Pomaly notebook kontrola logu

[Star_B]

Hijackthis

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:48, on 19.03.10
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\System Protect\SysProtect_Tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
C:\Windows\System32\p2phost.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Users\Saxi\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2086743
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cm112Sound] RunDll32 cm112.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SystemProtect] C:\Program Files\System Protect\SysProtect_Tray.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Saxi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Users\Saxi\AppData\Local\Temp\E_S895C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Program Files\System Protect\SysProtect_srv.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 10665 bytes

Combofix

Kód: Vybrat vše

ComboFix 10-03-19.03 - Saxi 19.03.10  21:06:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.421.1051.18.3070.2271 [GMT 1:00]
Running from: c:\users\Saxi\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Saxi\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\windows\system32\acovcnt.exe
c:\windows\system32\Connect.dll

.
(((((((((((((((((((((((((   Files Created from 2010-02-19 to 2010-03-19  )))))))))))))))))))))))))))))))
.

2010-03-19 20:16 . 2010-03-19 20:17	--------	d-----w-	c:\users\Saxi\AppData\Local\temp
2010-03-19 20:16 . 2010-03-19 20:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-03-19 19:37 . 2010-03-19 20:00	--------	d-----w-	C:\32788R22FWJFW
2010-03-14 15:20 . 2010-03-14 15:20	49152	----a-w-	c:\users\Saxi\Sibreg.exe
2010-03-11 19:24 . 2010-03-11 19:24	--------	d-----w-	c:\program files\Conduit
2010-03-11 19:24 . 2010-03-11 19:24	--------	d-----w-	c:\program files\PHPNukeEN
2010-03-11 19:24 . 2010-03-11 19:24	--------	d-----w-	c:\program files\vanBasco's Karaoke Player
2010-03-10 06:56 . 2010-02-20 23:06	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-03-10 06:56 . 2010-02-20 20:53	411648	----a-w-	c:\windows\system32\drivers\http.sys
2010-03-10 06:56 . 2010-02-20 23:05	30720	----a-w-	c:\windows\system32\httpapi.dll
2010-03-07 10:00 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-03-07 09:31 . 2010-03-07 09:32	1408248	----a-w-	c:\programdata\hps\5316\setup_Moj_CeWe_Fotosvet.exe
2010-03-05 04:44 . 2010-03-05 04:45	--------	d-----w-	C:\Cakewalk Projects
2010-03-05 04:44 . 2010-03-05 04:44	--------	d-----w-	c:\program files\Cakewalk
2010-03-04 05:37 . 2010-03-04 05:37	--------	d-----w-	c:\program files\upnito.sk manager
2010-03-01 19:52 . 2010-03-01 19:52	--------	d-----w-	c:\program files\Eduware
2010-02-28 19:28 . 2010-02-28 19:28	--------	d-----w-	c:\program files\Ask.com
2010-02-28 19:27 . 2010-02-28 19:27	--------	d-----w-	c:\program files\FreeTime
2010-02-28 19:26 . 2010-02-28 19:55	--------	d-----w-	c:\program files\Midiocre
2010-02-28 19:25 . 2010-02-28 19:25	--------	d-----w-	c:\users\Saxi\AppData\Roaming\SynthFont
2010-02-28 19:25 . 2010-02-28 19:41	--------	d-----w-	c:\program files\SynthFont
2010-02-28 16:44 . 2010-02-28 16:44	--------	d-----w-	c:\program files\Notation
2010-02-28 13:50 . 2010-02-28 13:50	--------	d-----w-	c:\users\Saxi\AppData\Local\Apple Computer
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\program files\Common Files\Apple
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\users\Saxi\AppData\Local\Apple
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\program files\Apple Software Update
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\programdata\Apple
2010-02-21 15:39 . 2010-02-21 15:39	--------	d-----w-	C:\TOMBOLA

