ComboFix 11-05-18.01 - Admin 19.05.2011 7:00.10.1 - x86
Running from: d:\documents and settings\Admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Admin\Application Data\Admin3SQLite3.dll
d:\documents and settings\Admin\Application Data\facemoods.com
d:\documents and settings\Admin\Application Data\Microsoft\~DFKbcdc27.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-18 20:27 . 2011-05-18 20:27 -------- d-----w- d:\program files\hp deskjet 3820 series
2011-05-18 20:24 . 2011-05-19 04:45 -------- d-----w- d:\windows\LastGood.Tmp
2011-05-18 20:24 . 2011-05-18 20:25 -------- d-----w- d:\program files\Hewlett-Packard
2011-05-18 16:53 . 2011-05-18 16:53 -------- d-----w- d:\windows\system32\wbem\Repository
2011-05-17 14:19 . 2011-05-17 18:10 -------- d-----w- d:\documents and settings\Admin\Application Data\Power Sound Editor Free
2011-05-17 13:20 . 2011-05-18 16:52 -------- d-----w- d:\documents and settings\Admin\Application Data\Focus Mp3 Recorder
2011-05-16 10:39 . 2011-05-16 11:32 -------- d-----w- d:\program files\All Audio Recorder
2011-05-13 18:28 . 2011-05-13 18:28 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 18:20 . 2011-05-13 18:20 -------- d-----w- d:\program files\Avant Browser
2011-05-12 16:07 . 2011-05-16 18:52 -------- d-----w- d:\program files\SeaMonkey
2011-05-12 15:29 . 2011-05-12 15:30 -------- d-----w- d:\documents and settings\Admin\Application Data\Maxthon3
2011-05-12 15:15 . 2011-05-12 15:19 -------- d-----w- d:\documents and settings\Admin\Application Data\SlimBrowser
2011-05-10 18:27 . 2011-05-10 18:37 -------- d-----w- d:\documents and settings\Admin\Application Data\Desktop Sidebar
2011-05-05 06:15 . 2008-04-14 03:42 176640 ------w- d:\windows\system32\napstat.exe
2011-05-05 06:11 . 2008-04-14 03:41 4255 ------w- d:\windows\system32\drivers\adv01nt5.dll
2011-05-04 21:31 . 2011-05-04 21:31 -------- d-----w- d:\documents and settings\Admin\Application Data\Avira
2011-05-04 21:28 . 2011-04-01 15:07 61960 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2011-05-04 21:28 . 2011-04-01 15:07 137656 ----a-w- d:\windows\system32\drivers\avipbb.sys
2011-05-04 21:28 . 2010-06-17 13:27 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2011-05-04 21:28 . 2010-06-17 13:27 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2011-05-04 21:28 . 2011-05-04 21:28 -------- d-----w- d:\program files\Avira
2011-05-04 21:28 . 2011-05-04 21:28 -------- d-----w- d:\documents and settings\All Users\Application Data\Avira
2011-05-04 16:27 . 2011-05-04 16:27 -------- d-----w- D:\!KillBox
2011-05-04 16:21 . 2011-05-04 16:21 -------- d-----w- d:\program files\StrongDC++
2011-05-04 07:11 . 2011-05-04 07:11 -------- d-sh--w- d:\windows\system32\config\systemprofile\IETldCache
2011-05-04 07:01 . 2011-05-04 07:01 -------- d-----w- d:\windows\system32\scripting
2011-05-04 07:01 . 2011-05-04 07:01 -------- d-----w- d:\windows\l2schemas
2011-05-04 06:58 . 2011-05-04 07:01 -------- d-----w- d:\windows\ServicePackFiles
2011-05-03 19:44 . 2011-05-04 13:15 -------- d-----w- d:\program files\Microsoft Silverlight
2011-04-28 13:50 . 2011-04-28 13:52 -------- d-----w- d:\program files\DTaskManager - Systemove info o PC
2011-04-28 10:57 . 2011-04-28 10:55 388608 ----a-w- d:\windows\system32\CF9460.exe
2011-04-28 08:43 . 2011-04-28 08:43 2 --shatr- d:\windows\winstart.bat
2011-04-27 17:53 . 2011-04-27 17:53 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-11 18:36 . 2011-02-12 16:03 2560 ----a-w- d:\windows\_MSRSTRT.EXE
2011-04-11 09:01 . 2011-04-11 09:01 796672 ----a-w- d:\windows\GPInstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Firewall Protection"="2" [X]
"POP Peeper"="d:\program files\POP Peeper\POPPeeper.exe" [2010-09-09 1511424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnp325"="d:\windows\tsnp325.exe" [2006-10-10 270336]
"snp325"="d:\windows\vsnp325.exe" [2006-10-10 827392]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-15 198160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2006-12-08 1253376]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
d:\documents and settings\Admin\Start Menu\Programs\Startup\
SJphone 1.65.lnk - d:\windows\Installer\{E1A45BFD-FD3E-45D7-AD5C-A29A506C2EB3}\SoftphoneIcon.exe [2010-10-13 20480]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- d:\progra~1\COMMON~1\stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=xgusb.cpl
"midi2"=xgusb.cpl
"midi3"=xgusb.cpl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- d:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 -c--a-w- d:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2011-01-29 14:50 46592 ----a-w- d:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\SJphone 1.65\\SJphone.exe"=
"d:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\POP Peeper\\POPPeeper.exe"=
"d:\\Program Files\\StrongDC++\\StrongDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Avant Browser\\avant.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 gupdate1ca24c7f0166fb0;Služba Google Update (gupdate1ca24c7f0166fb0); [x]
R3 SNP325;USB PC Camera (SNPSTD325);d:\windows\system32\DRIVERS\snp325.sys [2007-04-03 10251904]
R4 DUMeterSvc;DU Meter Service; [x]
S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
2004-08-04 04:00 11776 -c--a-w- d:\program files\Windows Sidebar\regsvr32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
2004-08-04 04:00 11776 -c--a-w- d:\program files\Windows Sidebar\regsvr32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
2006-11-09 05:57 38912 -c--a-w- d:\vaio\vshellext.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-18 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1202660629-1957994488-1003Core.job
- d:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 14:51]
.
2011-05-18 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1202660629-1957994488-1003UA.job
- d:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 14:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://
www.szm.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - d:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - d:\program files\Verdict Free\etnxp.dll
Trusted Zone: stv.sk\www
FF - ProfilePath - d:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\xliuc52f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage -
www.szm.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - %profile%\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
FF - Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} - %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - d:\program files\Real\RealPlayer\browserrecord
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-05-19 07:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1202660629-1957994488-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\progra~1\COMMON~1\Stardock\mcpstub.dll
.
Completion time: 2011-05-19 07:29:54
ComboFix-quarantined-files.txt 2011-05-19 05:29
.
Pre-Run: 21 768 503 296 bytes free
Post-Run: 8 adresárov, 21 795 033 088 voľných bajtov
.
- - End Of File - - 6F34055056692C7FF519615F6BF4471A
