Prosim o kontrolu logu
Napsal: 24 led 2011 19:56
Zdravim vas PROfici prosim o kontrolu logu.Mam šarapatu v pc nejdu mi niektore stranky mam spomalenu rychlost internetu atd....Niekedy sa PC reštartuje
prešiel som ho CCLEANEROM,MALWAREBYTES-antimalware a spravil som log z HJT A COMBO.Prosim vas o kontrolu DAKUJEM.......
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:31, on 24.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
I:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Memory Improve Professional] C:\Program Files\Memory Improve Professional\MemoryImproveProfessional.exe /autorun
O4 - HKCU\..\Run: [SPMTray] C:\Program Files\PC Speed Maximizer\SPMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Arcsoft Security Service - Arcsoft, Inc. - C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Firewall - Unknown owner - C:\Program Files\Alwil Software\Avast5\afwServ.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6402 bytes
____________________________________________________________________
ComboFix 11-01-23.07 - PC 24.01.2011 16:13:12.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2617 [GMT 1:00]
Running from: I:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok-12-22
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok-12-23
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok-12-24
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok.A12.em.bin
c:\documents and settings\PC\Local Settings\Application Data\BronNetDomList.bat
c:\documents and settings\PC\Local Settings\Application Data\csrss.exe
c:\documents and settings\PC\Local Settings\Application Data\inetinfo.exe
c:\documents and settings\PC\Local Settings\Application Data\Kosong.Bron.Tok.txt
c:\documents and settings\PC\Local Settings\Application Data\ListHost12.txt
c:\documents and settings\PC\Local Settings\Application Data\lsass.exe
c:\documents and settings\PC\Local Settings\Application Data\services.exe
c:\documents and settings\PC\Local Settings\Application Data\smss.exe
c:\documents and settings\PC\Local Settings\Application Data\winlogon.exe
c:\documents and settings\PC\Start Menu\Programs\Startup\Empty.pif
c:\documents and settings\PC\Templates\Brengkolang.com
c:\windows\eksplorasi.exe
c:\windows\ShellNew\sempalong.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-24 to 2011-01-24 )))))))))))))))))))))))))))))))
.
2011-01-23 22:50 . 2011-01-23 22:50 -------- d-----w- c:\program files\Alwil Software
2011-01-22 13:32 . 2011-01-22 13:32 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Ok-SendMail-Bron-tok
2011-01-22 13:15 . 2011-01-22 13:43 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Loc.Mail.Bron.Tok
2011-01-22 13:00 . 2011-01-22 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2011-01-22 12:51 . 2011-01-22 12:51 -------- d-----w- c:\documents and settings\PC\Application Data\PC Speed Maximizer
2011-01-22 12:51 . 2011-01-22 12:52 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-17 17:38 . 2011-01-17 17:38 -------- d-----w- c:\documents and settings\PC\Application Data\Ubisoft
2011-01-13 16:07 . 2010-12-23 10:09 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-01-13 16:07 . 2011-01-13 16:07 -------- d-----w- C:\Intel
2011-01-13 16:06 . 2009-03-03 19:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-01-13 16:03 . 2011-01-13 16:03 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-01-13 16:02 . 2011-01-13 16:03 -------- d-----w- c:\documents and settings\PC\Application Data\Logishrd
2011-01-13 16:02 . 2011-01-13 16:02 -------- d-----w- c:\documents and settings\PC\Application Data\Logitech
2011-01-13 16:02 . 2010-11-03 17:15 359016 ----a-w- c:\windows\vncutil.exe
2011-01-13 16:02 . 2010-11-11 12:27 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-01-13 16:02 . 2010-11-03 17:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-01-13 16:02 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-01-13 16:02 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-01-12 16:42 . 2011-01-12 16:42 -------- d-----w- c:\program files\Driver-Soft
2011-01-11 19:55 . 2011-01-11 19:55 -------- d-----w- c:\program files\Everest_Ultimate_Build_2253
2011-01-11 19:37 . 2011-01-11 19:37 -------- d-----w- c:\program files\Memory Improve Professional
2011-01-08 21:11 . 2011-01-08 21:11 -------- d-----w- c:\documents and settings\PC\Application Data\Disney Interactive Studios
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Opera
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\program files\Opera
2011-01-03 22:33 . 2011-01-16 20:38 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2011-01-03 22:33 . 2011-01-03 22:33 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Google
2011-01-03 22:32 . 2007-05-15 20:54 99840 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll
2011-01-03 22:32 . 2007-05-15 20:54 407040 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe
2011-01-03 22:32 . 2007-05-15 20:54 156544 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll
