Re: Prosím o kontrolu
Napsal: 07 kvě 2010 14:40
ComboFix 10-05-06.04 - Peter 07.05.2010 15:30:31.16.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1023.614 [GMT 2:00]
Running from: c:\documents and settings\Peter\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Peter\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
file zipped: c:\windows\system32\drivers\lqrukxd.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Peter\Application Data\ezpinst.exe
c:\documents and settings\Peter\Application Data\PnkBstrK.sys
c:\windows\system32\drivers\lqrukxd.sys
.
((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.
2010-05-03 14:02 . 2009-11-12 08:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-05-03 14:02 . 2009-11-12 08:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-05-03 14:02 . 2009-11-12 08:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-05-03 13:56 . 2009-11-10 08:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-03 13:56 . 2009-11-10 08:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-03 13:56 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-05-03 13:56 . 2009-11-10 08:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-03 13:56 . 2009-11-10 08:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-05-03 13:56 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-05-03 13:51 . 2009-10-30 09:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-03 13:51 . 2009-11-09 09:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-03 13:51 . 2009-10-06 14:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-03 13:50 . 2009-09-03 07:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-03 13:50 . 2010-05-03 13:56 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-03 13:50 . 2010-05-03 15:54 -------- d-----w- c:\program files\Spyware Doctor
2010-05-03 13:50 . 2010-05-03 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-03 13:50 . 2010-05-03 13:50 -------- d-----w- c:\documents and settings\Peter\Application Data\PC Tools
2010-05-02 20:22 . 2010-05-02 20:22 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\AOL
2010-05-02 20:22 . 2010-05-02 20:29 -------- d-----w- c:\program files\ICQ7.1
2010-04-20 21:12 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-04-20 21:12 . 2010-04-20 21:17 -------- d-----w- c:\program files\SatScape
2010-04-14 12:16 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 13:28 . 2007-06-26 12:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-06 14:10 . 2008-06-26 10:30 -------- d-----w- c:\program files\Trend Micro
2010-05-05 16:38 . 2007-09-20 12:52 -------- d-----w- c:\documents and settings\Peter\Application Data\ICQ
2010-05-05 07:06 . 2007-06-20 19:41 -------- d-----w- c:\documents and settings\Peter\Application Data\Skype
2010-05-05 06:00 . 2009-04-14 08:51 -------- d-----w- c:\documents and settings\Peter\Application Data\skypePM
2010-05-02 20:23 . 2007-01-27 15:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 20:23 . 2008-12-12 20:37 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-02 20:23 . 2008-12-12 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-05-02 16:31 . 2009-06-05 16:04 -------- d-----w- c:\program files\CCleaner
2010-05-02 16:29 . 2007-11-28 15:50 -------- d-----w- c:\program files\Google
2010-04-30 18:41 . 2008-02-27 19:19 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe
2010-04-28 12:23 . 2010-03-15 11:43 -------- d-----r- c:\program files\Skype
2010-03-15 11:43 . 2007-06-20 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-14 21:25 . 2008-07-12 14:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-14 21:25 . 2007-07-07 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 19:44 . 2010-03-09 19:33 -------- d-----w- c:\documents and settings\Peter\Application Data\Happy Foto
