Explorer.exe is infected !
Napsal: 27 úno 2011 14:40
Nedostanem sa na niektore stranky - napriklad ani na tuto http://www.virustotal.com/cs/
Uz som robil sken aj s Malwarebytes' Anti-Malware
Nič - naslo len dve male a nepodstatne veci.
Teraz som robil sken s CF a tu je vysledok:
( Kto poradi co s tym dalej ? )
ComboFix 11-02-26.01 - Krylias 27.02.2011 14:27:59.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2395 [GMT 1:00]
Running from: c:\documents and settings\Krylias\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\AUTORUN.INF
c:\documents and settings\Krylias\Application Data\inst.exe
c:\documents and settings\Krylias\Application Data\NGH150_AllWin_EnglishTryBuy30.exe
c:\windows\system32\nethlp.dll
c:\windows\system32\sysinfo.exe
c:\windows\system32\twunk_32.exe
D:\AUTORUN.INF
c:\windows\explorer.exe . . . is infected!!
c:\windows\system32\winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
.
2011-02-27 12:52 . 2011-02-27 12:59 -------- d-----w- C:\ToolBar SD
2011-02-27 01:33 . 2011-02-27 01:34 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\AskToolbar
2011-02-27 01:32 . 2011-02-27 01:32 -------- d-----w- c:\program files\SopCast
2011-02-27 01:32 . 2011-02-27 01:32 -------- d-----w- c:\program files\Ask.com
2011-02-26 21:55 . 2011-02-26 21:55 -------- d-----w- c:\documents and settings\Krylias\Application Data\Malwarebytes
2011-02-26 21:55 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-26 21:55 . 2011-02-26 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-26 21:54 . 2011-02-26 21:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 21:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-22 23:59 . 2011-02-22 23:59 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\CyberLink
2011-02-22 00:19 . 2011-02-22 00:19 -------- d-----w- c:\documents and settings\Krylias\Application Data\Ashampoo
2011-02-22 00:18 . 2011-02-22 00:19 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\ashampoo
2011-02-22 00:18 . 2011-02-22 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2011-02-22 00:18 . 2011-02-22 00:18 -------- d-----w- c:\program files\Ashampoo
2011-02-21 23:03 . 2004-02-02 15:32 49312 ----a-w- c:\windows\MENINY.EXE
2011-02-21 23:02 . 2011-02-21 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-02-21 22:36 . 2007-07-02 14:02 3073320 ----a-w- c:\windows\system32\AdvrCntr2D6E0B790.dll
2011-02-21 00:47 . 2011-02-21 00:47 -------- d-----w- c:\program files\XnView
2011-02-18 22:28 . 2011-02-18 22:28 -------- d-----w- c:\program files\Softany
2011-02-18 20:28 . 2011-02-18 20:28 -------- d-----w- C:\users
2011-02-18 20:27 . 2011-02-18 20:27 -------- d-----w- c:\program files\Daniusoft
2011-02-17 20:55 . 2011-02-17 20:55 -------- d-----w- c:\documents and settings\Krylias\Application Data\PDM
2011-02-16 08:46 . 2011-02-16 08:46 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\IsolatedStorage
2011-02-16 08:46 . 2011-02-16 08:46 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\HP
2011-02-16 08:45 . 2011-02-27 11:17 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\ApplicationHistory
2011-02-15 23:49 . 2011-02-15 23:49 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-15 20:54 . 2011-02-25 12:15 -------- d-----w- c:\program files\JDownloader
2011-02-15 14:48 . 2011-02-18 22:06 -------- d-----w- c:\documents and settings\Krylias\Application Data\HP
2011-02-15 14:48 . 2011-02-15 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-02-15 14:45 . 2011-02-15 14:45 -------- d-----w- c:\program files\Common Files\Sonic Shared
2011-02-15 14:45 . 2011-02-15 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2011-02-15 14:43 . 2011-02-15 14:43 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-15 14:43 . 2011-02-15 14:45 -------- d-----w- c:\program files\Common Files\HP
2011-02-15 14:41 . 2011-02-15 14:41 -------- d-----w- c:\program files\Hewlett-Packard
2011-02-15 14:40 . 2011-02-15 14:40 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-02-15 14:10 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-02-15 14:10 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-02-15 14:09 . 2006-03-03 20:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2011-02-15 14:09 . 2006-03-03 20:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-02-15 14:09 . 2006-03-03 20:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-02-15 14:09 . 2006-03-03 20:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-02-15 14:09 . 2006-03-03 20:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-02-15 14:09 . 2006-03-03 20:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2011-02-15 14:07 . 2011-02-15 14:48 -------- d-----w- c:\program files\HP
2011-02-15 13:53 . 2006-04-13 00:04 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-02-15 13:53 . 2006-04-13 00:04 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-02-15 13:52 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2011-02-15 13:52 . 2006-04-10 13:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2011-02-15 13:52 . 2006-04-10 13:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2011-02-15 13:51 . 2006-04-13 00:04 282624 ----a-r- c:\windows\system32\HPZc3212.dll
2011-02-15 13:51 . 2006-04-13 00:04 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-02-15 13:49 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-02-15 13:49 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-02-12 20:28 . 2011-02-12 20:28 -------- d-----w- c:\documents and settings\Krylias\dwhelper
