Combofix :
ComboFix 10-08-15.04 - Admin 16.08.2010 17:26:21.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1581 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\My Documents\cc_20100801_092102.reg
C:\Install.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.
2010-08-16 10:33 . 2010-08-16 10:33 -------- d-----w- c:\documents and settings\Admin\Application Data\IObit
2010-08-16 10:33 . 2009-10-21 17:01 114688 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\p2ntohjr.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\npmozax.dll
2010-08-16 10:33 . 2009-10-19 11:30 624464 ----a-w- c:\documents and settings\Admin\Application Data\IObit\Common\TB_Helper.exe
2010-08-16 10:33 . 2010-08-16 10:33 -------- d-----w- c:\program files\IObit
2010-08-16 10:33 . 2009-10-21 17:01 52224 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\p2ntohjr.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2010-08-16 09:58 . 2010-08-16 09:58 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-08-16 09:58 . 2008-12-03 17:52 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 09:58 . 2008-12-03 17:52 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 09:58 . 2010-08-16 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 09:58 . 2010-08-16 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-16 09:55 . 2010-08-16 09:55 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-08-16 09:55 . 2010-08-16 09:55 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-08-16 09:55 . 2010-08-16 09:55 141312 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-16 09:55 . 2010-08-16 10:30 -------- d-----w- c:\documents and settings\Admin\Application Data\Spyware Terminator
2010-08-16 09:55 . 2010-08-16 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-08-16 09:55 . 2010-08-16 09:56 -------- d-----w- c:\program files\Spyware Terminator
2010-08-11 18:27 . 2010-08-11 18:27 3125208 ----a-w- c:\documents and settings\Admin\Application Data\ProtectDisc\pe17be16df.dll
2010-08-11 18:27 . 2010-08-11 18:27 -------- d-----w- c:\documents and settings\Admin\Application Data\ProtectDisc
2010-08-11 18:25 . 2010-08-11 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Synetic
2010-08-11 18:18 . 2010-08-11 18:18 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2010-08-11 18:12 . 2010-08-11 18:25 -------- d-----w- c:\program files\Crash Time 2
2010-08-08 08:18 . 2010-02-23 20:34 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-08-08 08:18 . 2010-08-08 08:18 -------- d-----w- C:\Intel
2010-08-08 07:39 . 2010-08-08 07:39 -------- d-----w- c:\program files\Driver-Soft
2010-08-08 07:26 . 2010-08-08 07:26 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-08-08 07:26 . 2010-08-08 07:26 -------- d-----w- c:\documents and settings\Admin\Application Data\Uniblue
2010-08-03 18:55 . 2010-08-03 18:55 -------- d-----w- C:\Call of Duty Modern Warfare
2010-07-27 16:33 . 2010-07-27 16:40 -------- d-----w- c:\program files\Heroes of Might and Magic III Complete
2010-07-27 14:38 . 2010-07-27 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ConeXware
2010-07-27 14:37 . 2010-08-11 14:03 -------- d-----w- c:\program files\PowerArchiver
2010-07-24 08:19 . 2010-07-24 08:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-23 18:53 . 2010-07-28 11:58 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
2010-07-23 18:53 . 2010-07-23 18:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-22 20:23 . 2010-07-22 20:23 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-07-22 20:07 . 2010-07-22 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-07-22 19:54 . 2010-07-22 19:54 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-07-22 19:51 . 2010-07-22 20:07 -------- d-----w- c:\program files\COMODO
2010-07-22 17:43 . 2010-07-22 17:43 -------- d-----w- C:\VritualRoot
2010-07-22 17:34 . 2010-07-22 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 11:13 . 2010-04-29 12:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-16 11:13 . 2010-04-29 12:21 -------- d-----w- c:\program files\ASUS
2010-08-06 18:08 . 2010-04-29 15:47 -------- d-----w- c:\program files\Valve
2010-07-31 07:43 . 2010-05-22 15:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-27 08:25 . 2010-07-09 12:45 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2010-07-23 18:58 . 2010-06-16 09:52 -------- d-----w- c:\program files\Google
2010-07-10 19:15 . 2010-05-02 13:43 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 19:15 . 2010-05-02 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-10 19:14 . 2010-07-10 19:14 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-10 19:14 . 2010-07-10 19:14 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 19:14 . 2010-05-02 13:37 -------- d-----w- c:\program files\DivX
2010-07-10 19:14 . 2010-07-10 19:14 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-10 19:13 . 2010-07-10 19:13 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 19:10 . 2010-05-02 13:43 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-10 19:10 . 2010-05-02 13:43 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-08 20:14 . 2010-07-08 20:13 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-07-08 20:11 . 2010-07-08 20:11 -------- d-----w- c:\program files\VideoLAN
2010-07-06 18:15 . 2010-05-26 17:36 -------- d-----w- c:\documents and settings\Admin\Application Data\Software Informer
2010-06-30 12:31 . 2002-08-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 19:22 . 2010-06-26 16:36 -------- d-----w- c:\documents and settings\Admin\Application Data\U3
2010-06-24 12:10 . 2010-04-29 12:14 81920 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2002-08-29 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 16:30 . 2010-05-21 13:09 -------- d-----w- c:\program files\Cyklotrasy SK
2010-06-23 13:44 . 2002-08-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-08-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:44 . 2010-06-18 15:44 -------- d-----w- c:\documents and settings\Admin\Application Data\GHISLER
