ComboFix 12-02-25.02 - Joseph . 03. 2012  12:50:04.3.2 - x86 NETWORK
Microsoft Windows Vista Business   6.0.6002.2.1250.421.1029.18.3326.2174 [GMT 1:00]
Running from: c:\users\Joseph\Desktop\ComboFix.exe
Command switches used :: c:\users\Joseph\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2012-02-03 to 2012-03-03  )))))))))))))))))))))))))))))))
.
.
2012-03-03 11:54 . 2012-03-03 11:59	--------	d-----w-	c:\users\Joseph\AppData\Local\temp
2012-03-03 11:54 . 2012-03-03 11:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-02 07:18 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A16EC0-2271-4847-8ECF-361DC2B02796}\mpengine.dll
2012-02-15 12:54 . 2012-01-12 19:52	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-02-15 12:54 . 2011-12-14 16:17	680448	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 12:54 . 2011-12-20 10:56	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-02-06 16:41 . 2012-02-06 16:45	--------	d-----w-	c:\program files\fliptoast
2012-02-06 16:41 . 2012-02-06 16:41	--------	d-----w-	c:\program files\Free Offers from Freeze.com
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 04:10 . 2009-10-03 11:38	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-12-16 10:26 . 2011-12-16 10:26	0	----a-w-	c:\users\Joseph\AppData\Local\BITC6BA.tmp
2011-12-16 10:26 . 2011-12-16 10:26	0	----a-w-	c:\users\Joseph\AppData\Local\BIT91C5.tmp
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-03-03_10.34.23   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2012-03-03 11:59	80008              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-12 08:29 . 2012-03-03 10:14	14438              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1642235748-1831838932-1144732441-1000_UserData.bin
+ 2008-09-12 08:29 . 2012-03-03 11:59	14438              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1642235748-1831838932-1144732441-1000_UserData.bin
+ 2008-09-12 08:27 . 2012-03-03 11:57	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-12 08:27 . 2012-03-03 10:12	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-02 23:23 . 2012-03-03 11:57	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-02 23:23 . 2012-03-03 10:12	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-12 08:27 . 2012-03-03 10:12	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-12 08:27 . 2012-03-03 11:57	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-03 10:12 . 2012-03-03 10:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-03 11:57 . 2012-03-03 11:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-03 10:12 . 2012-03-03 10:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-03 11:57 . 2012-03-03 11:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2012-03-03 11:59	175512              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-05 20:25 . 2012-03-03 11:32	571300              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-04-05 20:25 . 2012-03-03 10:10	571300              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-04-05 20:25 . 2012-03-03 10:10	30073852              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1642235748-1831838932-1144732441-1000-12288.dat
+ 2010-04-05 20:25 . 2012-03-03 11:32	30073852              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1642235748-1831838932-1144732441-1000-12288.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TiVme Agent"="c:\program files\GIGABYTE\vivoTV\ScheduleAgent.exe" [2010-01-25 114688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]
"CTHelper"="CTHELPER.EXE" [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 19968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536752]
"TrueImageMonitor.exe"="e:\acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-17 5566176]
"Sluba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-17 391144]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2010-05-10 1989120]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1642235748-1831838932-1144732441-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 afcdpsrv;Sluba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-02-02 3246040]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-02-02 167968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:25]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:25]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1642235748-1831838932-1144732441-1000Core.job
- c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-27 10:43]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1642235748-1831838932-1144732441-1000UA.job
- c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-27 10:43]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.bigseekpro.com/quicklogodesigner/{6CEAFE79-7BE7-499B-973F-CB8215E181E5}
IE: E&xportova do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: LastPass vypacie formulre - file://c:\program files\LastPass\context.html?cmd=fillforms
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - e:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - e:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - e:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - e:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - e:\translat\WebIE.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} - hxxp://www.o2c.de/download/o2cplayerac.cab
FF - ProfilePath - c:\users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\3ktn4wqo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast, 
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-03 12:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTHelper = CTHELPER.EXE? 
  CTxfiHlp = CTXFIHLP.EXE? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\AEADISRV.EXE
e:\apc\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\windows\system32\libusbd-nt.exe
e:\tomtom home 2\TomTomHOMEService.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
e:\apc\APC PowerChute Personal Edition\dataserv.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-03-03  13:16:23 - machine was rebooted
ComboFix-quarantined-files.txt  2012-03-03 12:15
ComboFix2.txt  2012-03-03 10:48
.
Pre-Run: Systm neme nalzt text zprvy slo 0x2379 vsouboru zprv pro Application.
Post-Run: Volnch bajt: 26078912512
.
- - End Of File - - 5F899675105C9EE10B01649B53C36064
