http://ow.ly/2b7Xp?=www.facebook.com/photo.php tento web a teraz mi to odosiela kontaktom na skype a icq (tu stranku) Neotvarat tu stranku!!http://www.virustotal.com/cs/analisis/9 ... 1279059547 som preskenoval ten subor cez virustotal
Tu je log z combofix
Kód: Vybrat vše
ComboFix 10-07-13.07 - Majo 14/07/2010 11:19:09.1.2 - x86
Microsoft® Windows Extreme™ Gamers Edition 6.0.6001.1.1252.44.1033.18.3324.2179 [GMT 2:00]
Running from: c:\users\Majo\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\desktop.ini
C:\poppy.exe
c:\program files\Cheat Engine\dbk32.sys
c:\program files\FaceSmooch Toolbar\tbHElper.dll
C:\setup.exe
c:\windows\jusched.exe
c:\windows\My.ini
c:\windows\system32\Explorer
c:\windows\system32\Explorer\cd.txt
c:\windows\system32\Explorer\firefox.txt
.
((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))
.
2010-07-14 08:49 . 2010-07-14 08:58 -------- d-----w- c:\program files\a-squared Free
2010-07-13 14:56 . 2010-07-13 19:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-13 14:56 . 2010-07-13 16:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-13 10:58 . 2010-07-13 10:58 -------- d-----w- C:\Little Big Adventure
2010-07-13 07:59 . 2010-07-13 07:59 -------- d-----w- C:\WoW_AddonPack_TBC_2.4.3
2010-07-11 12:50 . 2009-11-03 12:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-07-11 12:50 . 2009-11-03 12:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-07-11 12:50 . 2010-07-14 09:27 -------- d-----w- c:\program files\Cheat Engine
2010-07-10 16:03 . 2010-07-10 16:03 -------- d-----w- c:\users\Majo\{7af2a915-6f36-476f-94cf-45b0bf816de0}
2010-07-10 14:25 . 2010-07-10 14:25 -------- d-----w- c:\programdata\Trymedia
2010-07-10 14:18 . 2010-07-10 14:49 -------- d-----w- c:\program files\Crashday - Speedcombat
2010-07-10 14:12 . 2004-04-23 12:23 2506752 ----a-w- c:\windows\system32\LWCtPl.dll
2010-07-10 14:12 . 2004-04-23 12:26 17344 ----a-w- c:\windows\system32\drivers\LHidHi.sys
2010-07-10 14:12 . 2004-04-23 12:26 13888 ----a-w- c:\windows\system32\drivers\LHidLo.sys
2010-07-10 14:12 . 2004-04-23 12:26 10432 ----a-w- c:\windows\system32\drivers\LUsbSys.sys
2010-07-10 14:12 . 2004-04-23 12:25 86016 ----a-w- c:\windows\system32\W9xDAPI.dll
2010-07-10 14:12 . 2000-11-28 09:35 27388 ----a-w- c:\windows\system32\drivers\ihidfilt.sys
2010-07-10 14:12 . 2010-07-10 14:12 -------- d-----w- c:\program files\Common Files\Logitech
2010-07-10 14:12 . 2004-04-23 12:26 33216 ----a-w- c:\windows\system32\LFLoad.sys
2010-07-10 14:12 . 2004-04-23 12:24 61440 ----a-w- c:\windows\system32\W9XdInst.dll
2010-07-10 14:12 . 2004-04-23 12:24 356352 ----a-w- c:\windows\system32\WMWizard.dll
2010-07-10 14:12 . 2004-04-14 08:54 163840 ----a-w- c:\windows\system32\WmJoyFrc.dll
2010-07-10 14:11 . 2010-07-10 14:11 -------- d-----w- c:\program files\Logitech
2010-07-10 14:11 . 2010-07-10 14:11 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-10 13:14 . 2010-07-10 13:14 -------- d-----w- c:\users\Majo\AppData\Roaming\IObit
2010-07-10 13:14 . 2010-07-10 13:14 -------- d-----w- c:\program files\IObit
2010-07-09 17:13 . 2010-07-09 17:13 -------- d-----w- C:\RtmK(09)
2010-07-08 18:47 . 2010-07-08 18:47 -------- d-----w- c:\users\Majo\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-08 16:17 . 2010-07-08 16:17 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-07 19:28 . 2010-07-07 19:29 -------- d-----w- c:\users\Majo\AppData\Roaming\GetRightToGo
2010-07-06 20:07 . 2010-07-06 20:07 -------- d-----w- c:\users\Majo\AppData\Roaming\Ubisoft
2010-07-06 20:06 . 2010-07-06 20:06 -------- d-----w- c:\programdata\Ubisoft
2010-07-05 13:54 . 2009-09-25 08:34 53280 ----a-w- c:\windows\system32\RHCoInst.dll
2010-07-05 13:54 . 2009-09-25 08:34 2968608 ----a-w- c:\windows\system32\RtkHDMI.dll
2010-07-05 13:54 . 2009-09-25 08:34 1352224 ----a-w- c:\windows\system32\RHDMIExt.dll
2010-07-05 13:54 . 2009-09-25 08:13 159232 ----a-w- c:\windows\system32\drivers\RtHDMIV.sys
2010-07-05 13:54 . 2009-03-09 03:32 290304 ----a-w- c:\windows\system32\RH3DAA32.dll