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 20:01 . 2008-10-17 01:04	12	----a-w-	c:\windows\bthservsdp.dat
2010-03-19 19:37 . 2008-11-30 19:23	--------	d-----w-	c:\users\Saxi\AppData\Roaming\Skype
2010-03-19 15:06 . 2008-11-30 19:25	--------	d-----w-	c:\users\Saxi\AppData\Roaming\skypePM
2010-03-14 14:20 . 2009-05-02 17:38	680	----a-w-	c:\users\Saxi\AppData\Local\d3d9caps.dat
2010-03-11 13:05 . 2009-09-23 18:35	--------	d-----w-	c:\users\Saxi\AppData\Roaming\Anvil Studio
2010-03-10 11:37 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-03-10 07:03 . 2008-10-17 01:12	--------	d-----w-	c:\programdata\Microsoft Help
2010-03-05 04:44 . 2009-10-26 20:17	118784	----a-w-	c:\windows\dsdxirmv.exe
2010-02-28 20:14 . 2009-11-05 06:01	--------	d-----w-	c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-02-28 20:04 . 2008-11-07 20:08	117760	----a-w-	c:\users\Saxi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-02 17:29	181632	------w-	c:\windows\system32\MpSigStub.exe
2010-02-15 10:12 . 2008-11-16 09:06	--------	d-----w-	c:\program files\Sibelius Software
2010-02-14 08:13 . 2010-02-09 16:14	--------	d-----w-	c:\users\Saxi\AppData\Roaming\Sibelius Software
2010-02-10 06:57 . 2010-02-10 06:57	--------	d-----w-	c:\program files\Steinberg
2010-02-10 06:54 . 2010-02-10 06:54	--------	d-----w-	c:\program files\MP3 Compressor
2010-02-05 09:39 . 2010-02-05 09:39	251376	----a-w-	c:\users\Saxi\AppData\Roaming\Mozilla\Plugins\npgoogletalk.dll
2010-02-01 14:17 . 2009-04-23 06:34	--------	d-----w-	c:\program files\QuickMediaConverter
2010-01-25 12:00 . 2010-02-24 06:31	471552	----a-w-	c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 06:31	152576	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 06:31	152064	----a-w-	c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 06:31	471552	----a-w-	c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 06:31	332288	----a-w-	c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 06:31	526336	----a-w-	c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 06:31	346624	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 06:31	518144	----a-w-	c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 06:31	347136	----a-w-	c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 06:31	2048	----a-w-	c:\windows\system32\tzres.dll
2010-01-21 06:18 . 2009-02-17 20:58	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-01-06 15:39 . 2010-02-24 06:31	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 06:31	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 06:31	173056	----a-w-	c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 06:31	542720	----a-w-	c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 06:31	458752	----a-w-	c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 06:31	2159616	----a-w-	c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 06:31	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-22 06:02	916480	----a-w-	c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 06:02	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 06:02	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 06:02	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2009-12-22 14:12 . 2009-12-22 14:12	489720	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2008-11-16 09:54 . 2008-11-16 09:54	604	---ha-w-	c:\program files\STLL Notifier
2009-11-24 12:14 . 2009-11-24 12:14	10437264	----a-w-	c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 11:10 . 2009-11-28 11:10	107760	----a-w-	c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-09-22 07:24	815104	----a-w-	c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 18:50	809864	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-12-31 10:53	2349080	----a-w-	c:\program files\PHPNukeEN\tbPHPN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-09-22 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-09-22 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Saxi\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-16 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-17 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-17 33136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SystemProtect"="c:\program files\System Protect\SysProtect_Tray.exe" [2009-05-24 1223680]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]

c:\users\Saxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-4 333088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-11-9 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,31,60,ee,45,59,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-22 721904]
R2 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [2009-05-24 598528]
R3 USBADVAU;USB Advance Audio Interface;c:\windows\system32\drivers\cm112.sys [2007-11-13 1313792]
S2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS [2009-11-27 51072]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-18 185640]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
S3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2009-05-24 12288]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138842971-341294030-74888920-1000Core.job
- c:\users\Saxi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-16 17:40]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138842971-341294030-74888920-1000UA.job
- c:\users\Saxi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-16 17:40]

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{961425BA-1937-4424-9F0B-570F0DC84442}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Saxi\AppData\Roaming\Mozilla\Firefox\Profiles\eviomwq7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=14597&l=dis
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_EU&q=
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\users\Saxi\AppData\Roaming\Mozilla\Firefox\Profiles\eviomwq7.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Saxi\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Saxi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Saxi\AppData\Roaming\Mozilla\plugins\npPxPlay.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cm112Sound - cm112.cpl
AddRemove-eMusic Promotion - c:\program files\Winamp\eMusic\Uninst-eMusic-promotion.exe
AddRemove-Winamp Toolbar for Firefox - c:\users\Saxi\AppData\Roaming\Mozilla\Firefox\Profiles\eviomwq7.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 21:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


C:\ADSM_PData_0150

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,0f,7a,fd,61,91,ad,40,9d,f4,87,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,0f,7a,fd,61,91,ad,40,9d,f4,87,\

[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5D0EEE6E-EC6A-17B1-5AB4-3BA61955DA55}*]
"oanednoccmhggedjjophmijmachhhj"=hex:6a,61,62,64,64,6e,61,6a,62,6b,65,6a,6a,67,
   69,6c,6d,6a,64,63,00,a8
"nahebamnohfkmhcagfgfndoaakmn"=hex:6a,61,62,64,61,6f,6c,6b,70,65,68,66,66,66,
   6c,6b,6a,6f,6a,6d,00,a8
"oabffljmoalfbhedkkpobdhpmoplip"=hex:64,61,63,64,70,6f,6f,6d,00,41