2010-03-08 18:12 . 2007-01-27 16:02 28968 ----a-w- c:\documents and settings\Peter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 07:10 . 2004-08-04 12:00 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Bluetooth.lnk]
path=c:\documents and settings\All Users\Ponuka Štart\Programy\Pri spustení\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-06 00:07 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 10:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiScreen]
2008-06-30 09:41 114688 ----a-w- c:\program files\MultiScreen\MultiScreen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 07:25 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2006-05-16 16:51 57344 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 21:57 30208 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-04-15 03:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIAWizardMenu]
2008-04-14 00:12 136704 ----a-w- c:\windows\system32\sti_ci.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3.5.2010 15:51 207792]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3.5.2010 16:02 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3.5.2010 16:02 59664]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 8:23 108792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3.5.2010 15:51 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3.5.2010 15:56 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11.9.2009 8:24 735960]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.12.2008 22:37 246520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.7.2008 14:29 691696]
S2 gupdate1c986ed766218a2;Google Update Service (gupdate1c986ed766218a2);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 19:24 133104]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3.5.2010 15:50 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3.5.2010 15:50 359624]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3.5.2010 16:02 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 17:24]
2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 17:24]
2010-05-07 c:\windows\Tasks\User_Feed_Synchronization-{5424BEA9-A10A-4D48-AC65-CB94681185C6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\bgvefcv4.Mozilla\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
FF - plugin: d:\google\Picasa3\npPicasa2.dll
FF - plugin: d:\google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 15:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-1364589140-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2000478354-1364589140-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:59,54,ce,64,8d,da,31,a5,31,7c,f0,62,c0,b4,2a,09,30,24,e4,ca,d9,
9f,00,82,8e,84,68,76,da,e7,ca,a5,3b,74,8b,0d,f8,c5,45,2b,60,af,22,ef,8c,ac,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="17DB12C71B85235D2D6147ED8FD1A4E144F0D209CA23A39B3F184B886CDE1E8E21A6DB2B6BF438547DB8921A579F98968B1ABF4A2C61CCD8BB77E031B1E83C9A635EA4C6F0AF353FF88CF461B7F5FDCB5B9116D2258F7EF42E3FD86055F474F946E954058BB2BD501FF8B50A771BA7A36BC8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5C9DB7CE019D40AA5C4CC5F754BC4E3E29FEA336704F9B858FCD214B3B508BB02DD790A237DFB199C3ECC77A7FA81FEB31DCADA6832D622E4CD19FE189B4D0DF9B44ABAF0A40259E4DF40E505B8D6C66117E0A44A3B241D6B1F30D5CA741D813098B23DC5EFE5FA74061B9315CA823855DC4B9AE8C4E14902893E5E2B5B28D35563010FCD74AF41691F6A2BACD3923C6405270EA4DEE26902ED75806AACB4855F578404870556D7548BB52EB4F82C34AF60F93E34A8ABCB1D5294BB6CC4F5826EF6E365AF757C56F837B0729D1CCCCD5D22A4066BB980BF047B356CBBA0A01005F6126310F89ECD47045B3BB9EE27B533810C5232D