2010-06-18 07:25 . 2010-04-29 12:37 69624 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-18 06:26 . 2010-06-18 06:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-06-18 06:25 . 2010-06-18 06:25 -------- d-----w- c:\program files\AVS4YOU
2010-06-18 06:25 . 2010-06-18 06:25 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-18 06:20 . 2010-05-02 13:43 -------- d-----w- c:\documents and settings\Admin\Application Data\DivX
2010-06-18 06:09 . 2010-06-18 06:09 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-18 06:09 . 2010-06-18 06:09 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-18 06:09 . 2010-06-18 06:09 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-18 06:09 . 2010-06-18 06:09 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-18 06:09 . 2010-06-18 06:09 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-18 06:09 . 2010-06-18 06:09 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-18 06:09 . 2010-06-18 06:09 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-18 06:09 . 2010-06-18 06:09 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-18 05:37 . 2010-04-29 13:02 -------- d-----w- c:\program files\ESET
2010-06-18 05:35 . 2010-06-18 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-06-17 14:03 . 2002-08-29 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-17 05:55 . 2010-06-18 15:44 545 ----a-w- c:\windows\UC.PIF
2010-06-17 05:55 . 2010-06-18 15:44 545 ----a-w- c:\windows\RAR.PIF
2010-06-17 05:55 . 2010-06-18 15:44 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-17 05:55 . 2010-06-18 15:44 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-17 05:55 . 2010-06-18 15:44 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-17 05:55 . 2010-06-18 15:44 545 ----a-w- c:\windows\LHA.PIF
2010-06-17 05:55 . 2010-06-18 15:44 545 ----a-w- c:\windows\ARJ.PIF
2010-06-15 09:12 . 2010-05-21 12:52 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-06-14 14:31 . 2010-04-29 11:55 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2002-08-29 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 23:01 . 2010-07-10 19:14 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-07-10 19:14 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-07-10 19:14 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2010-07-10 19:14 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2010-05-02 13:43 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-05-02 13:43 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-04 09:55 . 2010-06-04 09:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 17:00 . 2010-06-01 17:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 17:00 . 2010-06-01 17:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 17:00 . 2010-06-01 17:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-31 08:31 . 2010-05-31 08:31 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-36419915-n\msvcp71.dll
2010-05-31 08:31 . 2010-05-31 08:31 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-36419915-n\jmc.dll
2010-05-31 08:31 . 2010-05-31 08:31 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-36419915-n\msvcr71.dll
2010-05-31 08:30 . 2010-05-31 08:30 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2c18fa77-n\decora-sse.dll
2010-05-31 08:30 . 2010-05-31 08:30 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2c18fa77-n\decora-d3d.dll
2010-05-25 21:12 . 2010-05-25 21:12 56184 ----a-w- c:\windows\system32\WBHELP2.DLL
2010-05-21 12:52 . 2010-05-21 12:52 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2010-05-21 38384]
[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LSVP"="c:\program files\LS\Vypnutí PC\vp.exe" [2008-01-24 214016]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-10-26 2334856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"LSVP"="c:\program files\LS\Vypnutí PC\vp.exe" [2008-01-24 214016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"COMODO"="c:\program files\COMODO\COMODO livePCsupport\CLPSLA.exe" [2010-08-02 210656]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Remote Control.lnk]
backup=c:\windows\pss\TV Remote Control.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
2006-11-16 06:25 363008 ----a-r- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
2005-04-29 15:00 748032 ----a-w- c:\program files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 21:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4.6.2010 11:55 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1.6.2010 19:00 25240]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2.8.2010 11:04 151440]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [29.4.2010 14:21 35840]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [29.4.2010 14:32 686080]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [29.4.2010 14:35 22784]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 20:53 136176]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.4.2010 15:35 691696]
.
Contents of the 'Scheduled Tasks' folder
2010-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-08-16 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-16 13:35]
2010-08-16 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-08-16 13:49]
2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 18:53]
2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 18:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.speedbit.com/?aff=205
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {1207BCA0-FCF1-47F2-9CAF-88776A7F37E7} = 192.168.1.1
TCP: {8768BD91-FCFF-46C9-A4A3-80924B279FDE} = 192.168.1.1
TCP: {8BB167B2-E195-4830-AE19-00D6B38082F8} = 192.168.1.1
TCP: {BC259066-2838-4ED2-AA91-9F7F8E78FA98} = 156.154.70.22,156.154.71.22
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\p2ntohjr.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 17:29
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-16 17:30:51
ComboFix-quarantined-files.txt 2010-08-16 15:30
Pre-Run: 53 339 897 856 bytes free
Post-Run: 15 adresárov, 53 385 138 176 voľných bajtov
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 9C6B58186D41BF0639E4BFAF85A93CCA
RSIT : mi nejde spustiť
Ďakujem za pomoc
Přispějete na provoz fóra?