ComboFix 10-04-30.03 - Gabi . 05. 2010   9:44.3.1 - x86 NETWORK
Systm Microsoft Windows XP Professional  5.1.2600.2.1250.421.1029.18.511.357 [GMT 2:00]
Running from: c:\documents and settings\Gabi\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate

-- Previous Run --

-- Previous Run --

c:\windows\system32\drivers\cdrom.sys . . . is missing!!

--------

c:\windows\system32\drivers\cdrom.sys . . . is missing!!

--------

c:\windows\system32\drivers\cdrom.sys . . . is missing!!

.
(((((((((((((((((((((((((   Files Created from 2010-04-01 to 2010-05-01  )))))))))))))))))))))))))))))))
.

2010-04-29 19:10 . 2010-05-01 06:58	--------	d-----w-	c:\program files\trend micro
2010-04-29 19:10 . 2010-04-29 19:11	--------	d-----w-	C:\rsit
2010-04-28 15:46 . 2010-04-28 15:46	--------	d-----w-	c:\program files\Uniblue
2010-04-27 18:35 . 2010-04-27 18:39	--------	d-----w-	c:\program files\RegCure
2010-04-27 17:48 . 2010-04-27 17:48	--------	d--h--w-	c:\windows\$hf_mig$
2010-04-26 18:39 . 2010-04-15 06:01	3879288	----a-w-	C:\procexp.exe
2010-04-26 17:47 . 2010-04-26 17:47	--------	d-s---w-	c:\documents and settings\Administrator\UserData
2010-04-26 17:17 . 2010-04-26 17:17	--------	d-----r-	c:\documents and settings\LocalService\Oblben poloky
2010-04-25 18:05 . 2008-10-16 12:09	43544	----a-w-	c:\windows\system32\wups2.dll
2010-04-25 18:03 . 2010-04-25 18:06	--------	d-----w-	C:\daee6bf9b8df2bb6e9f42f
2010-04-24 12:35 . 2010-01-22 07:55	767952	----a-w-	c:\windows\BDTSupport.dll
2010-04-24 12:35 . 2010-01-22 07:56	149456	----a-w-	c:\windows\SGDetectionTool.dll
2010-04-24 12:35 . 2008-11-26 10:08	131	----a-w-	c:\windows\IDB.zip
2010-04-24 12:35 . 2010-01-22 07:56	165840	----a-w-	c:\windows\PCTBDRes.dll
2010-04-24 12:35 . 2010-01-22 07:56	1652688	----a-w-	c:\windows\PCTBDCore.dll
2010-04-24 12:35 . 2009-10-27 23:36	1152444	----a-w-	c:\windows\UDB.zip
2010-04-24 12:28 . 2010-02-05 07:17	233136	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2010-04-24 12:28 . 2010-03-29 08:06	218592	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2010-04-24 12:28 . 2009-11-23 11:54	88040	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-24 12:28 . 2010-04-08 12:29	63360	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2010-04-24 12:27 . 2010-04-24 12:36	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-04-24 12:27 . 2010-05-01 07:27	--------	d-----w-	c:\program files\Spyware Doctor
2010-04-24 12:16 . 2010-03-29 22:46	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 12:16 . 2010-03-29 22:45	20824	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-24 12:16 . 2010-04-24 12:16	--------	d-----w-	c:\program files\Malwarebytes
2010-04-24 07:54 . 2010-04-24 12:05	--------	d-----w-	c:\program files\Spybot
2010-04-21 17:37 . 2010-04-21 17:37	--------	d-----w-	c:\program files\NOS
2010-04-17 06:40 . 2010-04-17 06:40	--------	d-----w-	c:\program files\Common Files\Java
2010-04-17 06:40 . 2010-04-12 15:29	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-04-11 18:17 . 2010-04-25 16:47	--------	d-----w-	c:\program files\McAfee Security Scan
2010-04-02 16:00 . 2010-04-02 16:00	--------	d-----w-	c:\program files\Ubisoft
2010-04-02 15:59 . 2010-04-02 15:59	1	----a-w-	c:\windows\system32\SI.bin

