vírus
Napsal: 02 dub 2010 12:58
ComboFix 10-04-01.02 - Ľuboš 02.04.2010 13:49:38.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.645 [GMT 2:00]
Running from: d:\dokumenty\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\AppPatch\AcAdProc.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\explorer(2).exe
c:\windows\system32\_000009_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.
2010-04-02 11:47 . 2010-04-02 11:47 -------- d-----w- C:\32788R22FWJFW
2010-04-02 11:20 . 2010-04-02 11:21 -------- dc-h--w- c:\windows\ie8
2010-04-02 10:17 . 2010-04-02 10:22 -------- dc----w- c:\program files\trend micro
2010-04-02 10:17 . 2010-04-02 10:17 -------- d-----w- C:\rsit
2010-04-02 09:56 . 2010-04-02 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-02 09:43 . 2010-04-02 09:43 0 ----a-w- c:\windows\nsreg.dat
2010-04-02 09:43 . 2010-04-02 09:43 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\Mozilla
2010-04-02 08:33 . 2010-04-02 08:33 388096 ----a-r- c:\documents and settings\Grom\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-02 08:33 . 2010-04-02 08:33 -------- dc----w- c:\program files\TrendMicro
2010-04-01 14:51 . 2010-04-01 15:42 -------- dc----w- c:\program files\Microsoft Works
2010-04-01 14:47 . 2010-04-01 15:38 -------- dc----w- c:\program files\Microsoft Visual Studio 8
2010-04-01 14:46 . 2010-04-01 15:41 -------- d-----w- c:\windows\SHELLNEW
2010-04-01 14:45 . 2010-04-01 14:45 -------- d-----r- C:\MSOCache
2010-04-01 12:35 . 2010-04-01 12:35 -------- d-----w- c:\documents and settings\Grom\DoctorWeb
2010-03-31 13:05 . 2010-04-01 17:41 -------- dc----w- c:\program files\a-squared Free
2010-03-30 23:43 . 2010-03-30 23:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-03-30 18:49 . 2010-03-30 18:49 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\PCHealth
2010-03-30 16:55 . 2010-03-30 16:55 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\Microsoft Help
2010-03-30 16:54 . 2010-04-02 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-30 09:58 . 2010-03-30 12:15 81984 ----a-w- c:\windows\system32\bdod.bin
2010-03-30 09:47 . 2010-03-30 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-30 09:44 . 2010-03-30 12:18 -------- d-----w- c:\program files\Common Files\BitDefender
2010-03-30 09:33 . 2010-03-30 09:33 -------- d-----w- c:\windows\BDOSCAN8
2010-03-30 09:10 . 2010-03-30 09:10 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\Threat Expert
2010-03-29 19:24 . 2010-03-29 19:24 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-03-29 18:41 . 2010-03-29 18:41 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-24 09:06 . 2010-03-24 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-03-24 08:14 . 2010-03-28 17:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{608FC14F-9CE1-41EC-B349-F5C9055E47B3}
2010-03-23 20:05 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-23 20:05 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-23 20:05 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-23 20:05 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-03-23 20:05 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-21 19:41 . 2010-02-15 11:03 286208 ----a-w- c:\windows\system32\binkw32.dll
2010-03-21 18:47 . 2010-02-15 11:03 286208 ----a-w- c:\windows\binkw32.dll
2010-03-20 15:59 . 2010-03-20 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-03-20 12:32 . 2010-03-20 12:42 -------- d-----w- c:\documents and settings\Grom\Application Data\Registry Booster
2010-03-19 07:06 . 2010-03-19 07:06 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-03-19 07:06 . 2010-03-29 18:41 -------- d-s---w- c:\documents and settings\Administrator
2010-03-18 21:56 . 2010-03-19 07:23 -------- d-----w- c:\windows\system32\AGEIA(2)
2010-03-18 21:40 . 2010-03-18 21:40 -------- d-----w- c:\documents and settings\Grom\Application Data\Games
2010-03-18 14:25 . 2010-03-19 07:25 -------- d-----w- C:\RECYCLER(2)
2010-03-14 20:27 . 2010-03-14 20:27 -------- d-----w- c:\documents and settings\Grom\Application Data\SupportSoft
2010-03-14 20:17 . 2010-03-14 20:23 -------- d-----w- c:\documents and settings\Ľubko
2010-03-14 20:10 . 2010-03-14 20:10 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\WMTools Downloaded Files
2010-03-12 15:26 . 2010-03-29 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-03-12 13:26 . 2010-03-12 13:26 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\ESET