17BCF03AE9470064C7F8DAF161F931AA2CC819D56C7FD0CE1580CC22F728B0FD056FF67E001DF00E5B6C576DC4CF229580AFD48A884476513680F41CD79E07E2E8B46DF5EF0CA15219783927A7F8ADECCD6D42F97310A3691F1621486C9305E1CA136297757DF71CDA31658BE6F9E5A35EC2C227CC272F2D2ACCC85C3627EAD7B60508EB148E3F2D809E6898A40E3C7D81E359A3F87ED48838268A20F92EDEF4BDF7B2148E8EA41A693AF063472208950AF8AF1A1D4037B82D97A6F2BEAEE93D744D5E3F6F83BBCBFAF25091795606DACD9C8FC4A64CD8D1EE88004450E47A86735C273504A4FAFD202D005FA882D40CA6E0E9F4C1B4A3BAEA59A21AC04060FE57EE50CF5C5E3B42C63F191C06AE77C175C8530EE4BF622D8F573A0EE26452A441413E7E4F51BBFEDE73DAAA891856659BCB010AC4E8463951C9174DCE2868CBD5087CC1F353A06ADE8928826DB0BBB27F5752735DDDE3BF28E8AE18E018A11DBC673832A86B6E12423508AE2E1FD73D0D4A456BEE80B3F80E6299C5B8F2DC1224FA43F70ED68E57831CA54E0FBB3D6A32F87DA67A68116F83D615BDBB2CE2FDBA4F13520A85D16E27DA4F1616946474E0AA436C49DFBD020DDA027D916CDA8137E6C192C59C6960B07EF7CA8DE929688F1D031964655D62B177E517260ED19550380EA0ADF5EA0AAA8C38C98333C8A7BA7F4D9E1D2C79997CAAE72FA9213B86442C5AF4739AD29CA2794882C999E7E9DFF554FE05987C007EE4D5FE10696B72D222AA9F8B4EFD1C2BB188F5F6780FB6819870D37347B846CA8AA15512DC1BCF41EBA9C1AF04AFE058147C3DE4E3276D2772"
"OODEFRAG08.00.00.01WORKSTATION"="7B25A8EF5C5A36912B3AA0E5532E62A5F731987EC5E89ECC10562E57777B5CD5A1C02B5E42E67E8A7C7527E7DF56638A8212F850036148FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5C9DB7CE019D40AA5CB943DEF6045B1732FED8F3AD8FE0D0BD4E3880CD858FF0CB06661E9C57390B7FA60E38FA019846C72CF93C50B36C1EB07C4B5954FD55211ADB8E4BA2161C49ADFD1C3E20A8AF63AD194AB5AC3D810812186914A926AF1B74511820CE077968CA4E622DCE618BC8F6AB323F48BD95D7A28291CF90D9B53A67DC389D416BAD7452C9EB87A375ECD2AB703479DD27EC5D14BDDAF0FED2D05F739D37874DE8E57F314755116E13E9E3C595614CD9D2A0EA11F1EA1E1FB140ED0F53F365F908A81D4B3ED254B3CD6AE1346C6160DD7A9FD6356CFE43D0FB184D21E1DE848238CCE5F4CF2A1EAD9A2AB5DAEDEF253FBDABFA0F9B670DA41ABDE88954FC7358487D76783A357EC6D3BCCC90B45CCC09A0D9B8A39409F1E3D7ECB09656E7081D6E3BEF94E6E14CA0B984991F7E894CF70A146F6C0FDAA68665B3180FB94DD8A8C5D977FADD341F906CBA12C6AF6F5EFB451988D16569A63C57F4172BF16DC387490134514CC0D41DF3EB2FBACD1801BC02F8EB3719D6336726672919191FE7785CACD3B106328E04397A6E2105237792D31B8BEE4E554C1FAE16CE786B4A296E432B86AA00C7B1368C19D19623C4C50BB1385742CB2DBA2CB0DF0A5EC96CB092A6A1813FD3D267579FD2DEA71B4438E8F6DEC6EBFD3C0A8ED1F6E3D3BA96693F16087C6240B89C400882205A06FB5B2064EFD51C74F089799863E657E46F8304812AB501267582FCC0D822A29B5B02DB9BA1807763D04BD0F27EA358952EF424BE276B770C968DCE285CF5ED3CE6437725FD4B16A2F326323077AC3CBF2374980773E4181CBEF72A01E4B3996BB3F7066BE23D832F86B6EA85D11B5D752C7D0BF755E92A24243E38709E7179CEEE3FCC3F02603F2749DBFB8AE38A86F1BFD15D92E9466615112254828AD0D4B25679C5D261C23FCE0FB71EBCD719F910E875A03C214B7B85E2A70FA47EEF6605BECE1E3D59F6698F42323BFBACEA6D52422F9DBFBE4D8AB08C19AC29A177DCD78E28B67B19941CF25D76F08B37A9885D7F8C4F48D8252AF1940427C7720F5B64C1B426EB22B6242BEF7392161A7DE8F9E35CE568DDAF654D95382A19C0647904E666B4524A7A480A21DBA6A654991F944A3444968B4D38673CCB161D312AC1B52072E0553A833F892828E72EB2AF313E1E6B822A7663960A4D1700B43D16341DA7545B81F17736C4CF92C40057F6972CE21EEB628559E4A49C38AFA73160C20046480BC44182CBF9799ADED5B92C4037"