2011-02-10 16:17 . 2011-02-10 16:17 -------- d-----w- c:\windows\Downloaded Installations
2011-02-09 13:03 . 2011-02-09 13:03 -------- d-----w- c:\program files\iPod
2011-02-09 02:21 . 2011-02-09 13:02 -------- d-----w- c:\program files\QuickTime
2011-02-08 22:41 . 2011-02-08 23:36 -------- d-----w- c:\documents and settings\Krylias\Application Data\Apple Computer
2011-02-08 22:41 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-08 22:41 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-08 22:39 . 2011-02-08 22:39 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Apple
2011-02-08 22:39 . 2011-02-08 22:39 -------- d-----w- c:\program files\Apple Software Update
2011-02-08 22:39 . 2010-12-14 17:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-08 22:39 . 2010-12-14 17:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-08 22:38 . 2011-02-09 13:03 -------- d-----w- c:\program files\Common Files\Apple
2011-02-08 22:38 . 2011-02-08 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-02-08 22:37 . 2011-02-08 22:41 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Apple Computer
2011-02-08 20:50 . 2011-02-08 20:50 -------- d-----w- c:\program files\Crayola
2011-02-08 20:49 . 2011-02-08 20:49 -------- d-----w- c:\documents and settings\Krylias\WINDOWS
2011-02-07 23:22 . 2011-02-07 23:29 -------- d-----w- c:\program files\Hotspot Shield
2011-02-07 00:14 . 2011-02-07 00:14 -------- d-----w- c:\documents and settings\Krylias\Application Data\Adblock Pro
2011-02-07 00:14 . 2011-02-07 00:14 -------- d-----w- c:\program files\Adblock Pro
2011-02-06 16:28 . 2011-02-24 13:58 -------- d-----w- c:\documents and settings\Krylias\Application Data\dvdcss
2011-02-06 14:28 . 2011-02-06 15:10 -------- d-----w- c:\program files\Photo Cutter
2011-02-05 21:42 . 2006-11-28 21:46 28224 ----a-w- c:\windows\system32\drivers\PCAMp50.sys
2011-02-05 21:42 . 2006-11-28 21:46 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2011-02-05 21:42 . 2011-02-05 21:42 -------- d-----w- c:\program files\TerraTec
2011-02-05 21:24 . 2011-02-05 21:24 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Help
2011-02-05 01:52 . 2011-02-05 01:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-05 00:30 . 2011-02-05 01:51 -------- d-----w- c:\program files\Avidemux 2(2).5
2011-02-05 00:12 . 2011-02-05 01:51 -------- d-----w- c:\documents and settings\Krylias\Application Data\avidemux
2011-02-03 03:09 . 2011-02-03 03:09 -------- d-----w- c:\program files\Common Files\Skype
2011-02-03 02:59 . 2011-02-03 02:59 -------- d-----w- c:\documents and settings\Krylias\Application Data\BitComet
2011-02-03 02:32 . 2009-11-09 02:01 53016 ----a-w- c:\windows\system32\pxc40pma.dll
2011-02-03 02:29 . 2011-02-03 02:33 -------- d-----w- c:\program files\ABBYY PDF Transformer 3.0
2011-02-03 02:27 . 2010-03-25 00:48 67848 ----a-w- c:\temp\PDFT30\ABBYY PDF Transformer 3.0\Res.Transformer65.dll
2011-02-03 00:01 . 2011-02-03 00:01 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2011-02-02 23:55 . 2011-02-02 23:55 -------- d-----w- c:\program files\PDF Password Unlocker
2011-02-02 23:54 . 2011-02-02 23:54 -------- d-----w- c:\program files\PDF Unlocker
2011-02-02 23:41 . 2011-02-02 23:41 -------- d-----w- c:\documents and settings\Krylias\Application Data\ArcSoft
2011-02-02 23:05 . 2011-02-02 23:05 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Thinstall
2011-02-02 23:05 . 2011-02-02 23:05 -------- d-----w- c:\documents and settings\Krylias\Application Data\Thinstall
2011-02-02 22:55 . 2011-02-02 22:55 -------- d-----w- c:\program files\Investintech.com Inc
2011-02-02 22:54 . 2011-02-02 22:54 -------- d-----w- c:\documents and settings\Krylias\Application Data\Mp3tag
2011-02-02 22:54 . 2011-02-02 22:54 -------- d-----w- c:\program files\Mp3tag
2011-02-02 22:49 . 2011-02-22 01:41 -------- d-----w- c:\program files\ABBYY FineReader 10
2011-02-02 22:39 . 2011-02-02 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2011-02-02 22:39 . 2011-02-02 22:39 -------- d-----w- c:\program files\ArcSoft
2011-02-02 22:38 . 2011-02-02 22:38 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Downloaded Installations
2011-02-02 22:33 . 2011-02-02 22:33 -------- d-----w- c:\documents and settings\Krylias\Application Data\Mirillis
2011-02-02 22:33 . 2011-02-02 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Mirillis
2011-02-02 22:33 . 2011-02-23 14:32 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Mirillis
2011-02-02 22:32 . 2011-02-02 22:32 -------- d-----w- c:\program files\Mirillis
2011-02-02 22:31 . 2011-02-02 22:31 -------- d-----w- c:\program files\Defraggler
2011-02-02 22:20 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-02-02 22:15 . 2011-02-02 22:15 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
2011-02-02 21:52 . 2011-02-02 21:52 -------- d-----w- c:\program files\Medieval Software
2011-02-02 21:48 . 2007-04-12 13:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2011-02-02 21:48 . 2006-09-26 12:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2011-02-02 21:48 . 2011-02-02 21:48 -------- d-----w- c:\program files\Ultra Video Joiner
2011-02-02 21:43 . 2011-02-02 21:45 -------- d-----w- c:\documents and settings\Krylias\Application Data\GeoVid