[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{75DD459A-4043-F2B6-FE2F-29F28E8B8532}*]
"iaclcecablcdojoaal"=hex:6c,61,63,6f,6e,6d,6c,70,6f,63,6b,6f,69,6d,66,65,66,69,
   6a,64,66,63,67,6e,00,d6
"hamlicagjaomjfal"=hex:6c,61,63,6f,6e,6d,6c,70,6f,63,6b,6f,69,6d,66,65,66,69,
   6a,64,66,63,67,6e,00,0a
"jaclcecablcdojoaalip"=hex:6c,61,63,6f,6e,6d,6c,70,6f,63,6b,6f,69,6d,66,65,66,
   69,6a,64,66,63,67,6e,00,0a
"haolkdhonplhjjlb"=hex:61,61,00,00
"haolkdhoioaknhhj"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BEAF5719-ECF3-F947-7AA9-D7F73072B416}*]
"iahgplellebkfkfpdd"=hex:6d,61,64,66,6f,66,70,62,6c,64,67,6a,65,6d,6e,6c,6d,65,
   64,6c,67,63,64,68,62,6b,00,02
"habhbolpfbmgjali"=hex:6d,61,67,66,6d,65,66,6f,6f,6c,6d,63,64,64,6f,6e,68,62,
   6b,65,6a,6e,64,6d,69,6d,00,77
"jahgplellebkfkfpddko"=hex:6d,61,67,66,6d,65,66,6f,6f,6c,6d,63,64,64,6f,6e,68,
   62,6b,65,6a,6e,64,6d,69,6d,00,77

[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5BDC71C-96BC-8532-66D7-3EC4C5A1BB10}*]
"oanaibecdodajhhooncofnbglblomk"=hex:64,61,63,70,6d,6e,63,69,00,8e
"oajbmnnnpikafeacbagfgpgnodhhbi"=hex:6a,61,6e,6f,6e,64,65,65,69,6c,61,70,6b,67,
   6a,6a,69,68,70,65,00,00
"nadkknjfefmnfchbbcdoidkpmpaa"=hex:6a,61,6e,6f,68,65,6f,64,6b,6d,65,6a,65,6b,
   66,67,67,6c,68,65,00,00
"eabkmofhnf"=hex:65,61,61,62,62,66,6d,66,65,64,00,76
"caabad"=hex:65,62,6c,6f,66,65,6e,6c,6e,6c,6f,65,6b,6b,66,6b,61,6c,6b,68,63,6f,
   66,6c,6a,67,6e,68,64,6a,61,67,6a,67,6f,61,70,6c,6b,6f,6a,68,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-19  21:20:56
ComboFix-quarantined-files.txt  2010-03-19 20:20

Pre-Run: 79 862 890 496 bytes free
Post-Run: 81 746 849 792 bytes free

- - End Of File - - E6CBE702DAAE690580FB792CA52402AA

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[Star_B]

Kód: Vybrat vše

ComboFix 10-03-19.03 - Saxi 19.03.10  21:06:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.421.1051.18.3070.2271 [GMT 1:00]
Running from: c:\users\Saxi\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Saxi\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\windows\system32\acovcnt.exe
c:\windows\system32\Connect.dll

.
(((((((((((((((((((((((((   Files Created from 2010-02-19 to 2010-03-19  )))))))))))))))))))))))))))))))
.