2011-01-03 22:32 . 2007-05-15 20:54 14456 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-12-29 17:52 . 2010-12-29 17:52 -------- d-----w- c:\program files\City Interactive
2010-12-29 12:45 . 2011-01-24 14:55 42675 ----a-w- c:\windows\system32\PC's Setting.scr
2010-12-27 22:15 . 2010-12-27 22:15 -------- d-----w- c:\documents and settings\PC\Application Data\MoveFab
2010-12-26 14:30 . 2010-12-26 14:30 -------- d-----w- c:\documents and settings\PC\Application Data\DVDFab
2010-12-26 11:36 . 2010-12-26 11:40 -------- d-----w- c:\documents and settings\PC\.android
2010-12-26 11:36 . 2010-12-26 11:36 -------- d-----w- c:\program files\Android
2010-12-26 11:35 . 2010-12-26 11:35 -------- d-----w- c:\program files\Sun
2010-12-26 11:35 . 2010-12-26 11:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 14:48 . 2010-11-01 18:59 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-30 13:17 . 2007-03-28 10:41 19972712 ----a-w- c:\windows\RTHDCPL.EXE
2010-12-30 10:59 . 2007-03-28 10:41 6290024 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-12-26 11:35 . 2010-10-23 18:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 20:41 . 2010-10-31 12:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-12-22 20:41 . 2007-03-28 12:13 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-22 20:41 . 2007-03-28 12:13 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-21 21:28 . 2010-12-21 21:28 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-21 21:28 . 2010-12-21 21:28 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-12-21 21:12 . 2010-12-10 13:22 138056 ----a-w- c:\documents and settings\PC\Application Data\PnkBstrK.sys
2010-12-21 21:12 . 2010-11-01 18:59 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-21 21:11 . 2010-11-01 18:59 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-20 17:09 . 2010-10-22 20:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-10-22 20:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 22:04 . 2010-12-10 13:35 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-19 21:44 . 2010-12-19 21:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-19 21:44 . 2010-12-19 21:12 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-19 20:57 . 2010-12-19 20:57 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-11-26 04:17 . 2007-03-28 11:55 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2010-10-22 10:20 16748544 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2010-10-22 10:20 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2010-12-15 18:26 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2010-10-22 10:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2010-10-22 10:20 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2010-12-15 18:26 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2007-03-28 11:55 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2007-03-28 11:55 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:39 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:34 . 2010-10-22 10:20 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2010-10-22 10:20 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2010-10-22 10:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2010-10-22 10:20 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2007-03-28 11:55 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2010-10-22 10:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2010-10-22 10:20 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2010-10-22 10:20 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2010-10-22 10:20 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2007-03-28 11:55 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-21 21:51 . 2010-11-21 21:51 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-21 21:51 . 2010-11-21 21:51 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-21 21:47 . 2010-11-21 21:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-17 12:03 . 2010-07-21 11:30 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2010-11-03 17:15 . 2007-03-28 10:41 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-03 17:15 . 2007-03-28 10:41 1833576 ----a-w- c:\windows\SkyTel.exe
2010-11-03 17:15 . 2007-03-28 10:41 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-03 17:15 . 2007-03-28 10:41 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-03 17:15 . 2007-03-28 10:41 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-03 17:14 . 2007-03-28 10:41 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-03 17:13 . 2007-03-28 10:41 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-03 17:13 . 2007-03-28 10:41 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-11-03 17:13 . 2007-03-28 10:41 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-11-01 18:07 . 2010-11-01 18:07 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-28 09:46 . 2007-03-28 10:40 1251944 ----a-w- c:\windows\RtlExUpd.dll