2011-02-02 21:42 . 2011-02-02 21:42 -------- d-----w- c:\program files\Common Files\fmm
2011-02-02 21:42 . 2011-02-02 21:42 -------- d-----w- c:\program files\Common Files\GeoVid
2011-02-02 21:42 . 2011-02-02 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\GeoVid
2011-02-02 21:42 . 2007-06-28 18:55 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-02 21:42 . 2005-06-07 15:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2011-02-02 21:42 . 2003-03-19 08:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2011-02-02 21:42 . 2003-03-19 06:05 89088 ----a-w- c:\windows\system32\atl71.dll
2011-02-02 21:42 . 2011-02-02 21:42 -------- d-----w- c:\program files\GeoVid
2011-02-02 21:38 . 2011-02-07 18:29 -------- d-----w- c:\documents and settings\Krylias\Application Data\VideoReDo-TVSuite4
2011-02-02 21:38 . 2011-02-02 21:39 -------- d-----w- c:\program files\VideoReDoTVSuite4
2011-02-02 21:33 . 2011-02-26 16:43 -------- d-----w- c:\program files\WMR14
2011-02-02 21:31 . 2011-02-02 21:31 -------- d-----w- c:\program files\Inpaint
2011-02-02 14:07 . 2011-02-02 14:10 -------- d-----w- c:\program files\Dude
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-26 12:34 . 2010-02-27 15:51 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2011-02-26 12:34 . 2010-02-27 15:51 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2011-02-26 12:34 . 2010-02-27 15:49 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-02-02 14:10 . 2010-03-03 18:54 285480 ----a-w- c:\windows\system32\guard32.dll
2011-02-02 14:10 . 2010-03-03 18:54 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-02-02 14:10 . 2010-03-03 18:54 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-02-02 14:10 . 2010-03-03 18:54 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-02-02 14:10 . 2010-03-03 18:54 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-21 14:44 . 2008-04-14 03:42 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 03:39 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-04-13 23:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 03:41 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2008-04-14 03:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2008-04-14 03:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:59 . 2008-04-14 03:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2008-04-14 03:41 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-13 22:07 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 03:41 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2008-04-14 03:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2008-04-13 22:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
------- Sigcheck -------
[-] 2008-04-14 . 82753CED43E9FB7CA8E81F2089FFF07B . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . E99BE788FBEE60C53F47F1F8CEA2C926 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Share]
@="{B00DFEC8-C278-40FD-8832-76A9409991F3}"
[HKEY_CLASSES_ROOT\CLSID\{B00DFEC8-C278-40FD-8832-76A9409991F3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_ShareSync]
@="{2022959D-8296-427A-9D9F-E59CC016F006}"
[HKEY_CLASSES_ROOT\CLSID\{2022959D-8296-427A-9D9F-E59CC016F006}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Sync]
@="{B2483E28-1631-4E80-AA62-29B35EFEC7F0}"
[HKEY_CLASSES_ROOT\CLSID\{B2483E28-1631-4E80-AA62-29B35EFEC7F0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-24 39408]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Google Update"="c:\documents and settings\Krylias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-10 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 36864]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-02-02 2548552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Krylias\Start Menu\Programs\Startup\
Kalend r.lnk - c:\windows\MENINY.EXE [2011-2-22 49312]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Firefox Preloader.lnk - c:\program files\FirefoxPreloader\FirefoxPreloader.exe [2010-2-25 98304]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Server.lnk
backup=c:\windows\pss\TotalMedia Server.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2010-01-18 09:12 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 16:04 278016 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 17:00 299008 ------w- c:\program files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2010-01-22 10:08 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\e-TRAYz\\e-TRAYz.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Documents and Settings\\Krylias\\Application Data\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Adblock Pro\\abpmain.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7805:TCP"= 7805:TCP:BitComet 7805 TCP
"7805:UDP"= 7805:UDP:BitComet 7805 UDP
"11280:TCP"= 11280:TCP:BitComet 11280 TCP(ED2K)
"11280:UDP"= 11280:UDP:BitComet 11280 UDP(ED2K)
"21763:TCP"= 21763:TCP:BitComet 21763 TCP
"21763:UDP"= 21763:UDP:BitComet 21763 UDP
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.2.2010 22:34 721904]