2010-03-19 20:16 . 2010-03-19 20:17	--------	d-----w-	c:\users\Saxi\AppData\Local\temp
2010-03-19 20:16 . 2010-03-19 20:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-03-19 19:37 . 2010-03-19 20:00	--------	d-----w-	C:\32788R22FWJFW
2010-03-14 15:20 . 2010-03-14 15:20	49152	----a-w-	c:\users\Saxi\Sibreg.exe
2010-03-11 19:24 . 2010-03-11 19:24	--------	d-----w-	c:\program files\Conduit
2010-03-11 19:24 . 2010-03-11 19:24	--------	d-----w-	c:\program files\PHPNukeEN
2010-03-11 19:24 . 2010-03-11 19:24	--------	d-----w-	c:\program files\vanBasco's Karaoke Player
2010-03-10 06:56 . 2010-02-20 23:06	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-03-10 06:56 . 2010-02-20 20:53	411648	----a-w-	c:\windows\system32\drivers\http.sys
2010-03-10 06:56 . 2010-02-20 23:05	30720	----a-w-	c:\windows\system32\httpapi.dll
2010-03-07 10:00 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-03-07 09:31 . 2010-03-07 09:32	1408248	----a-w-	c:\programdata\hps\5316\setup_Moj_CeWe_Fotosvet.exe
2010-03-05 04:44 . 2010-03-05 04:45	--------	d-----w-	C:\Cakewalk Projects
2010-03-05 04:44 . 2010-03-05 04:44	--------	d-----w-	c:\program files\Cakewalk
2010-03-04 05:37 . 2010-03-04 05:37	--------	d-----w-	c:\program files\upnito.sk manager
2010-03-01 19:52 . 2010-03-01 19:52	--------	d-----w-	c:\program files\Eduware
2010-02-28 19:28 . 2010-02-28 19:28	--------	d-----w-	c:\program files\Ask.com
2010-02-28 19:27 . 2010-02-28 19:27	--------	d-----w-	c:\program files\FreeTime
2010-02-28 19:26 . 2010-02-28 19:55	--------	d-----w-	c:\program files\Midiocre
2010-02-28 19:25 . 2010-02-28 19:25	--------	d-----w-	c:\users\Saxi\AppData\Roaming\SynthFont
2010-02-28 19:25 . 2010-02-28 19:41	--------	d-----w-	c:\program files\SynthFont
2010-02-28 16:44 . 2010-02-28 16:44	--------	d-----w-	c:\program files\Notation
2010-02-28 13:50 . 2010-02-28 13:50	--------	d-----w-	c:\users\Saxi\AppData\Local\Apple Computer
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\program files\Common Files\Apple
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\users\Saxi\AppData\Local\Apple
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\program files\Apple Software Update
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\programdata\Apple
2010-02-21 15:39 . 2010-02-21 15:39	--------	d-----w-	C:\TOMBOLA

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 20:01 . 2008-10-17 01:04	12	----a-w-	c:\windows\bthservsdp.dat
2010-03-19 19:37 . 2008-11-30 19:23	--------	d-----w-	c:\users\Saxi\AppData\Roaming\Skype
2010-03-19 15:06 . 2008-11-30 19:25	--------	d-----w-	c:\users\Saxi\AppData\Roaming\skypePM
2010-03-14 14:20 . 2009-05-02 17:38	680	----a-w-	c:\users\Saxi\AppData\Local\d3d9caps.dat
2010-03-11 13:05 . 2009-09-23 18:35	--------	d-----w-	c:\users\Saxi\AppData\Roaming\Anvil Studio
2010-03-10 11:37 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-03-10 07:03 . 2008-10-17 01:12	--------	d-----w-	c:\programdata\Microsoft Help
2010-03-05 04:44 . 2009-10-26 20:17	118784	----a-w-	c:\windows\dsdxirmv.exe
2010-02-28 20:14 . 2009-11-05 06:01	--------	d-----w-	c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-02-28 20:04 . 2008-11-07 20:08	117760	----a-w-	c:\users\Saxi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-02 17:29	181632	------w-	c:\windows\system32\MpSigStub.exe
2010-02-15 10:12 . 2008-11-16 09:06	--------	d-----w-	c:\program files\Sibelius Software
2010-02-14 08:13 . 2010-02-09 16:14	--------	d-----w-	c:\users\Saxi\AppData\Roaming\Sibelius Software
2010-02-10 06:57 . 2010-02-10 06:57	--------	d-----w-	c:\program files\Steinberg
2010-02-10 06:54 . 2010-02-10 06:54	--------	d-----w-	c:\program files\MP3 Compressor
2010-02-05 09:39 . 2010-02-05 09:39	251376	----a-w-	c:\users\Saxi\AppData\Roaming\Mozilla\Plugins\npgoogletalk.dll
2010-02-01 14:17 . 2009-04-23 06:34	--------	d-----w-	c:\program files\QuickMediaConverter
2010-01-25 12:00 . 2010-02-24 06:31	471552	----a-w-	c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 06:31	152576	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 06:31	152064	----a-w-	c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 06:31	471552	----a-w-	c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 06:31	332288	----a-w-	c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 06:31	526336	----a-w-	c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 06:31	346624	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 06:31	518144	----a-w-	c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 06:31	347136	----a-w-	c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 06:31	2048	----a-w-	c:\windows\system32\tzres.dll
2010-01-21 06:18 . 2009-02-17 20:58	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-01-06 15:39 . 2010-02-24 06:31	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 06:31	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 06:31	173056	----a-w-	c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 06:31	542720	----a-w-	c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 06:31	458752	----a-w-	c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 06:31	2159616	----a-w-	c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 06:31	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-22 06:02	916480	----a-w-	c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 06:02	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 06:02	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 06:02	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2009-12-22 14:12 . 2009-12-22 14:12	489720	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2008-11-16 09:54 . 2008-11-16 09:54	604	---ha-w-	c:\program files\STLL Notifier
2009-11-24 12:14 . 2009-11-24 12:14	10437264	----a-w-	c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 11:10 . 2009-11-28 11:10	107760	----a-w-	c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-09-22 07:24	815104	----a-w-	c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 18:50	809864	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-12-31 10:53	2349080	----a-w-	c:\program files\PHPNukeEN\tbPHPN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-09-22 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-09-22 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Saxi\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-16 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-17 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-17 33136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SystemProtect"="c:\program files\System Protect\SysProtect_Tray.exe" [2009-05-24 1223680]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]