2010-07-05 13:54 . 2009-03-09 03:31 290304 ----a-w- c:\windows\system32\RH3DHT32.dll
2010-07-05 13:35 . 2010-07-05 13:36 -------- d-----w- c:\programdata\DriverScanner
2010-07-05 13:35 . 2010-07-05 13:35 -------- d-----w- c:\program files\Uniblue
2010-07-05 13:10 . 2010-07-05 13:10 -------- d-----w- c:\program files\TNod User & Password Finder
2010-07-05 13:10 . 2010-07-05 13:10 -------- d-----w- c:\users\Majo\AppData\Local\ESET
2010-07-05 13:07 . 2010-07-05 13:07 -------- d-----w- c:\program files\ESET
2010-07-04 18:32 . 2010-07-04 19:14 -------- d-----w- c:\users\Majo\AppData\Roaming\AbsoluteTelnet
2010-07-04 18:32 . 2010-07-04 19:14 -------- d-----w- c:\program files\AbsoluteTelnet
2010-07-04 14:51 . 2010-07-14 08:17 -------- d-----w- C:\World of Warcraft TBC
2010-07-04 11:08 . 2010-07-04 11:08 61445 ----a-w- C:\DarkCheatsv2.zip
2010-07-03 17:29 . 2010-07-03 17:29 0 ----a-w- c:\windows\nsreg.dat
2010-07-03 17:29 . 2010-07-03 17:29 -------- d-----w- c:\users\Majo\AppData\Local\Mozilla
2010-07-03 17:11 . 2010-07-14 09:27 -------- d-----w- c:\program files\FaceSmooch Toolbar
2010-07-01 11:55 . 2010-07-01 17:42 -------- d-----w- c:\program files\Counter-Strike Source
2010-07-01 09:45 . 2010-07-01 09:48 -------- d-----w- c:\windows\system32\Adobe
2010-06-30 11:49 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-30 11:49 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-06-30 11:44 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-30 11:44 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-29 18:42 . 2010-06-29 18:42 -------- d-----w- c:\users\Majo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-06-29 18:42 . 2010-06-29 18:42 -------- d-----w- c:\users\Majo\AppData\Roaming\Adobe Mini Bridge CS5
2010-06-29 18:32 . 2010-06-29 18:32 -------- d-----w- c:\program files\Adobe Media Player
2010-06-29 18:30 . 2010-06-29 18:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-29 18:24 . 2010-06-29 18:52 -------- d-----w- c:\users\Majo\AppData\Local\Adobe
2010-06-29 18:23 . 2010-06-29 18:37 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-06-29 18:23 . 2010-06-29 18:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-29 15:30 . 2010-07-07 19:55 5002 ----a-w- c:\windows\system32\FilterData.dat
2010-06-29 15:19 . 2010-06-29 15:19 -------- d-----w- c:\program files\Microsoft.NET
2010-06-29 15:17 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-29 15:17 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-29 15:17 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-29 15:17 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-29 15:17 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-29 14:43 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-29 14:43 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-29 11:46 . 2010-07-12 17:47 -------- d-----w- c:\program files\SpeedFan
2010-06-28 15:41 . 2010-06-28 15:41 -------- d-----w- c:\programdata\page
2010-06-28 15:41 . 2010-06-28 15:41 -------- d-----w- c:\program files\Ashampoo
2010-06-28 11:18 . 2010-06-28 11:19 -------- d-----w- c:\program files\SecondLifeViewer2
2010-06-28 11:11 . 2010-07-05 15:22 -------- d-----w- c:\users\Majo\AppData\Local\SecondLife
2010-06-28 11:11 . 2010-06-28 11:18 -------- d-----w- c:\users\Majo\AppData\Roaming\SecondLife
2010-06-27 17:01 . 2010-06-27 17:01 -------- d-----w- c:\program files\NCSoft
2010-06-27 16:46 . 2010-06-27 16:46 -------- d-----w- c:\users\Majo\AppData\Local\assembly
2010-06-27 09:33 . 2010-06-27 09:33 -------- d-----w- c:\program files\PFPortChecker
2010-06-26 11:05 . 2010-07-09 10:47 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-26 08:45 . 2010-06-26 08:45 -------- d-----w- c:\users\Majo\AppData\Local\ProphetX
2010-06-25 18:48 . 2010-06-25 18:48 -------- d-----w- c:\programdata\Blizzard
2010-06-25 16:18 . 2009-07-10 10:33 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2010-06-25 14:40 . 2010-06-25 14:40 -------- d-----w- c:\users\Majo\AppData\Local\Rowen_Coding_Productions
2010-06-23 17:35 . 2010-06-23 17:35 -------- d-----w- c:\program files\Unlocker