2004-03-11 11:27 . 2007-03-28 12:19 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2007-05-15 20:54 . 2011-01-03 22:31 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-15 20:54 . 2011-01-03 22:31 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-05-15 20:54 . 2011-01-03 22:31 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-05-15 20:54 . 2011-01-03 22:31 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-05-15 20:54 . 2011-01-03 22:31 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Valve\Steam\steam.exe" [2010-11-16 1242448]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Google Update"="c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-03 136176]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Memory Improve Professional"="c:\program files\Memory Improve Professional\MemoryImproveProfessional.exe" [2010-08-23 1416192]
"SPMTray"="c:\program files\PC Speed Maximizer\SPMTray.exe" [2010-08-24 205584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-11-17 20:29 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboarding.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Hi.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Low.exe"=
"c:\\Program Files\\Activision\\James Bond 007(TM) - Blood Stone\\Bond.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Deep Silver\\Nail'd\\Naild_x86.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [15.11.2010 16:24 190416]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2010 19:07 691696]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [15.11.2010 16:24 99792]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [28.3.2007 11:25 13696]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/22 21:42];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [17.11.2010 21:29 87536]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 11:22 185472]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe [22.11.2009 14:09 80384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.10.2010 21:59 363344]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.7.2010 12:30 101904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.10.2010 21:59 20952]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.1.2011 17:02 1691480]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
Contents of the 'Scheduled Tasks' folder
2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\rbcm5208.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://sk.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 16:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2f
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1979792683-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,59,4d,e2,36,a1,63,95,e0,b3,64,1f,e6,f9,b7,74,00,f1,cb,93,51,
6c,21,33,ed,99,72,4a,d5,12,1b,2b,f3,82,d2,46,e8,cf,e6,19,5d,c0,0d,f9,99,d2,\
"rkeysecu"=hex:77,78,ee,cd,5b,65,99,b4,34,71,f3,70,de,14,5e,6f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-01-24 16:21:22
ComboFix-quarantined-files.txt 2011-01-24 15:21
Pre-Run: 43 520 585 728 bytes free
Post-Run: 12 adresárov, 43 502 080 000 voľných bajtov
- - End Of File - - DFCFFD7F7EEE4B03322D4C736FC0F622
prešiel som ho CCLEANEROM,MALWAREBYTES-antimalware a spravil som log z HJT A COMBO.Prosim vas o kontrolu DAKUJEM.......
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:31, on 24.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
I:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Memory Improve Professional] C:\Program Files\Memory Improve Professional\MemoryImproveProfessional.exe /autorun
O4 - HKCU\..\Run: [SPMTray] C:\Program Files\PC Speed Maximizer\SPMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Arcsoft Security Service - Arcsoft, Inc. - C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Firewall - Unknown owner - C:\Program Files\Alwil Software\Avast5\afwServ.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6402 bytes
____________________________________________________________________
ComboFix 11-01-23.07 - PC 24.01.2011 16:13:12.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2617 [GMT 1:00]
Running from: I:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok-12-22
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok-12-23
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok-12-24
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok.A12.em.bin
c:\documents and settings\PC\Local Settings\Application Data\BronNetDomList.bat
c:\documents and settings\PC\Local Settings\Application Data\csrss.exe
c:\documents and settings\PC\Local Settings\Application Data\inetinfo.exe
c:\documents and settings\PC\Local Settings\Application Data\Kosong.Bron.Tok.txt
c:\documents and settings\PC\Local Settings\Application Data\ListHost12.txt
c:\documents and settings\PC\Local Settings\Application Data\lsass.exe
c:\documents and settings\PC\Local Settings\Application Data\services.exe
c:\documents and settings\PC\Local Settings\Application Data\smss.exe
c:\documents and settings\PC\Local Settings\Application Data\winlogon.exe
c:\documents and settings\PC\Start Menu\Programs\Startup\Empty.pif
c:\documents and settings\PC\Templates\Brengkolang.com
c:\windows\eksplorasi.exe
c:\windows\ShellNew\sempalong.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-24 to 2011-01-24 )))))))))))))))))))))))))))))))
.
