Poprosím kontrolu
Napsal: 19 lis 2011 20:54
ComboFix 11-11-19.03 - Uzivatel 19.11.2011 17:51:34.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.511 [GMT 1:00]
Running from: c:\documents and settings\Uzivatel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-13 14:59 . 2011-11-13 14:59 -------- d-----w- c:\documents and settings\Uzivatel\Application Data\SoftMaker
2011-11-13 14:59 . 2011-11-13 14:59 -------- d-----w- c:\program files\SoftMaker Viewer
2011-11-13 14:59 . 2010-09-23 11:15 98344 ----a-w- c:\windows\unTMV.exe
2011-11-13 09:44 . 2011-11-13 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-11-13 09:44 . 2011-11-16 19:36 -------- d-----w- c:\program files\McAfee Security Scan
2011-10-31 14:15 . 2011-10-31 14:15 -------- d-----w- c:\program files\Advanced PDF to IMAGE converter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 16:46 . 2011-07-19 07:23 1409 ----a-w- c:\windows\QTFont.for
2011-11-13 09:45 . 2011-06-05 20:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2006-07-10 07:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-03 22:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-03 21:17 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2004-08-03 22:56 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2004-08-03 20:59 369664 ----a-w- c:\windows\system32\html.iec
2004-10-11 17:46 . 2004-10-11 17:46 205312 ----a-w- c:\program files\ltefx13n.dll
2004-01-19 12:31 . 2004-01-19 12:31 153600 ----a-w- c:\program files\ltfil13n.DLL
2004-01-19 11:31 . 2004-01-19 11:31 27648 ----a-w- c:\program files\lfiff13n.dll
2004-01-19 11:31 . 2004-01-19 11:31 20480 ----a-w- c:\program files\lfCUT13n.dll
2004-01-19 10:31 . 2004-01-19 10:31 453120 ----a-w- c:\program files\ltkrn13n.dll
2004-01-19 10:12 . 2004-01-19 10:12 89600 ----a-w- c:\program files\Lfcgm13n.dll
2004-01-19 09:49 . 2004-01-19 09:49 278016 ----a-w- c:\program files\LFJ2K13n.dll
2004-01-19 09:49 . 2004-01-19 09:49 180736 ----a-w- c:\program files\Lfpng13n.dll
2004-01-19 09:47 . 2004-01-19 09:47 76800 ----a-w- c:\program files\Lfwmf13n.dll
2004-01-19 09:47 . 2004-01-19 09:47 509440 ----a-w- c:\program files\LFCMW13n.dll
2004-01-19 09:45 . 2004-01-19 09:45 420352 ----a-w- c:\program files\LFCMP13n.DLL
2004-01-19 09:44 . 2004-01-19 09:44 143872 ----a-w- c:\program files\lftif13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 56832 ----a-w- c:\program files\lfpsd13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 19968 ----a-w- c:\program files\lfpcd13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 26624 ----a-w- c:\program files\lfpcx13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 65536 ----a-w- c:\program files\Lfpct13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 18944 ----a-w- c:\program files\lfmsp13n.dll
2004-01-19 09:35 . 2004-01-19 09:35 18944 ----a-w- c:\program files\lfmac13n.dll
2004-01-19 09:35 . 2004-01-19 09:35 20992 ----a-w- c:\program files\lfimg13n.dll
2004-01-19 09:34 . 2004-01-19 09:34 31744 ----a-w- c:\program files\lfclp13n.dll
2004-01-19 09:34 . 2004-01-19 09:34 30208 ----a-w- c:\program files\lfbmp13n.dll
2004-01-19 09:33 . 2004-01-19 09:33 444928 ----a-w- c:\program files\ltimg13n.dll
2004-01-19 09:32 . 2004-01-19 09:32 265216 ----a-w- c:\program files\LTDIS13n.dll
2000-05-02 02:17 . 2000-05-02 02:17 212480 ----a-w- c:\program files\PCDLIB32.DLL
1999-11-18 21:00 . 1999-11-18 21:00 284032 ----a-w- c:\program files\XceedZip.dll
2011-11-10 17:02 . 2011-10-04 12:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-28 77824]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 606208]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-06-11 503808]
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2009-10-07 939272]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
DKS 1500.lnk - c:\dks\Dks_scan.bat [2006-7-31 78]
.