2010-03-09 23:49 . 2010-03-09 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2010-03-09 18:31 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 10:55 . 2010-03-09 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-06 17:11 . 2007-08-31 11:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-03-06 17:11 . 2007-08-31 11:52 33968 ----a-w- c:\windows\system32\anim.dll
2010-03-06 17:11 . 1999-11-22 14:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-03-06 17:11 . 1999-11-22 14:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-03-04 20:21 . 2010-03-04 20:21 -------- d-sh--w- c:\documents and settings\Grom\IECompatCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 15:44 . 2006-12-21 01:20 69232 -c--a-w- c:\documents and settings\Grom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-01 15:42 . 2010-01-06 17:31 -------- dc----w- c:\program files\MSBuild
2010-03-30 15:31 . 2006-12-21 01:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-30 12:25 . 2010-02-15 17:10 -------- d-----w- c:\documents and settings\Grom\Application Data\SUPERAntiSpyware.com
2010-03-30 09:22 . 2010-01-11 19:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-29 19:26 . 2010-02-08 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-29 18:40 . 2010-03-27 20:40 -------- d-----w- c:\documents and settings\Grom\Application Data\Football Superstars
2010-03-29 18:40 . 2010-03-28 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\program files\Common Files\supportsoft
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\program files\Common Files\iS3
2010-03-29 18:37 . 2010-03-29 18:37 -------- d-----w- c:\documents and settings\Grom\Application Data\Simply Super Software
2010-03-29 18:37 . 2010-03-29 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-03-29 18:36 . 2010-02-12 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-29 18:35 . 2008-03-29 13:24 -------- dc----w- c:\program files\ATI Technologies
2010-03-28 21:01 . 2010-03-28 21:01 -------- dc----w- c:\program files\KONAMI
2010-03-28 18:45 . 2010-01-21 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-28 18:21 . 2010-03-28 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-03-28 16:40 . 2010-03-05 21:00 773169 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-24 08:39 . 2010-03-24 08:39 32198 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
2010-03-23 20:11 . 2010-02-27 20:31 -------- d-----w- c:\documents and settings\Grom\Application Data\Uniblue
2010-03-21 19:07 . 2010-01-29 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-03-07 07:43 . 2010-02-12 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-06 16:41 . 2010-03-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira(2)
2010-03-06 16:41 . 2010-03-06 16:39 -------- d-----w- c:\program files\123 Pdf to Word Converter for Doc Free
2010-03-06 16:40 . 2010-03-06 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira(4)
2010-03-06 16:40 . 2010-01-25 18:21 -------- dc----w- c:\program files\MSECache
2010-03-06 16:39 . 2010-03-06 16:39 -------- d-----w- c:\documents and settings\Grom\Application Data\VS Revo Group
2010-03-06 16:39 . 2010-03-06 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Global Graphics
2010-03-06 16:36 . 2010-03-06 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira(5)
2010-03-06 16:14 . 2008-10-16 17:43 -------- d-----w- c:\documents and settings\Grom\Application Data\HPAppData
2010-02-28 12:34 . 2010-02-28 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-02-27 20:22 . 2010-02-27 20:22 -------- d-----w- c:\documents and settings\Grom\Application Data\URSoft
2010-02-27 17:14 . 2009-04-25 15:31 737280 -c--a-w- c:\windows\iun6002.exe
2010-02-25 06:24 . 2006-09-14 08:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 16:43 . 2010-02-20 16:43 -------- d-----w- c:\documents and settings\Grom\Application Data\Softplicity
2010-02-19 21:00 . 2010-02-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
2010-02-19 20:59 . 2010-02-19 20:59 -------- d-----w- c:\documents and settings\Grom\Application Data\Sports Interactive
2010-02-19 20:49 . 2010-02-19 20:48 -------- dc-h--w- c:\program files\Zero G Registry
2010-02-17 16:34 . 2010-02-17 16:34 796672 ----a-w- c:\windows\GPInstall.exe
2010-02-15 21:00 . 2010-02-15 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-02-15 20:22 . 2010-02-15 20:22 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-02-15 17:10 . 2010-02-15 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-12 21:25 . 2010-02-12 21:25 -------- d-----w- c:\documents and settings\Grom\Application Data\Symantec