"OODEFRAG11.00.00.01WORKSTATION"="ECA0B56A1CC63E9A0E60D2B7B9289982FAFB6E59B0082374DE0131EDE7719240D4FDCCC245B0E5C1E58E5E359B2C5F47CEF2A11B58C46608A53F6B458AC52E2B4111800EB4EA2BDC745C3076786F5E769EC7CA560135ECB484915E984FF2897DFE11478BCBF62B37763D113D2BFC18ACB144A9EE228E3B096DBC5C0C6BF3CED7CDDC293F1CBAD5A199445F0FC443E00D43568F09EA67AA18C927CF05CBAAFDDEE4F346F2ED7E6E72FDAC0DB38993623B81FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B9808FEBC9E127BECC74CA2C352430A5DCCDD0FFA6E1759B857EE993AD0C0C4B89B375C0708D3CBB7038841FA23F50063CFB1112F0EC75D420B4809E77E94268FF2C60996F8DADDDD077BCB29571CC1961D3E32AAE886E2BB06869C3629E4470647BED9B070E79AC960761BE44E356F329DDD0358E34F964606103F824F4BFC43C93132492F519FC64EDC2CD72EF311C6C45E3BB522540655CB408041BA957CBF2BA799683F22EC731682A0BCDE410E378601B4D50D7822B29EE4917AF244E1CAA29DBBA9E818E7427E303DE78AB7B3BBDA7D6CDCD1D4C3FBC6434AC7C68D2D04EB8269BEBDA556795224E93DA32635603F7B848762B6A3A01311A5DA49DAC1E2C33A95EA0FF2E6B4E20EB3B5DC11A605B49CC324729C61E6D47843F4504A66B0ED1ED88674D8A9628294CCDE2F3081DBBEEE92127C3EFD65E01A64EDF42C478BB179EE7EC9E512C5894E885AD6EEA3EDE5FA7FCABC01E00B9109F13196077365D90D38512EDDF975D34A61DD53ECCD9739B9BC573503D39744CA74BE56145D83338A371683B61D5B400973B168FB2708C519A0552B94069E5B5B1DA79B405EFE119C94F2F21A1A38337F7EB21FA63643237CA3F726B90A8B3CAABD160F2F30C6CADE9D2565E7789C93176954C3266AA0E7B8658574AB541ACF194D432033731C3B5FBF7C0CB11F70CDAB3C99E5EA154BB297A5D728D641D9838065FE0158A915BF2411DD583E5A6DD010241D5A186A44A258CCDD935B0FB04A2AC7AC275B3C9A3CA548408287DA249008F08A380585DEDC2C6398D38EDE5799565543CC2EF56C964D40B186BDB4F5844C19255C3EE1430A39961FC1F7B8DAE9B6954FEFF5871A3A7D7B51A1C1609B290A34416782E2EC5798B91C8254861B3A7333ED538B818A94099C53D7AB3A1C7D630048BCC4CBAA745A42CDF815154E8B26FD547CFCDCF79939EA7F70C404D905ECDC3705AD48A11700C906CDDD197B63DF6749B58C746EBF4953B4760BDF0748AF50A0AB9864C876FD8EAAEF87A7804C2286A78DAE89D10168E4DFB832572851278228619512ECD0BF7236109EBB0ED264175ED58DBC56DCBBD388CA21571BB1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1044)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-05-07 15:38:45
ComboFix-quarantined-files.txt 2010-05-07 13:38
ComboFix2.txt 2010-05-06 20:36
Pre-Run: 37 324 173 312 bytes free
Post-Run: 11 adresárov, 37 278 425 088 voľných bajtov
- - End Of File - - 61F6E638350ABA1C1E751CF31248E854
Upload was successful
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1023.614 [GMT 2:00]
Running from: c:\documents and settings\Peter\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Peter\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
file zipped: c:\windows\system32\drivers\lqrukxd.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Peter\Application Data\ezpinst.exe
c:\documents and settings\Peter\Application Data\PnkBstrK.sys
c:\windows\system32\drivers\lqrukxd.sys
.
((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.
2010-05-03 14:02 . 2009-11-12 08:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-05-03 14:02 . 2009-11-12 08:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-05-03 14:02 . 2009-11-12 08:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-05-03 13:56 . 2009-11-10 08:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-03 13:56 . 2009-11-10 08:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-03 13:56 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-05-03 13:56 . 2009-11-10 08:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-03 13:56 . 2009-11-10 08:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-05-03 13:56 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-05-03 13:51 . 2009-10-30 09:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-03 13:51 . 2009-11-09 09:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-03 13:51 . 2009-10-06 14:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-03 13:50 . 2009-09-03 07:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-03 13:50 . 2010-05-03 13:56 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-03 13:50 . 2010-05-03 15:54 -------- d-----w- c:\program files\Spyware Doctor
