ComboFix 13-02-01.04 - ijk 01.02.2013  14:55:04.1.4 - x86
Systm Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.3327.2858 [GMT 1:00]
Sputn z: c:\documents and settings\ijk\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Vytvoen nov Bod Obnoven
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ijk\Cookies\ijk@www.alu-pneu[2].txt
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\msmqinst.log
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13E.tmp
c:\windows\system32\SET145.tmp
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2013-01-01 do 2013-02-01  )))))))))))))))))))))))))))))))
.
.
2013-02-01 17:39 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2013-02-01 17:39 . 2013-02-01 17:39	--------	d-----w-	C:\_OTL
2013-02-01 16:55 . 2013-02-01 16:55	512	----a-w-	C:\Physical0MBR.bin
2013-02-01 11:47 . 2013-02-01 11:47	--------	d-----w-	c:\program files\trend micro
2013-02-01 11:46 . 2013-02-01 11:47	--------	d-----w-	C:\rsit
2013-02-01 09:43 . 2013-02-01 09:44	--------	d-----w-	c:\documents and settings\Administrator
2013-01-14 21:08 . 2013-01-14 21:08	--------	d-----w-	c:\documents and settings\ijk\Local Settings\Data aplikac\cadwork informatik
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-14 12:00	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2008-04-14 12:00	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-11-06 02:00 . 2008-04-14 12:00	1371648	----a-w-	c:\windows\system32\msxml6.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Tilt"="c:\program files\GIGABYTE\GHOST\Tilt.exe" [2009-06-26 724992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\
Akcelertor sputn AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.6.2011 8:15 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.3.2010 8:13 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.3.2010 8:13 19544]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.6.2009 20:07 1684736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 18:44	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Obsah adrese 'Naplnovan lohy'
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd996392b55302.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 09:54]
.
2010-04-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-25 20:18]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 81.200.48.50 81.200.48.11
FF - ProfilePath - c:\documents and settings\ijk\Data aplikac\Mozilla\Firefox\Profiles\u2dil0ls.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- Asociace soubor -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
AddRemove-{2ed7d49a-0625-47af-9cad-4c4143be19ff} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-01 15:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenovn skrytch proces ...  
.
skenovn skrytch poloek 'Po sputn' ... 
.
skenovn skrytch soubor ...  
.
sken byl spen dokonen
skryt soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navzan na bc procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkov as: 2013-02-01  15:05:14
ComboFix-quarantined-files.txt  2013-02-01 14:05
.
Ped sputnm: Volnch bajt: 26898280448
Po sputn: Volnch bajt: 29656850432
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - FACF15C8A227A9DB0F99E4A2E2CA44BE