c:\users\Saxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-4 333088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-11-9 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,31,60,ee,45,59,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-22 721904]
R2 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [2009-05-24 598528]
R3 USBADVAU;USB Advance Audio Interface;c:\windows\system32\drivers\cm112.sys [2007-11-13 1313792]
S2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS [2009-11-27 51072]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-18 185640]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
S3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2009-05-24 12288]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138842971-341294030-74888920-1000Core.job
- c:\users\Saxi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-16 17:40]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138842971-341294030-74888920-1000UA.job
- c:\users\Saxi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-16 17:40]

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{961425BA-1937-4424-9F0B-570F0DC84442}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Saxi\AppData\Roaming\Mozilla\Firefox\Profiles\eviomwq7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=14597&l=dis
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_EU&q=
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\users\Saxi\AppData\Roaming\Mozilla\Firefox\Profiles\eviomwq7.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Saxi\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Saxi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Saxi\AppData\Roaming\Mozilla\plugins\npPxPlay.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cm112Sound - cm112.cpl
AddRemove-eMusic Promotion - c:\program files\Winamp\eMusic\Uninst-eMusic-promotion.exe
AddRemove-Winamp Toolbar for Firefox - c:\users\Saxi\AppData\Roaming\Mozilla\Firefox\Profiles\eviomwq7.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 21:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


C:\ADSM_PData_0150

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,0f,7a,fd,61,91,ad,40,9d,f4,87,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,0f,7a,fd,61,91,ad,40,9d,f4,87,\

[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5D0EEE6E-EC6A-17B1-5AB4-3BA61955DA55}*]
"oanednoccmhggedjjophmijmachhhj"=hex:6a,61,62,64,64,6e,61,6a,62,6b,65,6a,6a,67,
   69,6c,6d,6a,64,63,00,a8
"nahebamnohfkmhcagfgfndoaakmn"=hex:6a,61,62,64,61,6f,6c,6b,70,65,68,66,66,66,
   6c,6b,6a,6f,6a,6d,00,a8
"oabffljmoalfbhedkkpobdhpmoplip"=hex:64,61,63,64,70,6f,6f,6d,00,41

[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{75DD459A-4043-F2B6-FE2F-29F28E8B8532}*]
"iaclcecablcdojoaal"=hex:6c,61,63,6f,6e,6d,6c,70,6f,63,6b,6f,69,6d,66,65,66,69,
   6a,64,66,63,67,6e,00,d6
"hamlicagjaomjfal"=hex:6c,61,63,6f,6e,6d,6c,70,6f,63,6b,6f,69,6d,66,65,66,69,
   6a,64,66,63,67,6e,00,0a
"jaclcecablcdojoaalip"=hex:6c,61,63,6f,6e,6d,6c,70,6f,63,6b,6f,69,6d,66,65,66,
   69,6a,64,66,63,67,6e,00,0a
"haolkdhonplhjjlb"=hex:61,61,00,00
"haolkdhoioaknhhj"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BEAF5719-ECF3-F947-7AA9-D7F73072B416}*]
"iahgplellebkfkfpdd"=hex:6d,61,64,66,6f,66,70,62,6c,64,67,6a,65,6d,6e,6c,6d,65,
   64,6c,67,63,64,68,62,6b,00,02
"habhbolpfbmgjali"=hex:6d,61,67,66,6d,65,66,6f,6f,6c,6d,63,64,64,6f,6e,68,62,
   6b,65,6a,6e,64,6d,69,6d,00,77
"jahgplellebkfkfpddko"=hex:6d,61,67,66,6d,65,66,6f,6f,6c,6d,63,64,64,6f,6e,68,
   62,6b,65,6a,6e,64,6d,69,6d,00,77