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [21.9.2010 9:10 192504]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [3.3.2010 19:54 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3.3.2010 19:54 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3.3.2010 19:54 27576]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [7.10.2008 20:31 61424]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.2.2009 16:40 143467]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [12.2.2010 19:23 148744]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [26.11.2008 10:36 323584]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 NETHDD;NETHDD Service;c:\windows\system32\NETHDD.exe [4.3.2010 18:42 249376]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
R3 NETHDDIM;NETHDD NDIS IM Service;c:\windows\system32\drivers\nethddim.sys [4.3.2010 18:42 18432]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.2.2010 22:29 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.2.2010 11:03 1684736]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 SamsonLLDriver;Samson LL Driver;c:\windows\system32\drivers\SamsonLLDriver.sys [12.12.2006 15:34 56832]
S3 SWWDM_multi;Samson Audio (WDM);c:\windows\system32\drivers\SWAudWDM.sys [12.12.2006 15:34 25088]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [27.2.2010 21:38 196409]
S4 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI139.tmp --> c:\windows\Installer\MSI139.tmp [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 10:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 21:28]
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 21:28]
2011-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-152049171-1801674531-1003Core.job
- c:\documents and settings\Krylias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-10 11:01]
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-152049171-1801674531-1003UA.job
- c:\documents and settings\Krylias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-10 11:01]
2011-02-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
IE: &Blokovať tento obrázok (ABP) - c:\program files\Adblock Pro\blockimg.html
IE: Download ALL with IDA - c:\program files\IDA\idaieall.htm
IE: Download with IDA - c:\program files\IDA\idaie.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
FF - ProfilePath - c:\documents and settings\Krylias\Application Data\Mozilla\Firefox\Profiles\ov9wh9o3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - prefs.js: network.proxy.ftp - 195.116.241.115
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 195.116.241.115
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 195.116.241.115
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 195.116.241.115
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 195.116.241.115
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
FF - Ext: Adblock Plus: Element Hiding Helper: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
FF - Ext: FaviconizeTab: faviconizetab@espion.just-size.jp - %profile%\extensions\faviconizetab@espion.just-size.jp
FF - Ext: LCD Clock: lcdclock_bloodeye@gmail.com - %profile%\extensions\lcdclock_bloodeye@gmail.com
FF - Ext: Page Info Button: pageinfobutton@wirble.de - %profile%\extensions\pageinfobutton@wirble.de
FF - Ext: YesScript: yesscript@userstyles.org - %profile%\extensions\yesscript@userstyles.org
FF - Ext: Yet Another Smooth Scrolling: yetanothersmoothscrolling@kataho - %profile%\extensions\yetanothersmoothscrolling@kataho
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Favicon Picker 3: {446c03e0-2c35-11db-a98b-0800200c9a67} - %profile%\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - %profile%\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
FF - Ext: LinkAndForminfo: {B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA} - %profile%\extensions\{B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Bookmark Duplicate Detector: {ba243cb0-b824-4a26-9418-73ee795d9b9d} - %profile%\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
FF - Ext: Pearl Crescent Page Saver Basic: {c151d79e-e61b-4a90-a887-5a46d38fba99} - %profile%\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: 2 Pane Bookmarks: {FD61379B-066A-4afc-89DE-89FB24D907C2} - %profile%\extensions\{FD61379B-066A-4afc-89DE-89FB24D907C2}
FF - Ext: Mouse Gestures Redox: {FFA36170-80B1-4535-B0E3-A4569E497DD0} - %profile%\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 14:30
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI139.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-343818398-152049171-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{257B08F8-8422-6ED0-32E9-5DB01CC079C9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jadmjofleibenjjjlakh"=hex:61,61,00,00
"kadmjoflghjmcnaambhpol"=hex:61,61,00,00
"fadmjofljhln"=hex:66,61,63,6e,61,6b,62,70,65,6c,64,6d,00,f5
[HKEY_USERS\S-1-5-21-343818398-152049171-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{419B4F45-2DF1-3719-C801-DE893D909CCF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadhimjdoengghmgkh"=hex:6a,61,70,64,64,63,64,6f,6e,67,70,70,66,69,64,61,66,6c,
70,6a,00,00
"hafhopjbigkpcokm"=hex:6a,61,70,64,64,63,64,6f,6e,67,70,70,66,69,64,61,66,6c,
70,6a,00,ff
"iapfmabldjgiofipng"=hex:63,61,61,65,68,63,00,7c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'lsass.exe'(1128)
c:\windows\system32\guard32.dll
.
Completion time: 2011-02-27 14:35:10
ComboFix-quarantined-files.txt 2011-02-27 13:35
Pre-Run: 84 877 766 656 bytes free
Post-Run: 84 843 978 752 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
- - End Of File - - EFF08E45171DC3DB8AC4C4E5ABA87927
Uz som robil sken aj s Malwarebytes' Anti-Malware
Nič - naslo len dve male a nepodstatne veci.