2010-02-12 20:12 . 2010-02-12 20:12 -------- d-----w- c:\documents and settings\Grom\Application Data\Tific
2010-02-12 10:03 . 2010-03-06 07:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-11 04:12 . 2010-02-11 04:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-09 22:02 . 2010-02-09 22:01 -------- d-----w- c:\documents and settings\Grom\Application Data\Likno
2010-02-09 21:46 . 2010-02-09 21:46 503808 ----a-w- c:\documents and settings\Grom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-362af092-n\msvcp71.dll
2010-02-09 21:46 . 2010-02-09 21:46 499712 ----a-w- c:\documents and settings\Grom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-362af092-n\jmc.dll
2010-02-09 21:46 . 2010-02-09 21:46 348160 ----a-w- c:\documents and settings\Grom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-362af092-n\msvcr71.dll
2010-02-09 21:46 . 2010-02-09 21:46 61440 ----a-w- c:\documents and settings\Grom\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ab792e0-n\decora-sse.dll
2010-02-09 21:46 . 2010-02-09 21:46 12800 ----a-w- c:\documents and settings\Grom\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ab792e0-n\decora-d3d.dll
2010-02-09 21:46 . 2010-02-09 21:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-08 16:38 . 2010-02-08 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-08 16:36 . 2010-02-08 16:36 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2010-02-04 09:01 . 2010-02-19 20:52 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-19 20:52 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-19 20:52 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-19 20:52 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-03 21:43 . 2010-01-31 15:36 -------- d-----w- c:\documents and settings\Grom\Application Data\GetRightToGo
2010-02-03 21:43 . 2010-01-31 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-02-03 21:35 . 2010-02-03 18:39 -------- dc----w- c:\documents and settings\All Users\Application Data\{C6F7446C-1BD2-4E50-9F6B-44747FECDCDF}
2010-02-03 21:35 . 2010-02-03 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\clp
2010-02-03 19:58 . 2010-02-03 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite
2010-02-03 18:38 . 2010-02-03 18:38 -------- d-----w- c:\documents and settings\Grom\Application Data\Fighters
2010-01-06 21:35 . 2006-12-21 00:17 5938 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-06 21:35 . 2006-12-21 00:17 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [31.3.2010 15:05 1858144]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate;Služba Google Update (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe --> c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{04185977-C61F-4216-AA10-A308CC904433}
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Grom\Application Data\Mozilla\Firefox\Profiles\m9ymosln.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
AddRemove-{Medieval Lords} - c:\program files\Medieval Lords\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 13:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{919F7D4B-AA3F-BBB8-16C2-7F78E6740404}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jalegdehmbdkhllepadm"=hex:62,61,70,6f,00,00
"jalegdehmbdkhllepahm"=hex:62,61,6d,70,00,00
"ialnkhjjmabbmkjlml"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,64,66,65,6e,
65,64,6d,6e,00,00
"hafoiabkojomeoef"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,67,65,6c,6d,
6a,62,63,62,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1824)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\ATKKBService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msiexec.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-04-02 13:57:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-02 11:57
Pre-Run: 26 756 120 576 bytes free
Post-Run: 27 472 429 056 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 08000B1B05760BA823F58FF7FA81B592
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.645 [GMT 2:00]
Running from: d:\dokumenty\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\AppPatch\AcAdProc.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\explorer(2).exe
c:\windows\system32\_000009_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.