2011-01-23 22:50 . 2011-01-23 22:50 -------- d-----w- c:\program files\Alwil Software
2011-01-22 13:32 . 2011-01-22 13:32 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Ok-SendMail-Bron-tok
2011-01-22 13:15 . 2011-01-22 13:43 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Loc.Mail.Bron.Tok
2011-01-22 13:00 . 2011-01-22 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2011-01-22 12:51 . 2011-01-22 12:51 -------- d-----w- c:\documents and settings\PC\Application Data\PC Speed Maximizer
2011-01-22 12:51 . 2011-01-22 12:52 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-17 17:38 . 2011-01-17 17:38 -------- d-----w- c:\documents and settings\PC\Application Data\Ubisoft
2011-01-13 16:07 . 2010-12-23 10:09 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-01-13 16:07 . 2011-01-13 16:07 -------- d-----w- C:\Intel
2011-01-13 16:06 . 2009-03-03 19:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-01-13 16:03 . 2011-01-13 16:03 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-01-13 16:02 . 2011-01-13 16:03 -------- d-----w- c:\documents and settings\PC\Application Data\Logishrd
2011-01-13 16:02 . 2011-01-13 16:02 -------- d-----w- c:\documents and settings\PC\Application Data\Logitech
2011-01-13 16:02 . 2010-11-03 17:15 359016 ----a-w- c:\windows\vncutil.exe
2011-01-13 16:02 . 2010-11-11 12:27 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-01-13 16:02 . 2010-11-03 17:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-01-13 16:02 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-01-13 16:02 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-01-12 16:42 . 2011-01-12 16:42 -------- d-----w- c:\program files\Driver-Soft
2011-01-11 19:55 . 2011-01-11 19:55 -------- d-----w- c:\program files\Everest_Ultimate_Build_2253
2011-01-11 19:37 . 2011-01-11 19:37 -------- d-----w- c:\program files\Memory Improve Professional
2011-01-08 21:11 . 2011-01-08 21:11 -------- d-----w- c:\documents and settings\PC\Application Data\Disney Interactive Studios
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Opera
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\program files\Opera
2011-01-03 22:33 . 2011-01-16 20:38 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2011-01-03 22:33 . 2011-01-03 22:33 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Google
2011-01-03 22:32 . 2007-05-15 20:54 99840 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll
2011-01-03 22:32 . 2007-05-15 20:54 407040 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe
2011-01-03 22:32 . 2007-05-15 20:54 156544 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll
2011-01-03 22:32 . 2007-05-15 20:54 14456 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-12-29 17:52 . 2010-12-29 17:52 -------- d-----w- c:\program files\City Interactive
2010-12-29 12:45 . 2011-01-24 14:55 42675 ----a-w- c:\windows\system32\PC's Setting.scr
2010-12-27 22:15 . 2010-12-27 22:15 -------- d-----w- c:\documents and settings\PC\Application Data\MoveFab
2010-12-26 14:30 . 2010-12-26 14:30 -------- d-----w- c:\documents and settings\PC\Application Data\DVDFab
2010-12-26 11:36 . 2010-12-26 11:40 -------- d-----w- c:\documents and settings\PC\.android
2010-12-26 11:36 . 2010-12-26 11:36 -------- d-----w- c:\program files\Android
2010-12-26 11:35 . 2010-12-26 11:35 -------- d-----w- c:\program files\Sun
2010-12-26 11:35 . 2010-12-26 11:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 14:48 . 2010-11-01 18:59 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-30 13:17 . 2007-03-28 10:41 19972712 ----a-w- c:\windows\RTHDCPL.EXE
2010-12-30 10:59 . 2007-03-28 10:41 6290024 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-12-26 11:35 . 2010-10-23 18:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 20:41 . 2010-10-31 12:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-12-22 20:41 . 2007-03-28 12:13 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-22 20:41 . 2007-03-28 12:13 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-21 21:28 . 2010-12-21 21:28 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-21 21:28 . 2010-12-21 21:28 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-12-21 21:12 . 2010-12-10 13:22 138056 ----a-w- c:\documents and settings\PC\Application Data\PnkBstrK.sys
2010-12-21 21:12 . 2010-11-01 18:59 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-21 21:11 . 2010-11-01 18:59 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-20 17:09 . 2010-10-22 20:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-10-22 20:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 22:04 . 2010-12-10 13:35 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-19 21:44 . 2010-12-19 21:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-19 21:44 . 2010-12-19 21:12 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-19 20:57 . 2010-12-19 20:57 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-11-26 04:17 . 2007-03-28 11:55 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2010-10-22 10:20 16748544 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2010-10-22 10:20 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2010-12-15 18:26 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2010-10-22 10:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2010-10-22 10:20 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2010-12-15 18:26 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2007-03-28 11:55 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2007-03-28 11:55 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:39 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:34 . 