Teraz som robil sken s CF a tu je vysledok:
( Kto poradi co s tym dalej ? )
ComboFix 11-02-26.01 - Krylias 27.02.2011 14:27:59.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2395 [GMT 1:00]
Running from: c:\documents and settings\Krylias\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\AUTORUN.INF
c:\documents and settings\Krylias\Application Data\inst.exe
c:\documents and settings\Krylias\Application Data\NGH150_AllWin_EnglishTryBuy30.exe
c:\windows\system32\nethlp.dll
c:\windows\system32\sysinfo.exe
c:\windows\system32\twunk_32.exe
D:\AUTORUN.INF
c:\windows\explorer.exe . . . is infected!!
c:\windows\system32\winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
.
2011-02-27 12:52 . 2011-02-27 12:59 -------- d-----w- C:\ToolBar SD
2011-02-27 01:33 . 2011-02-27 01:34 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\AskToolbar
2011-02-27 01:32 . 2011-02-27 01:32 -------- d-----w- c:\program files\SopCast
2011-02-27 01:32 . 2011-02-27 01:32 -------- d-----w- c:\program files\Ask.com
2011-02-26 21:55 . 2011-02-26 21:55 -------- d-----w- c:\documents and settings\Krylias\Application Data\Malwarebytes
2011-02-26 21:55 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-26 21:55 . 2011-02-26 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-26 21:54 . 2011-02-26 21:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 21:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-22 23:59 . 2011-02-22 23:59 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\CyberLink
2011-02-22 00:19 . 2011-02-22 00:19 -------- d-----w- c:\documents and settings\Krylias\Application Data\Ashampoo
2011-02-22 00:18 . 2011-02-22 00:19 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\ashampoo
2011-02-22 00:18 . 2011-02-22 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2011-02-22 00:18 . 2011-02-22 00:18 -------- d-----w- c:\program files\Ashampoo
2011-02-21 23:03 . 2004-02-02 15:32 49312 ----a-w- c:\windows\MENINY.EXE
2011-02-21 23:02 . 2011-02-21 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-02-21 22:36 . 2007-07-02 14:02 3073320 ----a-w- c:\windows\system32\AdvrCntr2D6E0B790.dll
2011-02-21 00:47 . 2011-02-21 00:47 -------- d-----w- c:\program files\XnView
2011-02-18 22:28 . 2011-02-18 22:28 -------- d-----w- c:\program files\Softany
2011-02-18 20:28 . 2011-02-18 20:28 -------- d-----w- C:\users
2011-02-18 20:27 . 2011-02-18 20:27 -------- d-----w- c:\program files\Daniusoft
2011-02-17 20:55 . 2011-02-17 20:55 -------- d-----w- c:\documents and settings\Krylias\Application Data\PDM
2011-02-16 08:46 . 2011-02-16 08:46 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\IsolatedStorage
2011-02-16 08:46 . 2011-02-16 08:46 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\HP
2011-02-16 08:45 . 2011-02-27 11:17 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\ApplicationHistory
2011-02-15 23:49 . 2011-02-15 23:49 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-15 20:54 . 2011-02-25 12:15 -------- d-----w- c:\program files\JDownloader
2011-02-15 14:48 . 2011-02-18 22:06 -------- d-----w- c:\documents and settings\Krylias\Application Data\HP
2011-02-15 14:48 . 2011-02-15 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-02-15 14:45 . 2011-02-15 14:45 -------- d-----w- c:\program files\Common Files\Sonic Shared
2011-02-15 14:45 . 2011-02-15 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2011-02-15 14:43 . 2011-02-15 14:43 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-15 14:43 . 2011-02-15 14:45 -------- d-----w- c:\program files\Common Files\HP
2011-02-15 14:41 . 2011-02-15 14:41 -------- d-----w- c:\program files\Hewlett-Packard
2011-02-15 14:40 . 2011-02-15 14:40 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-02-15 14:10 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-02-15 14:10 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-02-15 14:09 . 2006-03-03 20:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2011-02-15 14:09 . 2006-03-03 20:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-02-15 14:09 . 2006-03-03 20:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-02-15 14:09 . 2006-03-03 20:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-02-15 14:09 . 2006-03-03 20:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-02-15 14:09 . 2006-03-03 20:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2011-02-15 14:07 . 2011-02-15 14:48 -------- d-----w- c:\program files\HP
2011-02-15 13:53 . 2006-04-13 00:04 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-02-15 13:53 . 2006-04-13 00:04 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-02-15 13:52 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2011-02-15 13:52 . 2006-04-10 13:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2011-02-15 13:52 . 2006-04-10 13:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2011-02-15 13:51 . 2006-04-13 00:04 282624 ----a-r- c:\windows\system32\HPZc3212.dll
2011-02-15 13:51 . 2006-04-13 00:04 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-02-15 13:49 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-02-15 13:49 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-02-12 20:28 . 2011-02-12 20:28 -------- d-----w- c:\documents and settings\Krylias\dwhelper
2011-02-10 16:17 . 2011-02-10 16:17 -------- d-----w- c:\windows\Downloaded Installations