[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5BDC71C-96BC-8532-66D7-3EC4C5A1BB10}*]
"oanaibecdodajhhooncofnbglblomk"=hex:64,61,63,70,6d,6e,63,69,00,8e
"oajbmnnnpikafeacbagfgpgnodhhbi"=hex:6a,61,6e,6f,6e,64,65,65,69,6c,61,70,6b,67,
   6a,6a,69,68,70,65,00,00
"nadkknjfefmnfchbbcdoidkpmpaa"=hex:6a,61,6e,6f,68,65,6f,64,6b,6d,65,6a,65,6b,
   66,67,67,6c,68,65,00,00
"eabkmofhnf"=hex:65,61,61,62,62,66,6d,66,65,64,00,76
"caabad"=hex:65,62,6c,6f,66,65,6e,6c,6e,6c,6f,65,6b,6b,66,6b,61,6c,6b,68,63,6f,
   66,6c,6a,67,6e,68,64,6a,61,67,6a,67,6f,61,70,6c,6b,6f,6a,68,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-19  21:20:56
ComboFix-quarantined-files.txt  2010-03-19 20:20

Pre-Run: 79 862 890 496 bytes free
Post-Run: 81 746 849 792 bytes free

- - End Of File - - E6CBE702DAAE690580FB792CA52402AA

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Regnull::
[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5D0EEE6E-EC6A-17B1-5AB4-3BA61955DA55}*]
[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{75DD459A-4043-F2B6-FE2F-29F28E8B8532}*]
[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BEAF5719-ECF3-F947-7AA9-D7F73072B416}*]
[HKEY_USERS\S-1-5-21-3138842971-341294030-74888920-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5BDC71C-96BC-8532-66D7-3EC4C5A1BB10}*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Star_B]

Kód: Vybrat vše

ComboFix 10-03-21.05 - Saxi 22.03.10  18:53:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.421.1051.18.3070.1948 [GMT 1:00]
Running from: c:\users\Saxi\Desktop\ComboFix.exe
Command switches used :: c:\users\Saxi\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acovcnt.exe

.
(((((((((((((((((((((((((   Files Created from 2010-02-22 to 2010-03-22  )))))))))))))))))))))))))))))))
.

2010-03-22 18:02 . 2010-03-22 18:02	--------	d-----w-	c:\users\Saxi\AppData\Local\temp
2010-03-22 18:02 . 2010-03-22 18:02	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-03-22 18:02 . 2010-03-22 18:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-03-22 17:32 . 2010-03-22 17:51	--------	d-----w-	C:\32788R22FWJFW
2010-03-21 13:40 . 2010-03-21 18:10	--------	d-----w-	c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-03-21 13:39 . 2010-03-22 08:15	--------	d-----w-	c:\program files\Norton 360
2010-03-21 13:39 . 2010-03-21 13:41	--------	d-----w-	c:\programdata\Norton
2010-03-21 13:39 . 2010-03-21 13:39	--------	d-----w-	c:\programdata\NortonInstaller
2010-03-21 13:39 . 2010-03-21 13:39	--------	d-----w-	c:\program files\NortonInstaller
2010-03-20 08:36 . 2010-03-20 08:36	--------	d-----w-	c:\program files\ASIO4ALL v2
2010-03-20 08:34 . 2010-03-20 08:34	--------	d-----w-	c:\program files\Outsim
2010-03-19 20:21 . 2010-03-19 20:21	56	---ha-w-	c:\windows\system32\ezsidmv.dat
2010-03-14 15:20 . 2010-03-14 15:20	49152	----a-w-	c:\users\Saxi\Sibreg.exe
2010-03-11 19:24 . 2010-03-11 19:24	--------	d-----w-	c:\program files\Conduit
2010-03-11 19:24 . 2010-03-11 19:24	--------	d-----w-	c:\program files\PHPNukeEN
2010-03-11 19:24 . 2010-03-11 19:24	--------	d-----w-	c:\program files\vanBasco's Karaoke Player
2010-03-10 06:56 . 2010-02-20 23:06	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-03-10 06:56 . 2010-02-20 20:53	411648	----a-w-	c:\windows\system32\drivers\http.sys
2010-03-10 06:56 . 2010-02-20 23:05	30720	----a-w-	c:\windows\system32\httpapi.dll
2010-03-07 10:00 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-03-07 09:31 . 2010-03-07 09:32	1408248	----a-w-	c:\programdata\hps\5316\setup_Moj_CeWe_Fotosvet.exe
2010-03-05 04:44 . 2010-03-22 08:12	--------	d-----w-	C:\Cakewalk Projects
2010-03-05 04:44 . 2010-03-05 04:44	--------	d-----w-	c:\program files\Cakewalk
2010-03-04 05:37 . 2010-03-04 05:37	--------	d-----w-	c:\program files\upnito.sk manager
2010-03-01 19:52 . 2010-03-01 19:52	--------	d-----w-	c:\program files\Eduware
2010-02-28 19:28 . 2010-02-28 19:28	--------	d-----w-	c:\program files\Ask.com
2010-02-28 19:27 . 2010-02-28 19:27	--------	d-----w-	c:\program files\FreeTime
2010-02-28 19:26 . 2010-02-28 19:55	--------	d-----w-	c:\program files\Midiocre
2010-02-28 19:25 . 2010-02-28 19:25	--------	d-----w-	c:\users\Saxi\AppData\Roaming\SynthFont
2010-02-28 19:25 . 2010-02-28 19:41	--------	d-----w-	c:\program files\SynthFont
2010-02-28 16:44 . 2010-02-28 16:44	--------	d-----w-	c:\program files\Notation
2010-02-28 13:50 . 2010-02-28 13:50	--------	d-----w-	c:\users\Saxi\AppData\Local\Apple Computer
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\program files\Common Files\Apple
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\users\Saxi\AppData\Local\Apple
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\program files\Apple Software Update
2010-02-28 13:37 . 2010-02-28 13:37	--------	d-----w-	c:\programdata\Apple
2010-02-21 15:39 . 2010-02-21 15:39	--------	d-----w-	C:\TOMBOLA