2010-10-22 10:20 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2010-10-22 10:20 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2010-10-22 10:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2010-10-22 10:20 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2007-03-28 11:55 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2010-10-22 10:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2010-10-22 10:20 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2010-10-22 10:20 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2010-10-22 10:20 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2007-03-28 11:55 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-21 21:51 . 2010-11-21 21:51 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-21 21:51 . 2010-11-21 21:51 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-21 21:47 . 2010-11-21 21:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-17 12:03 . 2010-07-21 11:30 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2010-11-03 17:15 . 2007-03-28 10:41 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-03 17:15 . 2007-03-28 10:41 1833576 ----a-w- c:\windows\SkyTel.exe
2010-11-03 17:15 . 2007-03-28 10:41 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-03 17:15 . 2007-03-28 10:41 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-03 17:15 . 2007-03-28 10:41 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-03 17:14 . 2007-03-28 10:41 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-03 17:13 . 2007-03-28 10:41 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-03 17:13 . 2007-03-28 10:41 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-11-03 17:13 . 2007-03-28 10:41 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-11-01 18:07 . 2010-11-01 18:07 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-28 09:46 . 2007-03-28 10:40 1251944 ----a-w- c:\windows\RtlExUpd.dll
2004-03-11 11:27 . 2007-03-28 12:19 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2007-05-15 20:54 . 2011-01-03 22:31 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-15 20:54 . 2011-01-03 22:31 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-05-15 20:54 . 2011-01-03 22:31 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-05-15 20:54 . 2011-01-03 22:31 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-05-15 20:54 . 2011-01-03 22:31 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Valve\Steam\steam.exe" [2010-11-16 1242448]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Google Update"="c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-03 136176]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Memory Improve Professional"="c:\program files\Memory Improve Professional\MemoryImproveProfessional.exe" [2010-08-23 1416192]
"SPMTray"="c:\program files\PC Speed Maximizer\SPMTray.exe" [2010-08-24 205584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-11-17 20:29 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboarding.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Hi.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Low.exe"=
"c:\\Program Files\\Activision\\James Bond 007(TM) - Blood Stone\\Bond.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Deep Silver\\Nail'd\\Naild_x86.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [15.11.2010 16:24 190416]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2010 19:07 691696]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [15.11.2010 16:24 99792]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [28.3.2007 11:25 13696]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/22 21:42];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [17.11.2010 21:29 87536]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 11:22 185472]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe [22.11.2009 14:09 80384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.10.2010 21:59 363344]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.7.2010 12:30 101904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.10.2010 21:59 20952]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.1.2011 17:02 1691480]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
Contents of the 'Scheduled Tasks' folder
2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\rbcm5208.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://sk.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 16:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2f
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1979792683-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,59,4d,e2,36,a1,63,95,e0,b3,64,1f,e6,f9,b7,74,00,f1,cb,93,51,
6c,21,33,ed,99,72,4a,d5,12,1b,2b,f3,82,d2,46,e8,cf,e6,19,5d,c0,0d,f9,99,d2,\
"rkeysecu"=hex:77,78,ee,cd,5b,65,99,b4,34,71,f3,70,de,14,5e,6f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-01-24 16:21:22
ComboFix-quarantined-files.txt 2011-01-24 15:21
Pre-Run: 43 520 585 728 bytes free
Post-Run: 12 adresárov, 43 502 080 000 voľných bajtov
- - End Of File - - DFCFFD7F7EEE4B03322D4C736FC0F622