2011-02-09 13:03 . 2011-02-09 13:03 -------- d-----w- c:\program files\iPod
2011-02-09 02:21 . 2011-02-09 13:02 -------- d-----w- c:\program files\QuickTime
2011-02-08 22:41 . 2011-02-08 23:36 -------- d-----w- c:\documents and settings\Krylias\Application Data\Apple Computer
2011-02-08 22:41 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-08 22:41 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-08 22:39 . 2011-02-08 22:39 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Apple
2011-02-08 22:39 . 2011-02-08 22:39 -------- d-----w- c:\program files\Apple Software Update
2011-02-08 22:39 . 2010-12-14 17:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-08 22:39 . 2010-12-14 17:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-08 22:38 . 2011-02-09 13:03 -------- d-----w- c:\program files\Common Files\Apple
2011-02-08 22:38 . 2011-02-08 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-02-08 22:37 . 2011-02-08 22:41 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Apple Computer
2011-02-08 20:50 . 2011-02-08 20:50 -------- d-----w- c:\program files\Crayola
2011-02-08 20:49 . 2011-02-08 20:49 -------- d-----w- c:\documents and settings\Krylias\WINDOWS
2011-02-07 23:22 . 2011-02-07 23:29 -------- d-----w- c:\program files\Hotspot Shield
2011-02-07 00:14 . 2011-02-07 00:14 -------- d-----w- c:\documents and settings\Krylias\Application Data\Adblock Pro
2011-02-07 00:14 . 2011-02-07 00:14 -------- d-----w- c:\program files\Adblock Pro
2011-02-06 16:28 . 2011-02-24 13:58 -------- d-----w- c:\documents and settings\Krylias\Application Data\dvdcss
2011-02-06 14:28 . 2011-02-06 15:10 -------- d-----w- c:\program files\Photo Cutter
2011-02-05 21:42 . 2006-11-28 21:46 28224 ----a-w- c:\windows\system32\drivers\PCAMp50.sys
2011-02-05 21:42 . 2006-11-28 21:46 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2011-02-05 21:42 . 2011-02-05 21:42 -------- d-----w- c:\program files\TerraTec
2011-02-05 21:24 . 2011-02-05 21:24 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Help
2011-02-05 01:52 . 2011-02-05 01:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-05 00:30 . 2011-02-05 01:51 -------- d-----w- c:\program files\Avidemux 2(2).5
2011-02-05 00:12 . 2011-02-05 01:51 -------- d-----w- c:\documents and settings\Krylias\Application Data\avidemux
2011-02-03 03:09 . 2011-02-03 03:09 -------- d-----w- c:\program files\Common Files\Skype
2011-02-03 02:59 . 2011-02-03 02:59 -------- d-----w- c:\documents and settings\Krylias\Application Data\BitComet
2011-02-03 02:32 . 2009-11-09 02:01 53016 ----a-w- c:\windows\system32\pxc40pma.dll
2011-02-03 02:29 . 2011-02-03 02:33 -------- d-----w- c:\program files\ABBYY PDF Transformer 3.0
2011-02-03 02:27 . 2010-03-25 00:48 67848 ----a-w- c:\temp\PDFT30\ABBYY PDF Transformer 3.0\Res.Transformer65.dll
2011-02-03 00:01 . 2011-02-03 00:01 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2011-02-02 23:55 . 2011-02-02 23:55 -------- d-----w- c:\program files\PDF Password Unlocker
2011-02-02 23:54 . 2011-02-02 23:54 -------- d-----w- c:\program files\PDF Unlocker
2011-02-02 23:41 . 2011-02-02 23:41 -------- d-----w- c:\documents and settings\Krylias\Application Data\ArcSoft
2011-02-02 23:05 . 2011-02-02 23:05 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Thinstall
2011-02-02 23:05 . 2011-02-02 23:05 -------- d-----w- c:\documents and settings\Krylias\Application Data\Thinstall
2011-02-02 22:55 . 2011-02-02 22:55 -------- d-----w- c:\program files\Investintech.com Inc
2011-02-02 22:54 . 2011-02-02 22:54 -------- d-----w- c:\documents and settings\Krylias\Application Data\Mp3tag
2011-02-02 22:54 . 2011-02-02 22:54 -------- d-----w- c:\program files\Mp3tag
2011-02-02 22:49 . 2011-02-22 01:41 -------- d-----w- c:\program files\ABBYY FineReader 10
2011-02-02 22:39 . 2011-02-02 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2011-02-02 22:39 . 2011-02-02 22:39 -------- d-----w- c:\program files\ArcSoft
2011-02-02 22:38 . 2011-02-02 22:38 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Downloaded Installations
2011-02-02 22:33 . 2011-02-02 22:33 -------- d-----w- c:\documents and settings\Krylias\Application Data\Mirillis
2011-02-02 22:33 . 2011-02-02 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Mirillis
2011-02-02 22:33 . 2011-02-23 14:32 -------- d-----w- c:\documents and settings\Krylias\Local Settings\Application Data\Mirillis
2011-02-02 22:32 . 2011-02-02 22:32 -------- d-----w- c:\program files\Mirillis
2011-02-02 22:31 . 2011-02-02 22:31 -------- d-----w- c:\program files\Defraggler
2011-02-02 22:20 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-02-02 22:15 . 2011-02-02 22:15 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
2011-02-02 21:52 . 2011-02-02 21:52 -------- d-----w- c:\program files\Medieval Software
2011-02-02 21:48 . 2007-04-12 13:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2011-02-02 21:48 . 2006-09-26 12:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2011-02-02 21:48 . 2011-02-02 21:48 -------- d-----w- c:\program files\Ultra Video Joiner
2011-02-02 21:43 . 2011-02-02 21:45 -------- d-----w- c:\documents and settings\Krylias\Application Data\GeoVid
2011-02-02 21:42 . 2011-02-02 21:42 -------- d-----w- c:\program files\Common Files\fmm
