgreSQL;D:/Program Files/WinStrom/pgsql/bin/pg_ctl.exe runservice -N "WinStrom-PostgreSQL" -D "D:/Program Files/WinStrom/data" -w  -o "-h 127.0.0.1 -p 5435" --> D:/Program Files/WinStrom/pgsql/bin/pg_ctl.exe runservice -N WinStrom-PostgreSQL [?]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys --> c:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 gupdatem;Sluba Google Update (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [16.3.2012 4:47 136176]
.
--- Ostatn sluby/ovladae v pamti ---
.
*NewlyCreated* - PGTDRPOG
*Deregistered* - pgtdrpog
.
Obsah adrese 'Naplnovan lohy'
.
2012-04-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 08:23]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 02:47]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 02:47]
.
2012-04-02 c:\windows\Tasks\PMTask.job
- d:\progra~2\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2012-03-16 00:39]
.
.
------- Doplkov sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zazen &Bluetooth... - d:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zazen Bluetooth - d:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{66CE5AD8-1E54-4D3B-8564-D3BB71A73B14}: NameServer = 192.168.10.254
TCP: Interfaces\{A11FDA25-C941-4E1D-9727-93E7C24910DB}: NameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikac\Mozilla\Firefox\Profiles\37bl4p0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
------- Asociace soubor -------
.
txtfile="d:\program files\PSPad editor\PSPad.exe" "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-02 21:42
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenovn skrytch proces ...  
.
skenovn skrytch poloek 'Po sputn' ... 
.
skenovn skrytch soubor ...  
.
sken byl spen dokonen
skryt soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinStrom-PostgreSQL]
"ImagePath"="D:/Program Files/WinStrom/pgsql/bin/pg_ctl.exe runservice -N \"WinStrom-PostgreSQL\" -D \"D:/Program Files/WinStrom/data\" -w  -o \"-h 127.0.0.1 -p 5435\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\d:\temp\ASFWHide"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinStrom-PostgreSQL]
"ImagePath"="D:/Program Files/WinStrom/pgsql/bin/pg_ctl.exe runservice -N \"WinStrom-PostgreSQL\" -D \"D:/Program Files/WinStrom/data\" -w  -o \"-h 127.0.0.1 -p 5435\""
.
--------------------- Knihovny navzan na bc procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\guard32.dll
d:\program files\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'lsass.exe'(1168)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
.
- - - - - - - > 'Explorer.exe'(3556)
c:\windows\system32\guard32.dll
c:\windows\system32\MSCTF.dll
.
- - - - - - - > 'csrss.exe'(1084)
c:\windows\system32\cmdcsr.dll
.
Celkov as: 2012-04-02  21:44:04
ComboFix-quarantined-files.txt  2012-04-02 19:44
ComboFix2.txt  2012-03-26 09:01
.
Ped sputnm: 2893508608
Po sputn: 2884943872
.
- - End Of File - - B3997C5CC9351BA3A06A1F8FBF6019C4