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 18:02 . 2008-11-30 19:23	--------	d-----w-	c:\users\Saxi\AppData\Roaming\Skype
2010-03-22 17:29 . 2008-10-17 01:04	12	----a-w-	c:\windows\bthservsdp.dat
2010-03-22 15:06 . 2008-11-30 19:25	--------	d-----w-	c:\users\Saxi\AppData\Roaming\skypePM
2010-03-22 08:16 . 2008-11-07 20:08	117760	----a-w-	c:\users\Saxi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-22 08:15 . 2008-10-17 01:29	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-03-22 08:12 . 2009-09-23 18:35	--------	d-----w-	c:\users\Saxi\AppData\Roaming\Anvil Studio
2010-03-22 08:12 . 2008-11-08 18:00	--------	d-----w-	c:\users\Saxi\AppData\Roaming\GHISLER
2010-03-22 08:12 . 2009-11-08 06:30	--------	d-----r-	c:\program files\Skype
2010-03-22 08:12 . 2008-10-17 03:03	--------	d-----w-	c:\programdata\P4G
2010-03-22 08:12 . 2008-10-17 01:19	--------	d-----w-	c:\program files\Microsoft Works
2010-03-22 08:12 . 2008-10-17 01:12	--------	d-----w-	c:\programdata\Microsoft Help
2010-03-22 08:12 . 2009-11-25 19:16	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-03-22 08:12 . 2009-11-08 06:30	--------	d-----w-	c:\program files\Common Files\Skype
2010-03-22 08:12 . 2008-10-17 02:25	--------	d-----w-	c:\program files\ASUS
2010-03-22 08:12 . 2009-12-24 19:36	--------	d-----w-	c:\program files\ABBYY FineReader 6.0 Sprint
2010-03-21 19:55 . 2008-10-17 01:29	--------	d-----w-	c:\programdata\Symantec
2010-03-20 08:36 . 2009-10-24 04:06	--------	d-----w-	c:\program files\Image-Line
2010-03-14 14:20 . 2009-05-02 17:38	680	----a-w-	c:\users\Saxi\AppData\Local\d3d9caps.dat
2010-03-10 11:37 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-03-05 04:44 . 2009-10-26 20:17	118784	----a-w-	c:\windows\dsdxirmv.exe
2010-02-28 20:14 . 2009-11-05 06:01	--------	d-----w-	c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-02-24 09:16 . 2009-10-02 17:29	181632	------w-	c:\windows\system32\MpSigStub.exe
2010-02-15 10:12 . 2008-11-16 09:06	--------	d-----w-	c:\program files\Sibelius Software
2010-02-14 08:13 . 2010-02-09 16:14	--------	d-----w-	c:\users\Saxi\AppData\Roaming\Sibelius Software
2010-02-10 06:57 . 2010-02-10 06:57	--------	d-----w-	c:\program files\Steinberg
2010-02-10 06:54 . 2010-02-10 06:54	--------	d-----w-	c:\program files\MP3 Compressor
2010-02-05 09:39 . 2010-02-05 09:39	251376	----a-w-	c:\users\Saxi\AppData\Roaming\Mozilla\Plugins\npgoogletalk.dll
2010-02-01 14:17 . 2009-04-23 06:34	--------	d-----w-	c:\program files\QuickMediaConverter
2010-01-25 12:00 . 2010-02-24 06:31	471552	----a-w-	c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 06:31	152576	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 06:31	152064	----a-w-	c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 06:31	471552	----a-w-	c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 06:31	332288	----a-w-	c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 06:31	526336	----a-w-	c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 06:31	346624	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 06:31	518144	----a-w-	c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 06:31	347136	----a-w-	c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 06:31	2048	----a-w-	c:\windows\system32\tzres.dll
2010-01-06 15:39 . 2010-02-24 06:31	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 06:31	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 06:31	173056	----a-w-	c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 06:31	542720	----a-w-	c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 06:31	458752	----a-w-	c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 06:31	2159616	----a-w-	c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 06:31	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-22 06:02	916480	----a-w-	c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 06:02	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 06:02	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 06:02	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2008-11-16 09:54 . 2008-11-16 09:54	604	---ha-w-	c:\program files\STLL Notifier
2009-11-24 12:14 . 2009-11-24 12:14	10437264	----a-w-	c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 11:10 . 2009-11-28 11:10	107760	----a-w-	c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-03-19_20.17.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-03-22 14:55	62918              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-03-22 17:32	96884              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-07 20:14 . 2010-03-19 19:34	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-07 20:14 . 2010-03-22 14:53	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-19 21:44 . 2010-03-19 21:44	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010031920100320\index.dat
- 2008-11-07 20:14 . 2010-03-19 19:34	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-07 20:14 . 2010-03-22 14:53	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-19 21:44 . 2010-03-19 21:44	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-06-28 09:56 . 2010-03-22 08:58	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-28 09:56 . 2010-03-19 19:48	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-28 09:56 . 2010-03-19 19:48	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 09:56 . 2010-03-22 08:58	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-28 09:56 . 2010-03-19 19:48	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-28 09:56 . 2010-03-22 08:58	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 06:22 . 2010-03-19 19:34	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 06:22 . 2010-03-22 08:15	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 06:22 . 2010-03-22 08:15	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-26 06:22 . 2010-03-19 19:34	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-26 06:22 . 2010-03-22 08:15	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 06:22 . 2010-03-19 19:34	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-07 20:09 . 2010-03-22 17:32	9172              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3138842971-341294030-74888920-1000_UserData.bin
+ 2010-03-22 17:30 . 2010-03-22 17:30	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-19 20:02 . 2010-03-19 20:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-19 20:02 . 2010-03-19 20:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-22 17:30 . 2010-03-22 17:30	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-08 05:00 . 2010-03-21 13:11	409704              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2010-03-22 08:59	587178              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-03-19 19:53	587178              c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-03-22 08:59	101250              c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-03-19 19:53	101250              c:\windows\System32\perfc009.dat
- 2008-11-07 20:14 . 2010-03-19 19:34	180224              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-07 20:14 . 2010-03-22 14:53	180224              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-21 18:09 . 2010-03-21 13:40	1108480              c:\windows\System32\config\systemprofile\AppData\Local\Downloaded Installations\{E5087118-21AB-4D58-8697-6FA06C9C930C}\GEAR driver installer for x86 and x64.msi
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-09-22 07:24	815104	----a-w-	c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 18:50	809864	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-12-31 10:53	2349080	----a-w-	c:\program files\PHPNukeEN\tbPHPN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-09-22 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-09-22 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Saxi\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-16 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-17 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-17 33136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SystemProtect"="c:\program files\System Protect\SysProtect_Tray.exe" [2009-05-24 1223680]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]