2010-04-02 11:47 . 2010-04-02 11:47 -------- d-----w- C:\32788R22FWJFW
2010-04-02 11:20 . 2010-04-02 11:21 -------- dc-h--w- c:\windows\ie8
2010-04-02 10:17 . 2010-04-02 10:22 -------- dc----w- c:\program files\trend micro
2010-04-02 10:17 . 2010-04-02 10:17 -------- d-----w- C:\rsit
2010-04-02 09:56 . 2010-04-02 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-02 09:43 . 2010-04-02 09:43 0 ----a-w- c:\windows\nsreg.dat
2010-04-02 09:43 . 2010-04-02 09:43 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\Mozilla
2010-04-02 08:33 . 2010-04-02 08:33 388096 ----a-r- c:\documents and settings\Grom\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-02 08:33 . 2010-04-02 08:33 -------- dc----w- c:\program files\TrendMicro
2010-04-01 14:51 . 2010-04-01 15:42 -------- dc----w- c:\program files\Microsoft Works
2010-04-01 14:47 . 2010-04-01 15:38 -------- dc----w- c:\program files\Microsoft Visual Studio 8
2010-04-01 14:46 . 2010-04-01 15:41 -------- d-----w- c:\windows\SHELLNEW
2010-04-01 14:45 . 2010-04-01 14:45 -------- d-----r- C:\MSOCache
2010-04-01 12:35 . 2010-04-01 12:35 -------- d-----w- c:\documents and settings\Grom\DoctorWeb
2010-03-31 13:05 . 2010-04-01 17:41 -------- dc----w- c:\program files\a-squared Free
2010-03-30 23:43 . 2010-03-30 23:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-03-30 18:49 . 2010-03-30 18:49 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\PCHealth
2010-03-30 16:55 . 2010-03-30 16:55 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\Microsoft Help
2010-03-30 16:54 . 2010-04-02 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-30 09:58 . 2010-03-30 12:15 81984 ----a-w- c:\windows\system32\bdod.bin
2010-03-30 09:47 . 2010-03-30 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-30 09:44 . 2010-03-30 12:18 -------- d-----w- c:\program files\Common Files\BitDefender
2010-03-30 09:33 . 2010-03-30 09:33 -------- d-----w- c:\windows\BDOSCAN8
2010-03-30 09:10 . 2010-03-30 09:10 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\Threat Expert
2010-03-29 19:24 . 2010-03-29 19:24 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-03-29 18:41 . 2010-03-29 18:41 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-24 09:06 . 2010-03-24 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-03-24 08:14 . 2010-03-28 17:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{608FC14F-9CE1-41EC-B349-F5C9055E47B3}
2010-03-23 20:05 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-23 20:05 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-23 20:05 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-23 20:05 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-03-23 20:05 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-21 19:41 . 2010-02-15 11:03 286208 ----a-w- c:\windows\system32\binkw32.dll
2010-03-21 18:47 . 2010-02-15 11:03 286208 ----a-w- c:\windows\binkw32.dll
2010-03-20 15:59 . 2010-03-20 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-03-20 12:32 . 2010-03-20 12:42 -------- d-----w- c:\documents and settings\Grom\Application Data\Registry Booster
2010-03-19 07:06 . 2010-03-19 07:06 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-03-19 07:06 . 2010-03-29 18:41 -------- d-s---w- c:\documents and settings\Administrator
2010-03-18 21:56 . 2010-03-19 07:23 -------- d-----w- c:\windows\system32\AGEIA(2)
2010-03-18 21:40 . 2010-03-18 21:40 -------- d-----w- c:\documents and settings\Grom\Application Data\Games
2010-03-18 14:25 . 2010-03-19 07:25 -------- d-----w- C:\RECYCLER(2)
2010-03-14 20:27 . 2010-03-14 20:27 -------- d-----w- c:\documents and settings\Grom\Application Data\SupportSoft
2010-03-14 20:17 . 2010-03-14 20:23 -------- d-----w- c:\documents and settings\Ľubko
2010-03-14 20:10 . 2010-03-14 20:10 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\WMTools Downloaded Files
2010-03-12 15:26 . 2010-03-29 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-03-12 13:26 . 2010-03-12 13:26 -------- d-----w- c:\documents and settings\Grom\Local Settings\Application Data\ESET