2011-02-02 21:42 . 2011-02-02 21:42 -------- d-----w- c:\program files\Common Files\GeoVid
2011-02-02 21:42 . 2011-02-02 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\GeoVid
2011-02-02 21:42 . 2007-06-28 18:55 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-02 21:42 . 2005-06-07 15:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2011-02-02 21:42 . 2003-03-19 08:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2011-02-02 21:42 . 2003-03-19 06:05 89088 ----a-w- c:\windows\system32\atl71.dll
2011-02-02 21:42 . 2011-02-02 21:42 -------- d-----w- c:\program files\GeoVid
2011-02-02 21:38 . 2011-02-07 18:29 -------- d-----w- c:\documents and settings\Krylias\Application Data\VideoReDo-TVSuite4
2011-02-02 21:38 . 2011-02-02 21:39 -------- d-----w- c:\program files\VideoReDoTVSuite4
2011-02-02 21:33 . 2011-02-26 16:43 -------- d-----w- c:\program files\WMR14
2011-02-02 21:31 . 2011-02-02 21:31 -------- d-----w- c:\program files\Inpaint
2011-02-02 14:07 . 2011-02-02 14:10 -------- d-----w- c:\program files\Dude
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-26 12:34 . 2010-02-27 15:51 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2011-02-26 12:34 . 2010-02-27 15:51 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2011-02-26 12:34 . 2010-02-27 15:49 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-02-02 14:10 . 2010-03-03 18:54 285480 ----a-w- c:\windows\system32\guard32.dll
2011-02-02 14:10 . 2010-03-03 18:54 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-02-02 14:10 . 2010-03-03 18:54 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-02-02 14:10 . 2010-03-03 18:54 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-02-02 14:10 . 2010-03-03 18:54 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-21 14:44 . 2008-04-14 03:42 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 03:39 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-04-13 23:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 03:41 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2008-04-14 03:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2008-04-14 03:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:59 . 2008-04-14 03:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2008-04-14 03:41 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-13 22:07 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 03:41 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2008-04-14 03:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2008-04-13 22:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
------- Sigcheck -------
[-] 2008-04-14 . 82753CED43E9FB7CA8E81F2089FFF07B . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . E99BE788FBEE60C53F47F1F8CEA2C926 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Share]
@="{B00DFEC8-C278-40FD-8832-76A9409991F3}"
[HKEY_CLASSES_ROOT\CLSID\{B00DFEC8-C278-40FD-8832-76A9409991F3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_ShareSync]
@="{2022959D-8296-427A-9D9F-E59CC016F006}"
[HKEY_CLASSES_ROOT\CLSID\{2022959D-8296-427A-9D9F-E59CC016F006}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeTRAYz_OverlayIcon_Sync]
@="{B2483E28-1631-4E80-AA62-29B35EFEC7F0}"
[HKEY_CLASSES_ROOT\CLSID\{B2483E28-1631-4E80-AA62-29B35EFEC7F0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-24 39408]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Google Update"="c:\documents and settings\Krylias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-10 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 36864]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-02-02 2548552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Krylias\Start Menu\Programs\Startup\
Kalend r.lnk - c:\windows\MENINY.EXE [2011-2-22 49312]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Firefox Preloader.lnk - c:\program files\FirefoxPreloader\FirefoxPreloader.exe [2010-2-25 98304]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Server.lnk
backup=c:\windows\pss\TotalMedia Server.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2010-01-18 09:12 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 16:04 278016 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 17:00 299008 ------w- c:\program files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2010-01-22 10:08 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\e-TRAYz\\e-TRAYz.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Documents and Settings\\Krylias\\Application Data\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Adblock Pro\\abpmain.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7805:TCP"= 7805:TCP:BitComet 7805 TCP
"7805:UDP"= 7805:UDP:BitComet 7805 UDP
"11280:TCP"= 11280:TCP:BitComet 11280 TCP(ED2K)
"11280:UDP"= 11280:UDP:BitComet 11280 UDP(ED2K)
"21763:TCP"= 21763:TCP:BitComet 21763 TCP
"21763:UDP"= 21763:UDP:BitComet 21763 UDP
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.2.2010 22:34 721904]