2010-05-03 13:50 . 2010-05-03 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-03 13:50 . 2010-05-03 13:50 -------- d-----w- c:\documents and settings\Peter\Application Data\PC Tools
2010-05-02 20:22 . 2010-05-02 20:22 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\AOL
2010-05-02 20:22 . 2010-05-02 20:29 -------- d-----w- c:\program files\ICQ7.1
2010-04-20 21:12 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-04-20 21:12 . 2010-04-20 21:17 -------- d-----w- c:\program files\SatScape
2010-04-14 12:16 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 13:28 . 2007-06-26 12:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-06 14:10 . 2008-06-26 10:30 -------- d-----w- c:\program files\Trend Micro
2010-05-05 16:38 . 2007-09-20 12:52 -------- d-----w- c:\documents and settings\Peter\Application Data\ICQ
2010-05-05 07:06 . 2007-06-20 19:41 -------- d-----w- c:\documents and settings\Peter\Application Data\Skype
2010-05-05 06:00 . 2009-04-14 08:51 -------- d-----w- c:\documents and settings\Peter\Application Data\skypePM
2010-05-02 20:23 . 2007-01-27 15:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 20:23 . 2008-12-12 20:37 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-02 20:23 . 2008-12-12 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-05-02 16:31 . 2009-06-05 16:04 -------- d-----w- c:\program files\CCleaner
2010-05-02 16:29 . 2007-11-28 15:50 -------- d-----w- c:\program files\Google
2010-04-30 18:41 . 2008-02-27 19:19 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe
2010-04-28 12:23 . 2010-03-15 11:43 -------- d-----r- c:\program files\Skype
2010-03-15 11:43 . 2007-06-20 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-14 21:25 . 2008-07-12 14:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-14 21:25 . 2007-07-07 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 19:44 . 2010-03-09 19:33 -------- d-----w- c:\documents and settings\Peter\Application Data\Happy Foto
2010-03-08 18:12 . 2007-01-27 16:02 28968 ----a-w- c:\documents and settings\Peter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 07:10 . 2004-08-04 12:00 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Bluetooth.lnk]
path=c:\documents and settings\All Users\Ponuka Štart\Programy\Pri spustení\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-06 00:07 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 10:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiScreen]
2008-06-30 09:41 114688 ----a-w- c:\program files\MultiScreen\MultiScreen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 07:25 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2006-05-16 16:51 57344 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 21:57 30208 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-04-15 03:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIAWizardMenu]
2008-04-14 00:12 136704 ----a-w- c:\windows\system32\sti_ci.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3.5.2010 15:51 207792]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3.5.2010 16:02 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3.5.2010 16:02 59664]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 8:23 108792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3.5.2010 15:51 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3.5.2010 15:56 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11.9.2009 8:24 735960]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.12.2008 22:37 246520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.7.2008 14:29 691696]
