ComboFix 13-04-12.02 - Admin 13.04.2013  19:29:02.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.420.1029.18.2046.1452 [GMT 2:00]
Sputn z: d:\instal\antirootkits\ComboFix.exe
AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2013-03-13 do 2013-04-13  )))))))))))))))))))))))))))))))
.
.
2013-04-13 15:31 . 2013-04-13 15:31	--------	d-----w-	c:\windows\system32\wbem\Repository
2013-04-13 15:27 . 2013-04-13 15:27	--------	d-----w-	c:\documents and settings\All Users\Data aplikac\AVG Security Toolbar
2013-04-13 15:27 . 2013-04-13 15:27	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Data aplikac\Conduit
2013-04-13 15:27 . 2013-04-13 15:27	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Data aplikac\AVG Security Toolbar
2013-04-13 15:27 . 2013-04-13 15:27	--------	d-----w-	c:\documents and settings\Admin\Data aplikac\Funmoods
2013-04-13 15:13 . 2013-04-13 15:13	0	----a-w-	c:\windows\system32\drivers\spkm.sys
2013-04-13 14:34 . 2013-04-13 14:34	0	----a-w-	c:\windows\system32\drivers\sprx.sys
2013-04-13 14:24 . 2013-04-13 14:24	0	----a-w-	c:\windows\system32\drivers\spkf.sys
2013-04-13 06:00 . 2013-04-13 06:00	0	----a-w-	c:\windows\system32\drivers\spew.sys
2013-03-20 20:53 . 2013-02-12 00:32	12928	------w-	c:\windows\system32\dllcache\usb8023x.sys
2013-03-20 20:53 . 2013-02-12 00:32	12928	------w-	c:\windows\system32\dllcache\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-08 08:36 . 2004-08-18 02:00	293376	----a-w-	c:\windows\system32\winsrv.dll
2013-03-07 16:32 . 2013-03-07 16:32	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-07 16:32 . 2012-06-16 09:36	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-07 16:32 . 2012-02-25 07:10	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-03-07 16:32 . 2010-05-01 05:47	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-07 15:56 . 2004-08-18 02:00	2072192	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2004-08-18 02:00	2195584	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-02 02:08 . 2004-08-18 02:00	916480	----a-w-	c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2004-08-18 02:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2004-08-18 02:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2004-08-18 02:00	1867264	----a-w-	c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-18 02:00	385024	----a-w-	c:\windows\system32\html.iec
2013-02-27 07:58 . 2004-08-18 02:00	2067456	----a-w-	c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56	12928	------w-	c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-18 02:00	12928	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2004-08-18 02:00	916480	----a-w-	c:\windows\system32\wininet(4).dll
2013-02-05 20:15 . 2004-08-18 02:00	1212928	----a-w-	c:\windows\system32\urlmon(4).dll
2013-02-05 20:15 . 2004-08-18 02:00	105984	----a-w-	c:\windows\system32\url(4).dll
2013-01-26 03:55 . 2004-08-18 02:00	552448	----a-w-	c:\windows\system32\oleaut32.dll
2012-04-21 01:18 . 2011-05-03 14:23	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-11-18 226576]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2005-01-26 270336]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-07-14 118784]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-19 73360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-18 295072]
"Reader Application Helper"="d:\sonyreader\appHelper\ReaderAppHelper.exe" [2012-07-12 892928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\
Pinnacle Streaming Server.lnk - c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2008-3-25 603408]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22	110592	----a-w-	c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-12-18 15:34	295072	----a-w-	c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 5:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 7:30 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.12.2010 22:19 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.3.2010 8:36 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 7:23 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 301920]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [27.5.2012 15:19 11352]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 5:53 193288]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [30.4.2012 21:05 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [30.4.2012 21:05 497280]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4.5.2010 13:07 503080]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [9.4.2009 15:34 3608]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29.11.2012 21:31 38608]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23.12.2011 14:32 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23.12.2011 14:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23.12.2011 14:32 17232]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [15.12.2006 14:50 47360]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2.11.2012 4:51 5174392]
S2 gupdate1c9f8becb2a9ed4;Sluba Google Update (gupdate1c9f8becb2a9ed4);c:\program files\Google\Update\GoogleUpdate.exe [29.6.2009 15:37 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 13:55 161536]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [12.7.2009 14:09 13824]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [18.8.2004 4:00 14336]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\program files\Unlocker\UnlockerDriver4.sys [24.4.2005 11:08 3584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 14:22	1629648	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Obsah adrese 'Naplnovan lohy'
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 13:37]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 13:37]
.
2013-04-13 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
.
2013-04-05 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1096606446-1732489013-3449938886-1006.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29 19:33]
.
2013-04-13 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1096606446-1732489013-3449938886-1006.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29 19:31]
.
2013-04-11 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1096606446-1732489013-3449938886-1006.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29 19:31]
.
2013-04-13 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1096606446-1732489013-3449938886-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-04-13 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1096606446-1732489013-3449938886-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-04-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1096606446-1732489013-3449938886-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-04-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1096606446-1732489013-3449938886-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-04-13 c:\windows\Tasks\User_Feed_Synchronization-{95C730E5-51BF-4B4E-A1FF-4E62570DF76B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplkov sken -------
.
uStart Page = file:///D:/Instal/Start-HTML/Index.htm
uInternet Connection Wizard,ShellNext = iexplore
IE: Sthnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Sthnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Sthnout vybran Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Sthnout ve Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: Interfaces\{4C2799F4-A630-44F4-918A-D1953894C20D}: NameServer = 192.168.1.100
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.64.69.12.210.downloads.estara.com./as/OneCCDM.php?template=372081&sessionid=307319938_84.42.166.4_9392&=&req=1226429893906OneCC.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikac\Mozilla\Firefox\Profiles\p1lg7j3w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - file:///D:/Instal/Start-HTML/Index.htm
FF - ExtSQL: !HIDDEN! 2007-07-29 16:26; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2009-06-24 16:06; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-13 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenovn skrytch proces ...  
.
skenovn skrytch poloek 'Po sputn' ... 
.
skenovn skrytch soubor ...  
.
sken byl spen dokonen
skryt soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navzan na bc procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1108)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1168)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2552)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkov as: 2013-04-13  19:40:02
ComboFix-quarantined-files.txt  2013-04-13 17:39
.
Ped sputnm: Volnch bajt: 32820822016
Po sputn: Volnch bajt: 32809472000
.
- - End Of File - - 27BFFE26EEC6675347EE027924AEBFAD