c:\users\Saxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-4 333088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-11-9 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,31,60,ee,45,59,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-22 721904]
R2 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [2009-05-24 598528]
R3 USBADVAU;USB Advance Audio Interface;c:\windows\system32\drivers\cm112.sys [2007-11-13 1313792]
S2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS [2009-11-27 51072]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-18 185640]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
S3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2009-05-24 12288]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138842971-341294030-74888920-1000Core.job
- c:\users\Saxi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-16 17:40]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138842971-341294030-74888920-1000UA.job
- c:\users\Saxi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-16 17:40]

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{961425BA-1937-4424-9F0B-570F0DC84442}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Saxi\AppData\Roaming\Mozilla\Firefox\Profiles\eviomwq7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=14597&l=dis
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_EU&q=
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\progra~1\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\users\Saxi\AppData\Roaming\Mozilla\Firefox\Profiles\eviomwq7.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Saxi\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Saxi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Saxi\AppData\Roaming\Mozilla\plugins\npPxPlay.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 19:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


C:\ADSM_PData_0150

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,0f,7a,fd,61,91,ad,40,9d,f4,87,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,0f,7a,fd,61,91,ad,40,9d,f4,87,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-22  19:06:14
ComboFix-quarantined-files.txt  2010-03-22 18:06
ComboFix2.txt  2010-03-19 20:20

Pre-Run: 86 043 504 640 bytes free
Post-Run: 86 019 403 776 bytes free

- - End Of File - - 00F4C9C59C078DFBF7195D64D49F4436

[Rudy]

Ještě, prosím, jednou spusťte tímto skriptem:

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]