S2 gupdate1c986ed766218a2;Google Update Service (gupdate1c986ed766218a2);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 19:24 133104]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3.5.2010 15:50 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3.5.2010 15:50 359624]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3.5.2010 16:02 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 17:24]
2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 17:24]
2010-05-07 c:\windows\Tasks\User_Feed_Synchronization-{5424BEA9-A10A-4D48-AC65-CB94681185C6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\bgvefcv4.Mozilla\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
FF - plugin: d:\google\Picasa3\npPicasa2.dll
FF - plugin: d:\google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 15:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-1364589140-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2000478354-1364589140-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:59,54,ce,64,8d,da,31,a5,31,7c,f0,62,c0,b4,2a,09,30,24,e4,ca,d9,
9f,00,82,8e,84,68,76,da,e7,ca,a5,3b,74,8b,0d,f8,c5,45,2b,60,af,22,ef,8c,ac,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="17DB12C71B85235D2D6147ED8FD1A4E144F0D209CA23A39B3F184B886CDE1E8E21A6DB2B6BF438547DB8921A579F98968B1ABF4A2C61CCD8BB77E031B1E83C9A635EA4C6F0AF353FF88CF461B7F5FDCB5B9116D2258F7EF42E3FD86055F474F946E954058BB2BD501FF8B50A771BA7A36BC8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5C9DB7CE019D40AA5C4CC5F754BC4E3E29FEA336704F9B858FCD214B3B508BB02DD790A237DFB199C3ECC77A7FA81FEB31DCADA6832D622E4CD19FE189B4D0DF9B44ABAF0A40259E4DF40E505B8D6C66117E0A44A3B241D6B1F30D5CA741D813098B23DC5EFE5FA74061B9315CA823855DC4B9AE8C4E14902893E5E2B5B28D35563010FCD74AF41691F6A2BACD3923C6405270EA4DEE26902ED75806AACB4855F578404870556D7548BB52EB4F82C34AF60F93E34A8ABCB1D5294BB6CC4F5826EF6E365AF757C56F837B0729D1CCCCD5D22A4066BB980BF047B356CBBA0A01005F6126310F89ECD47045B3BB9EE27B533810C5232D17BCF03AE9470064C7F8DAF161F931AA2CC819D56C7FD0CE1580CC22F728B0FD056FF67E001DF00E5B6C576DC4CF229580AFD48A884476513680F41CD79E07E2E8B46DF5EF0CA15219783927A7F8ADECCD6D42F97310A3691F1621486C9305E1CA136297757DF71CDA31658BE6F9E5A35EC2C227CC272F2D2ACCC85C3627EAD7B60508EB148E3F2D809E6898A40E3C7D81E359A3F87ED48838268A20F92EDEF4BDF7B2148E8EA41A693AF063472208950AF8AF1A1D4037B82D97A6F2BEAEE93D744D5E3F6F83BBCBFAF25091795606DACD9C8FC4A64CD8D1EE88004450E47A86735C273504A4FAFD202D005FA882D40CA6E0E9F4C1B4A3BAEA59A21AC04060FE57EE50CF5C5E3B42C63F191C06AE77C175C8530EE4BF622D8F573A0EE26452A441413E7E4F51BBFEDE73DAAA891856659BCB010AC4E8463951C9174DCE2868CBD5087CC1F353A06ADE8928826DB0BBB27F5752735DDDE3BF28E8AE18E018A11DBC673832A86B6E12423508AE2E1FD73D0D4A456BEE80B3F80E6299C5B8F2DC1224FA43F70ED68E57831CA54E0FBB3D6A32F87DA67A68116F83D615BDBB2CE2FDBA4F13520A85D16E27DA4F1616946474E0AA436C49DFBD020DDA027D916CDA8137E6C192C59C6960B07EF7CA8DE929688F1D031964655D62B177E517260ED19550380EA0ADF5EA0AAA8C38C98333C8A7BA7F4D9E1D2C79997CAAE72FA9213B86442C5AF4739AD29CA2794882C999E7E9DFF554FE05987C007EE4D5FE10696B72D222AA9F8B4EFD1C2BB188F5F6780FB6819870D37347B846CA8AA15512DC1BCF41EBA9C1AF04AFE058147C3DE4E3276D2772"
"OODEFRAG08.00.00.01WORKSTATION"="7B25A8EF5C5A36912B3AA0E5532E62A5F731987EC5E89ECC10562E57777B5CD5A1C02B5E42E67E8A7C7527E7DF56638A8212F850036148FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5C9DB7CE019D40AA5CB943DEF6045B1732FED8F3AD8FE0D0BD4E3880CD858FF0CB06661E9C57390B7FA60E38FA019846C72CF93C50B36C1EB07C4B5954FD55211ADB8E4BA2161C49ADFD1C3E20A8AF63AD194AB5AC3D810812186914A926AF1B74511820CE077968CA4E622DCE618BC8F6AB323F48BD95D7A28291CF90D9B53A67DC389D416BAD7452C9EB87A375ECD2AB703479DD27EC5D14BDDAF0FED2D05F739D37874DE8E57F314755116E13E9E3C595614CD9D2A0EA11F1EA1E1FB140ED0F53F365F908A81D4B3ED254B3CD6AE1346C6160DD7A9FD6356CFE43D0FB184D21E1DE848238CCE5F4CF2A1EAD9A2AB5DAEDEF253FBDABFA