2010-03-09 23:49 . 2010-03-09 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2010-03-09 18:31 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 10:55 . 2010-03-09 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-06 17:11 . 2007-08-31 11:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-03-06 17:11 . 2007-08-31 11:52 33968 ----a-w- c:\windows\system32\anim.dll
2010-03-06 17:11 . 1999-11-22 14:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-03-06 17:11 . 1999-11-22 14:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-03-04 20:21 . 2010-03-04 20:21 -------- d-sh--w- c:\documents and settings\Grom\IECompatCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 15:44 . 2006-12-21 01:20 69232 -c--a-w- c:\documents and settings\Grom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-01 15:42 . 2010-01-06 17:31 -------- dc----w- c:\program files\MSBuild
2010-03-30 15:31 . 2006-12-21 01:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-30 12:25 . 2010-02-15 17:10 -------- d-----w- c:\documents and settings\Grom\Application Data\SUPERAntiSpyware.com
2010-03-30 09:22 . 2010-01-11 19:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-29 19:26 . 2010-02-08 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-29 18:40 . 2010-03-27 20:40 -------- d-----w- c:\documents and settings\Grom\Application Data\Football Superstars
2010-03-29 18:40 . 2010-03-28 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\program files\Common Files\supportsoft
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\program files\Common Files\iS3
2010-03-29 18:37 . 2010-03-29 18:37 -------- d-----w- c:\documents and settings\Grom\Application Data\Simply Super Software
2010-03-29 18:37 . 2010-03-29 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-03-29 18:36 . 2010-02-12 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-29 18:35 . 2008-03-29 13:24 -------- dc----w- c:\program files\ATI Technologies
2010-03-28 21:01 . 2010-03-28 21:01 -------- dc----w- c:\program files\KONAMI
2010-03-28 18:45 . 2010-01-21 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-28 18:21 . 2010-03-28 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-03-28 16:40 . 2010-03-05 21:00 773169 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-24 08:39 . 2010-03-24 08:39 32198 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
2010-03-23 20:11 . 2010-02-27 20:31 -------- d-----w- c:\documents and settings\Grom\Application Data\Uniblue
2010-03-21 19:07 . 2010-01-29 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-03-07 07:43 . 2010-02-12 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-06 16:41 . 2010-03-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira(2)
2010-03-06 16:41 . 2010-03-06 16:39 -------- d-----w- c:\program files\123 Pdf to Word Converter for Doc Free
2010-03-06 16:40 . 2010-03-06 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira(4)
2010-03-06 16:40 . 2010-01-25 18:21 -------- dc----w- c:\program files\MSECache
2010-03-06 16:39 . 2010-03-06 16:39 -------- d-----w- c:\documents and settings\Grom\Application Data\VS Revo Group
2010-03-06 16:39 . 2010-03-06 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Global Graphics
2010-03-06 16:36 . 2010-03-06 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira(5)
2010-03-06 16:14 . 2008-10-16 17:43 -------- d-----w- c:\documents and settings\Grom\Application Data\HPAppData
2010-02-28 12:34 . 2010-02-28 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-02-27 20:22 . 2010-02-27 20:22 -------- d-----w- c:\documents and settings\Grom\Application Data\URSoft
2010-02-27 17:14 . 2009-04-25 15:31 737280 -c--a-w- c:\windows\iun6002.exe
2010-02-25 06:24 . 2006-09-14 08:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 16:43 . 2010-02-20 16:43 -------- d-----w- c:\documents and settings\Grom\Application Data\Softplicity
2010-02-19 21:00 . 2010-02-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
2010-02-19 20:59 . 2010-02-19 20:59 -------- d-----w- c:\documents and settings\Grom\Application Data\Sports Interactive
2010-02-19 20:49 . 2010-02-19 20:48 -------- dc-h--w- c:\program files\Zero G Registry
2010-02-17 16:34 . 2010-02-17 16:34 796672 ----a-w- c:\windows\GPInstall.exe