2010-06-23 17:10 . 2010-06-23 17:10 -------- d-----w- c:\users\Majo\AppData\Local\Microsoft Game Studios
2010-06-23 17:10 . 2010-06-23 17:10 -------- d-----w- c:\programdata\Microsoft Games
2010-06-23 17:10 . 2010-06-23 17:10 -------- d-----w- c:\users\Majo\AppData\Roaming\Microsoft Game Studios
2010-06-22 17:23 . 2010-07-10 13:40 -------- d-----w- c:\users\Majo\AppData\Local\Microsoft Games
2010-06-22 16:12 . 2010-06-22 16:12 -------- d-----w- c:\program files\MySQL
2010-06-21 18:08 . 2010-06-21 18:08 -------- d-----w- c:\program files\MSXML 4.0
2010-06-20 18:52 . 2010-06-20 18:52 -------- d-----w- c:\programdata\MySQL
2010-06-20 17:35 . 2010-02-03 13:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-06-20 17:35 . 2010-06-20 17:35 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-20 17:35 . 2010-07-14 09:11 -------- d-----w- c:\users\Majo\AppData\Local\LogMeIn Hamachi
2010-06-20 11:05 . 2010-06-20 11:05 -------- d-----w- c:\users\Majo\AppData\Local\Google
2010-06-19 20:36 . 2010-06-19 20:36 -------- d-----w- c:\users\Majo\AppData\Local\Apps
2010-06-19 20:36 . 2010-06-19 20:36 -------- d-----w- c:\users\Majo\AppData\Local\Deployment
2010-06-17 15:07 . 2010-06-17 15:07 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-17 15:07 . 2010-06-17 15:07 -------- d-----w- c:\programdata\ICQ
2010-06-17 15:07 . 2010-06-17 15:07 -------- d-----w- c:\users\Majo\AppData\Local\AOL
2010-06-17 15:07 . 2010-06-17 15:08 -------- d-----w- c:\program files\ICQ7.2
2010-06-17 13:03 . 2010-06-17 13:03 -------- d-----w- c:\windows\Sun
2010-06-17 13:00 . 2010-07-01 18:17 99 ----a-w- c:\users\Majo\jagex_runescape_preferences2.dat
2010-06-17 13:00 . 2010-06-17 13:00 0 ----a-w- c:\users\Majo\jagex__preferences3.dat
2010-06-17 12:58 . 2010-06-17 12:58 -------- d-----w- C:\.jagex_cache_32
2010-06-17 12:57 . 2010-07-01 18:16 46 ----a-w- c:\users\Majo\jagex_runescape_preferences.dat
2010-06-17 12:57 . 2010-06-17 13:07 -------- d-----w- c:\windows\.jagex_cache_32
2010-06-17 12:56 . 2010-06-17 12:56 -------- d-----w- c:\users\Majo\AppData\Local\jagexlauncher
2010-06-17 12:55 . 2010-06-17 12:55 -------- d-----w- c:\program files\Common Files\Java
2010-06-17 12:55 . 2010-06-17 12:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-17 12:54 . 2010-06-17 12:54 -------- d-----w- c:\program files\Java
2010-06-17 11:54 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-17 11:48 . 2010-07-13 19:44 -------- d-----w- c:\users\Majo\AppData\Roaming\ICQ
2010-06-17 11:46 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-06-17 11:46 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-06-17 11:46 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2010-06-17 11:46 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-06-17 11:46 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-06-17 11:41 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-06-17 11:40 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2010-06-17 11:38 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-06-17 11:38 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 14:00 . 2010-07-05 13:59 2682880 ----a-w- c:\users\Majo\AppData\Roaming\Uniblue\DriverScanner\LatestUpdate.exe
2010-07-05 13:55 . 2006-07-03 06:07 3500462 ---ha-w- C:\logs.dat
2010-07-05 13:52 . 2010-07-05 13:36 17787900 ----a-w- c:\users\Majo\AppData\Roaming\Uniblue\DriverScanner\Download\hdaudio_func_01_ven_1002_dev_aa016_0_1_5945.exe
2010-07-01 12:45 . 2008-01-21 02:22 80051 ----a-w- c:\windows\system32\slmgr.vbs
2010-06-29 18:30 . 2010-06-29 18:30 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-23 17:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2010-06-22 12:55 . 2010-06-22 12:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-06-17 12:56 . 2010-06-17 12:56 15086 ----a-r- c:\users\Majo\AppData\Roaming\Microsoft\Installer\{F01F95F8-7596-469D-A44B-C104106BA5F9}\launcher.exe
2010-06-17 12:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-17 12:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-15 13:13 . 2010-06-15 13:02 680 ----a-w- c:\users\Majo\AppData\Local\d3d9caps.dat