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [21.9.2010 9:10 192504]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [3.3.2010 19:54 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3.3.2010 19:54 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3.3.2010 19:54 27576]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [7.10.2008 20:31 61424]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.2.2009 16:40 143467]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [12.2.2010 19:23 148744]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [26.11.2008 10:36 323584]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 NETHDD;NETHDD Service;c:\windows\system32\NETHDD.exe [4.3.2010 18:42 249376]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
R3 NETHDDIM;NETHDD NDIS IM Service;c:\windows\system32\drivers\nethddim.sys [4.3.2010 18:42 18432]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.2.2010 22:29 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.2.2010 11:03 1684736]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 SamsonLLDriver;Samson LL Driver;c:\windows\system32\drivers\SamsonLLDriver.sys [12.12.2006 15:34 56832]
S3 SWWDM_multi;Samson Audio (WDM);c:\windows\system32\drivers\SWAudWDM.sys [12.12.2006 15:34 25088]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [27.2.2010 21:38 196409]
S4 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI139.tmp --> c:\windows\Installer\MSI139.tmp [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 10:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 21:28]
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 21:28]
2011-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-152049171-1801674531-1003Core.job
- c:\documents and settings\Krylias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-10 11:01]
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-152049171-1801674531-1003UA.job
- c:\documents and settings\Krylias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-10 11:01]
2011-02-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
IE: &Blokovať tento obrázok (ABP) - c:\program files\Adblock Pro\blockimg.html
IE: Download ALL with IDA - c:\program files\IDA\idaieall.htm
IE: Download with IDA - c:\program files\IDA\idaie.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
FF - ProfilePath - c:\documents and settings\Krylias\Application Data\Mozilla\Firefox\Profiles\ov9wh9o3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - prefs.js: network.proxy.ftp - 195.116.241.115
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 195.116.241.115
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 195.116.241.115
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 195.116.241.115
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 195.116.241.115
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
FF - Ext: Adblock Plus: Element Hiding Helper: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
FF - Ext: FaviconizeTab: faviconizetab@espion.just-size.jp - %profile%\extensions\faviconizetab@espion.just-size.jp
FF - Ext: LCD Clock: lcdclock_bloodeye@gmail.com - %profile%\extensions\lcdclock_bloodeye@gmail.com
FF - Ext: Page Info Button: pageinfobutton@wirble.de - %profile%\extensions\pageinfobutton@wirble.de
FF - Ext: YesScript: yesscript@userstyles.org - %profile%\extensions\yesscript@userstyles.org
FF - Ext: Yet Another Smooth Scrolling: yetanothersmoothscrolling@kataho - %profile%\extensions\yetanothersmoothscrolling@kataho
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Favicon Picker 3: {446c03e0-2c35-11db-a98b-0800200c9a67} - %profile%\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - %profile%\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
FF - Ext: LinkAndForminfo: {B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA} - %profile%\extensions\{B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Bookmark Duplicate Detector: {ba243cb0-b824-4a26-9418-73ee795d9b9d} - %profile%\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
FF - Ext: Pearl Crescent Page Saver Basic: {c151d79e-e61b-4a90-a887-5a46d38fba99} - %profile%\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: 2 Pane Bookmarks: {FD61379B-066A-4afc-89DE-89FB24D907C2} - %profile%\extensions\{FD61379B-066A-4afc-89DE-89FB24D907C2}
FF - Ext: Mouse Gestures Redox: {FFA36170-80B1-4535-B0E3-A4569E497DD0} - %profile%\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 14:30
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI139.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-343818398-152049171-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{257B08F8-8422-6ED0-32E9-5DB01CC079C9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jadmjofleibenjjjlakh"=hex:61,61,00,00
"kadmjoflghjmcnaambhpol"=hex:61,61,00,00
"fadmjofljhln"=hex:66,61,63,6e,61,6b,62,70,65,6c,64,6d,00,f5
[HKEY_USERS\S-1-5-21-343818398-152049171-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{419B4F45-2DF1-3719-C801-DE893D909CCF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadhimjdoengghmgkh"=hex:6a,61,70,64,64,63,64,6f,6e,67,70,70,66,69,64,61,66,6c,
70,6a,00,00
"hafhopjbigkpcokm"=hex:6a,61,70,64,64,63,64,6f,6e,67,70,70,66,69,64,61,66,6c,
70,6a,00,ff
"iapfmabldjgiofipng"=hex:63,61,61,65,68,63,00,7c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'lsass.exe'(1128)
c:\windows\system32\guard32.dll
.
Completion time: 2011-02-27 14:35:10
ComboFix-quarantined-files.txt 2011-02-27 13:35
Pre-Run: 84 877 766 656 bytes free
Post-Run: 84 843 978 752 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
- - End Of File - - EFF08E45171DC3DB8AC4C4E5ABA87927