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 06:56 . 2010-01-03 12:35	--------	d-----w-	c:\program files\Steam
2010-04-28 18:53 . 2009-08-17 19:58	664	----a-w-	c:\windows\system32\d3d9caps.dat
2010-04-26 18:32 . 2009-08-18 19:39	--------	d-----w-	c:\program files\Spyware Terminator
2010-04-17 06:40 . 2009-08-17 21:43	--------	d-----w-	c:\program files\Java
2010-04-02 16:00 . 2009-08-17 20:05	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-03-31 09:09 . 2010-03-31 09:09	--------	d-----w-	c:\program files\SlySoft
2010-03-30 15:23 . 2010-03-30 15:20	--------	d-----w-	c:\program files\ophcrack
2010-03-30 14:28 . 2010-03-27 12:09	--------	d-----w-	c:\program files\DAEMON Tools Pro
2010-03-29 17:01 . 2010-03-29 16:55	--------	d-----w-	c:\program files\360WavesPatcher
2010-03-29 16:55 . 2010-03-29 16:55	--------	d-----w-	c:\program files\Common Files\PC SOFT
2010-03-28 06:59 . 2001-10-25 12:00	77876	----a-w-	c:\windows\system32\perfc005.dat
2010-03-28 06:59 . 2001-10-25 12:00	428730	----a-w-	c:\windows\system32\perfh005.dat
2010-03-27 12:10 . 2009-08-22 07:05	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-03-27 11:55 . 2009-08-22 07:57	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2010-03-14 19:35 . 2010-03-14 19:35	--------	d-----w-	c:\program files\Delta
2010-03-05 15:12 . 2010-03-05 15:12	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-02-17 18:45 . 2010-02-17 18:45	241	----a-w-	c:\documents and settings\Gabi\SR.vbs
2010-02-07 09:58 . 2010-02-07 09:58	0	----a-r-	C:\logwmemory.bin
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"FlashMute"="c:\program files\FlashMute\FlashMute.exe" [2006-03-11 221184]
"Steam"="c:\program files\Steam\Steam.exe" [2010-04-26 1238352]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2010-03-12 319792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlowDownCPU"="c:\windows\INF\MSI\SlowDownCPU\SlowDownCPU.exe" [2005-02-25 208896]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-17 949376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-18 2176000]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Gabi\Nabdka Start\Programy\Po sputn\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
monxga32.exe [2004-8-17 30720]

c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VALVe\\Garry's Mod\\hl2.exe"=
"c:\\Program Files\\VALVe\\Garry's Mod\\srcds.exe"=
"d:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"14883:TCP"= 14883:TCP:uTorrent
"14883:UDP"= 14883:UDP:14883

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24. 4. 2010 14:28 218592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22. 8. 2009 9:05 691696]
S1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [28. 12. 2009 18:38 3069040]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17. 8. 2009 23:28 15424]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [18. 8. 2009 21:40 142592]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [24. 4. 2010 14:35 112592]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6. 12. 2009 20:25 222968]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24. 4. 2010 14:27 366840]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24. 4. 2010 14:16 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15. 1. 2010 14:49 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SlowDownCPU;SlowDownCPU;c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS [17. 8. 2009 22:04 23424]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [24. 12. 2009 12:19 18432]
S3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [11. 8. 2008 11:02 91136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 19:57]

2010-05-01 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 19:57]

2010-04-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Gabi\Data aplikac\Mozilla\Firefox\Profiles\lxuxcfra.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://ultimate-guitar.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Gabi\Data aplikac\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Gabi\Data aplikac\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 09:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-73586283-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e7,2b,ca,6a,ac,fc,06,75,1c,c7,42,4c,4f,5d,54,fc,77,5a,ff,63,14,7c,20,
   c0,96,b5,6d,e1,86,77,b6,84,a6,c6,24,03,50,c7,e4,7b,40,f3,76,8b,2a,ca,30,a0,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1292428093-73586283-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:a9,8b,e1,af,f3,87,99,22,38,b6,80,12,d4,63,71,b8,84,6a,cb,7a,3a,
   8b,99,c4,95,28,8a,5d,c1,e5,4f,93,d9,f2,5f,9e,8a,ba,cf,1c,08,3d,db,0b,93,f1,\
"rkeysecu"=hex:3a,ac,05,db,e6,8e,f0,ab,08,b6,0b,d9,3b,25,ea,fe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-01  09:57:34
ComboFix-quarantined-files.txt  2010-05-01 07:57
ComboFix2.txt  2010-04-30 17:38

Pre-Run: Volnch bajt: 31137415168
Post-Run: Volnch bajt: 31381282816

- - End Of File - - 975435F7E390905FC5B9DE8946755C28
