ComboFix 12-02-25.02 - Joseph . 03. 2012  22:16:07.4.2 - x86
Microsoft Windows Vista Business   6.0.6002.2.1250.421.1029.18.3326.2059 [GMT 1:00]
Running from: c:\users\Joseph\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 * Resident AV is active
.
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2012-02-03 to 2012-03-03  )))))))))))))))))))))))))))))))
.
.
2012-03-03 21:20 . 2012-03-03 21:22	--------	d-----w-	c:\users\Joseph\AppData\Local\temp
2012-03-03 21:20 . 2012-03-03 21:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-03 20:46 . 2012-03-03 20:46	--------	d-----w-	c:\program files\trend micro
2012-03-03 20:46 . 2012-03-03 20:46	--------	d-----w-	C:\rsit
2012-03-03 12:56 . 2012-03-03 13:52	23368	----a-w-	c:\windows\system32\drivers\OlmarikFixer.sys
2012-03-03 12:19 . 2012-03-03 12:19	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-03-02 07:18 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A16EC0-2271-4847-8ECF-361DC2B02796}\mpengine.dll
2012-02-15 12:54 . 2012-01-12 19:52	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-02-15 12:54 . 2011-12-14 16:17	680448	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 12:54 . 2011-12-20 10:56	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-02-06 16:41 . 2012-02-06 16:45	--------	d-----w-	c:\program files\fliptoast
2012-02-06 16:41 . 2012-02-06 16:41	--------	d-----w-	c:\program files\Free Offers from Freeze.com
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 04:10 . 2009-10-03 11:38	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-12-16 10:26 . 2011-12-16 10:26	0	----a-w-	c:\users\Joseph\AppData\Local\BITC6BA.tmp
2011-12-16 10:26 . 2011-12-16 10:26	0	----a-w-	c:\users\Joseph\AppData\Local\BIT91C5.tmp
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-03-03_10.34.23   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2012-03-03 13:04	80016              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-12 08:29 . 2012-03-03 10:14	14438              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1642235748-1831838932-1144732441-1000_UserData.bin
+ 2008-09-12 08:29 . 2012-03-03 13:04	14438              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1642235748-1831838932-1144732441-1000_UserData.bin
+ 2008-01-21 02:25 . 2008-01-21 02:25	62976              c:\windows\System32\oobe\windeploy.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25	42496              c:\windows\System32\oobe\oobeldr.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25	52736              c:\windows\System32\oobe\audit.exe
- 2008-09-12 08:27 . 2012-03-03 10:12	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-12 08:27 . 2012-03-03 13:02	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-02 23:23 . 2012-03-03 13:02	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-02 23:23 . 2012-03-03 10:12	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-12 08:27 . 2012-03-03 13:02	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-12 08:27 . 2012-03-03 10:12	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-03 13:02 . 2012-03-03 13:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-03 10:12 . 2012-03-03 10:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-03 13:02 . 2012-03-03 13:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-03 10:12 . 2012-03-03 10:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2012-03-03 13:04	175614              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-21 02:25 . 2008-01-21 02:25	195640              c:\windows\System32\oobe\Setup.exe
+ 2010-04-05 20:25 . 2012-03-03 12:52	571300              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-04-05 20:25 . 2012-03-03 10:10	571300              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-10-30 22:24 . 2012-03-03 20:09	1277300              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-09-17 09:09 . 2009-04-11 06:27	1315840              c:\windows\System32\oobe\msoobe.exe
- 2010-04-05 20:25 . 2012-03-03 10:10	30073852              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1642235748-1831838932-1144732441-1000-12288.dat
+ 2010-04-05 20:25 . 2012-03-03 12:52	30073852              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1642235748-1831838932-1144732441-1000-12288.dat
+ 2009-05-17 16:54 . 2012-03-03 13:50	288601074              c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TiVme Agent"="c:\program files\GIGABYTE\vivoTV\ScheduleAgent.exe" [2010-01-25 114688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]
"CTHelper"="CTHELPER.EXE" [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 19968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536752]
"TrueImageMonitor.exe"="e:\acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-17 5566176]
"Sluba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-17 391144]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2010-05-10 1989120]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1642235748-1831838932-1144732441-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 afcdpsrv;Sluba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-02-02 3246040]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-02-02 167968]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EOLMARIKFIX
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:25]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:25]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1642235748-1831838932-1144732441-1000Core.job
- c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-27 10:43]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1642235748-1831838932-1144732441-1000UA.job
- c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-27 10:43]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.bigseekpro.com/quicklogodesigner/{6CEAFE79-7BE7-499B-973F-CB8215E181E5}
IE: E&xportova do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: LastPass vypacie formulre - file://c:\program files\LastPass\context.html?cmd=fillforms
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - e:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - e:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - e:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - e:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - e:\translat\WebIE.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} - hxxp://www.o2c.de/download/o2cplayerac.cab
FF - ProfilePath - c:\users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\3ktn4wqo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast, 
.
.
------- File Associations -------
.
txtfile="e:\pspad editor\PSPad.exe" "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-03 22:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTHelper = CTHELPER.EXE? 
  CTxfiHlp = CTXFIHLP.EXE? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-03-03  22:39:21
ComboFix-quarantined-files.txt  2012-03-03 21:38
ComboFix2.txt  2012-03-03 12:16
ComboFix3.txt  2012-03-03 10:48
.
Pre-Run: Volnch bajt: 25934749696
Post-Run: Volnch bajt: 25901924352
.
- - End Of File - - 0BBDC0D4437962D57FA4373E73B3A294