0F9B670DA41ABDE88954FC7358487D76783A357EC6D3BCCC90B45CCC09A0D9B8A39409F1E3D7ECB09656E7081D6E3BEF94E6E14CA0B984991F7E894CF70A146F6C0FDAA68665B3180FB94DD8A8C5D977FADD341F906CBA12C6AF6F5EFB451988D16569A63C57F4172BF16DC387490134514CC0D41DF3EB2FBACD1801BC02F8EB3719D6336726672919191FE7785CACD3B106328E04397A6E2105237792D31B8BEE4E554C1FAE16CE786B4A296E432B86AA00C7B1368C19D19623C4C50BB1385742CB2DBA2CB0DF0A5EC96CB092A6A1813FD3D267579FD2DEA71B4438E8F6DEC6EBFD3C0A8ED1F6E3D3BA96693F16087C6240B89C400882205A06FB5B2064EFD51C74F089799863E657E46F8304812AB501267582FCC0D822A29B5B02DB9BA1807763D04BD0F27EA358952EF424BE276B770C968DCE285CF5ED3CE6437725FD4B16A2F326323077AC3CBF2374980773E4181CBEF72A01E4B3996BB3F7066BE23D832F86B6EA85D11B5D752C7D0BF755E92A24243E38709E7179CEEE3FCC3F02603F2749DBFB8AE38A86F1BFD15D92E9466615112254828AD0D4B25679C5D261C23FCE0FB71EBCD719F910E875A03C214B7B85E2A70FA47EEF6605BECE1E3D59F6698F42323BFBACEA6D52422F9DBFBE4D8AB08C19AC29A177DCD78E28B67B19941CF25D76F08B37A9885D7F8C4F48D8252AF1940427C7720F5B64C1B426EB22B6242BEF7392161A7DE8F9E35CE568DDAF654D95382A19C0647904E666B4524A7A480A21DBA6A654991F944A3444968B4D38673CCB161D312AC1B52072E0553A833F892828E72EB2AF313E1E6B822A7663960A4D1700B43D16341DA7545B81F17736C4CF92C40057F6972CE21EEB628559E4A49C38AFA73160C20046480BC44182CBF9799ADED5B92C4037"
"OODEFRAG11.00.00.01WORKSTATION"="ECA0B56A1CC63E9A0E60D2B7B9289982FAFB6E59B0082374DE0131EDE7719240D4FDCCC245B0E5C1E58E5E359B2C5F47CEF2A11B58C46608A53F6B458AC52E2B4111800EB4EA2BDC745C3076786F5E769EC7CA560135ECB484915E984FF2897DFE11478BCBF62B37763D113D2BFC18ACB144A9EE228E3B096DBC5C0C6BF3CED7CDDC293F1CBAD5A199445F0FC443E00D43568F09EA67AA18C927CF05CBAAFDDEE4F346F2ED7E6E72FDAC0DB38993623B81FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B9808FEBC9E127BECC74CA2C352430A5DCCDD0FFA6E1759B857EE993AD0C0C4B89B375C0708D3CBB7038841FA23F50063CFB1112F0EC75D420B4809E77E94268FF2C60996F8DADDDD077BCB29571CC1961D3E32AAE886E2BB06869C3629E4470647BED9B070E79AC960761BE44E356F329DDD0358E34F964606103F824F4BFC43C93132492F519FC64EDC2CD72EF311C6C45E3BB522540655CB408041BA957CBF2BA799683F22EC731682A0BCDE410E378601B4D50D7822B29EE4917AF244E1CAA29DBBA9E818E7427E303DE78AB7B3BBDA7D6CDCD1D4C3FBC6434AC7C68D2D04EB8269BEBDA556795224E93DA32635603F7B848762B6A3A01311A5DA49DAC1E2C33A95EA0FF2E6B4E20EB3B5DC11A605B49CC324729C61E6D47843F4504A66B0ED1ED88674D8A9628294CCDE2F3081DBBEEE92127C3EFD65E01A64EDF42C478BB179EE7EC9E512C5894E885AD6EEA3EDE5FA7FCABC01E00B9109F13196077365D90D38512EDDF975D34A61DD53ECCD9739B9BC573503D39744CA74BE56145D83338A371683B61D5B400973B168FB2708C519A0552B94069E5B5B1DA79B405EFE119C94F2F21A1A38337F7EB21FA63643237CA3F726B90A8B3CAABD160F2F30C6CADE9D2565E7789C93176954C3266AA0E7B8658574AB541ACF194D432033731C3B5FBF7C0CB11F70CDAB3C99E5EA154BB297A5D728D641D9838065FE0158A915BF2411DD583E5A6DD010241D5A186A44A258CCDD935B0FB04A2AC7AC275B3C9A3CA548408287DA249008F08A380585DEDC2C6398D38EDE5799565543CC2EF56C964D40B186BDB4F5844C19255C3EE1430A39961FC1F7B8DAE9B6954FEFF5871A3A7D7B51A1C1609B290A34416782E2EC5798B91C8254861B3A7333ED538B818A94099C53D7AB3A1C7D630048BCC4CBAA745A42CDF815154E8B26FD547CFCDCF79939EA7F70C404D905ECDC3705AD48A11700C906CDDD197B63DF6749B58C746EBF4953B4760BDF0748AF50A0AB9864C876FD8EAAEF87A7804C2286A78DAE89D10168E4DFB832572851278228619512ECD0BF7236109EBB0ED264175ED58DBC56DCBBD388CA21571BB1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1044)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-05-07 15:38:45
ComboFix-quarantined-files.txt 2010-05-07 13:38
ComboFix2.txt 2010-05-06 20:36
Pre-Run: 37 324 173 312 bytes free
Post-Run: 11 adresárov, 37 278 425 088 voľných bajtov
- - End Of File - - 61F6E638350ABA1C1E751CF31248E854
Upload was successful