2010-06-02 02:55 . 2010-06-29 14:42 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-01 13:49 . 2010-06-01 13:49 3156992 --sh--w- C:\BLUDYBkB1Dc_save2pc.exe
2010-05-27 13:19 . 2010-05-27 13:19 853434 ----a-w- C:\Adobe CS5 Ultimate Activator.zip
2010-05-26 09:41 . 2010-06-29 14:42 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-29 14:42 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-29 14:42 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-29 14:42 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 09:41 . 2010-06-29 14:42 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-20 11:52 . 2010-05-20 11:52 3156992 --sh--w- C:\BLUDYYaF6Jt_save2pc.exe
2010-05-04 18:42 . 2010-06-16 14:07 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-16 14:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:03 . 2010-05-04 17:03 301056 ----a-w- C:\High Roller.exe
2010-05-04 16:53 . 2010-06-16 14:07 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-16 14:03 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 09:47 . 2010-04-29 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-29 09:47 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-26 13:11 . 2010-04-26 13:11 788424 ----a-w- C:\cssrpg1.0.5.zip
2010-04-23 13:55 . 2010-06-16 14:11 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:10 . 2010-06-16 14:07 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-16 16:05 . 2010-06-30 11:44 459776 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:05 . 2010-06-30 11:44 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:05 . 2010-06-30 11:44 541696 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:05 . 2010-06-30 11:44 2153984 ----a-w- c:\windows\AppPatch\AcGenral.dll
.
------- Sigcheck -------
[-] 2006-11-10 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 15:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-16 322352]
"NCsoft Launcher"="c:\program files\NCSoft\Launcher\NCLauncher.exe" [2010-07-02 38184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-17 133368]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD6153"="del" [X]
"SpybotDeletingB256"="command.com" [2006-11-02 50648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MySQL41;MySQL41;c:\program files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.1\my.ini MySQL41 [x]
R3 PAC207;Trust 100K Series Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-15 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-15 1872320]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 41312]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2007-02-07 1298944]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
.
Contents of the 'Scheduled Tasks' folder
2010-07-14 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-07-10 13:35]
2010-07-14 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-07-10 12:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigseekpro.com/facesmooch/{849BBF49-1B94-4164-B3D7-AA0D61EE5ADB}
mStart Page = hxxp://www.bigseekpro.com/facesmooch/{849BBF49-1B94-4164-B3D7-AA0D61EE5ADB}
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
FF - ProfilePath - c:\users\Majo\AppData\Roaming\Mozilla\Firefox\Profiles\8nqlmetz.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Java developer Script Browse - c:\windows\jusched.exe
HKLM-Run-C6501Sound - c6501.cpl
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 11:28
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mysql]
"ImagePath"="\"c:\world of warcraft tbc\AC Web Ultimate Repack\Server\mysql\bin\mysqld-nt\" \"--defaults-file=c:\world of warcraft tbc\AC Web Ultimate Repack\Server\mysql\bin\my.cnf\" mysql"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL41]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL41"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-07-14 11:32:47
ComboFix-quarantined-files.txt 2010-07-14 09:32
Pre-Run: 2,594,803,712 bytes free
Post-Run: 2,442,371,072 bytes free
- - End Of File - - 218DBC35B6E97BFA9809EE2BEFF7F488
Přispějete na provoz fóra?