2010-02-15 21:00 . 2010-02-15 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-02-15 20:22 . 2010-02-15 20:22 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-02-15 17:10 . 2010-02-15 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-12 21:25 . 2010-02-12 21:25 -------- d-----w- c:\documents and settings\Grom\Application Data\Symantec
2010-02-12 20:12 . 2010-02-12 20:12 -------- d-----w- c:\documents and settings\Grom\Application Data\Tific
2010-02-12 10:03 . 2010-03-06 07:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-11 04:12 . 2010-02-11 04:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-09 22:02 . 2010-02-09 22:01 -------- d-----w- c:\documents and settings\Grom\Application Data\Likno
2010-02-09 21:46 . 2010-02-09 21:46 503808 ----a-w- c:\documents and settings\Grom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-362af092-n\msvcp71.dll
2010-02-09 21:46 . 2010-02-09 21:46 499712 ----a-w- c:\documents and settings\Grom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-362af092-n\jmc.dll
2010-02-09 21:46 . 2010-02-09 21:46 348160 ----a-w- c:\documents and settings\Grom\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-362af092-n\msvcr71.dll
2010-02-09 21:46 . 2010-02-09 21:46 61440 ----a-w- c:\documents and settings\Grom\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ab792e0-n\decora-sse.dll
2010-02-09 21:46 . 2010-02-09 21:46 12800 ----a-w- c:\documents and settings\Grom\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ab792e0-n\decora-d3d.dll
2010-02-09 21:46 . 2010-02-09 21:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-08 16:38 . 2010-02-08 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-08 16:36 . 2010-02-08 16:36 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2010-02-04 09:01 . 2010-02-19 20:52 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-19 20:52 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-19 20:52 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-19 20:52 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-03 21:43 . 2010-01-31 15:36 -------- d-----w- c:\documents and settings\Grom\Application Data\GetRightToGo
2010-02-03 21:43 . 2010-01-31 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-02-03 21:35 . 2010-02-03 18:39 -------- dc----w- c:\documents and settings\All Users\Application Data\{C6F7446C-1BD2-4E50-9F6B-44747FECDCDF}
2010-02-03 21:35 . 2010-02-03 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\clp
2010-02-03 19:58 . 2010-02-03 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite
2010-02-03 18:38 . 2010-02-03 18:38 -------- d-----w- c:\documents and settings\Grom\Application Data\Fighters
2010-01-06 21:35 . 2006-12-21 00:17 5938 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-06 21:35 . 2006-12-21 00:17 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [31.3.2010 15:05 1858144]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate;Služba Google Update (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe --> c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{04185977-C61F-4216-AA10-A308CC904433}
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Grom\Application Data\Mozilla\Firefox\Profiles\m9ymosln.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
AddRemove-{Medieval Lords} - c:\program files\Medieval Lords\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 13:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2000478354-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{919F7D4B-AA3F-BBB8-16C2-7F78E6740404}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jalegdehmbdkhllepadm"=hex:62,61,70,6f,00,00
"jalegdehmbdkhllepahm"=hex:62,61,6d,70,00,00
"ialnkhjjmabbmkjlml"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,64,66,65,6e,
65,64,6d,6e,00,00
"hafoiabkojomeoef"=hex:6b,61,65,70,63,68,6f,6d,63,62,61,66,66,6b,67,65,6c,6d,
6a,62,63,62,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1824)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\ATKKBService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msiexec.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-04-02 13:57:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-02 11:57
Pre-Run: 26 756 120 576 bytes free
Post-Run: 27 472 429 056 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 08000B1B05760BA823F58FF7FA81B592