c:\documents and settings\Uzivatel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Software Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Software Kodak EasyShare.lnk
backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SoftWedge.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SoftWedge.lnk
backup=c:\windows\pss\SoftWedge.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 07:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\temp\\PhotoTeller\\PictureOrganiser.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9.5.2010 9:55 64288]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [7.7.2006 15:00 19240]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [29.9.2009 18:18 809736]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird_2_1\bin\fbguard.exe [2.12.2010 18:53 81920]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [10.3.2010 22:24 98304]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird_2_1\bin\fbserver.exe [2.12.2010 18:53 2736128]
R3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [17.5.2010 22:41 12953]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.7.2011 22:20 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 14:19 1181328]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.7.2011 22:20 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 USTORAGE;UMass Storage Device;c:\windows\system32\drivers\UStorage.sys [14.4.2009 2:05 31104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 21:20]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 21:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
Trusted Zone: blogger.com\www
Trusted Zone: google.sk\www
TCP: DhcpNameServer = 85.237.225.250 192.168.0.1
FF - ProfilePath - c:\documents and settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\o1p2i3rx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D882232E-0E7A-8357-050D-354A05E61C15}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabhakjpnbkjniidch"=hex:63,61,70,65,6a,61,00,7c
.
Completion time: 2011-11-19 17:58:20
ComboFix-quarantined-files.txt 2011-11-19 16:58
ComboFix2.txt 2011-11-18 08:31
.
Pre-Run: 14 971 842 560 bytes free
Post-Run: 18 adresárov, 14 956 101 632 voľných bajtov
.
- - End Of File - - 4FD3ACF668E91B38F8FFC39989BFFF9C
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.511 [GMT 1:00]
Running from: c:\documents and settings\Uzivatel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-13 14:59 . 2011-11-13 14:59 -------- d-----w- c:\documents and settings\Uzivatel\Application Data\SoftMaker
2011-11-13 14:59 . 2011-11-13 14:59 -------- d-----w- c:\program files\SoftMaker Viewer
2011-11-13 14:59 . 2010-09-23 11:15 98344 ----a-w- c:\windows\unTMV.exe
2011-11-13 09:44 . 2011-11-13 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-11-13 09:44 . 2011-11-16 19:36 -------- d-----w- c:\program files\McAfee Security Scan
2011-10-31 14:15 . 2011-10-31 14:15 -------- d-----w- c:\program files\Advanced PDF to IMAGE converter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 16:46 . 2011-07-19 07:23 1409 ----a-w- c:\windows\QTFont.for
2011-11-13 09:45 . 2011-06-05 20:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2006-07-10 07:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-03 22:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-03 21:17 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2004-08-03 22:56 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2004-08-03 20:59 369664 ----a-w- c:\windows\system32\html.iec
2004-10-11 17:46 . 2004-10-11 17:46 205312 ----a-w- c:\program files\ltefx13n.dll
2004-01-19 12:31 . 2004-01-19 12:31 153600 ----a-w- c:\program files\ltfil13n.DLL
2004-01-19 11:31 . 2004-01-19 11:31 27648 ----a-w- c:\program files\lfiff13n.dll
2004-01-19 11:31 . 2004-01-19 11:31 20480 ----a-w- c:\program files\lfCUT13n.dll
2004-01-19 10:31 . 2004-01-19 10:31 453120 ----a-w- c:\program files\ltkrn13n.dll
2004-01-19 10:12 . 2004-01-19 10:12 89600 ----a-w- c:\program files\Lfcgm13n.dll
2004-01-19 09:49 . 2004-01-19 09:49 278016 ----a-w- c:\program files\LFJ2K13n.dll
2004-01-19 09:49 . 2004-01-19 09:49 180736 ----a-w- c:\program files\Lfpng13n.dll
2004-01-19 09:47 . 2004-01-19 09:47 76800 ----a-w- c:\program files\Lfwmf13n.dll
2004-01-19 09:47 . 2004-01-19 09:47 509440 ----a-w- c:\program files\LFCMW13n.dll
2004-01-19 09:45 . 2004-01-19 09:45 420352 ----a-w- c:\program files\LFCMP13n.DLL
2004-01-19 09:44 . 2004-01-19 09:44 143872 ----a-w- c:\program files\lftif13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 56832 ----a-w- c:\program files\lfpsd13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 19968 ----a-w- c:\program files\lfpcd13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 26624 ----a-w- c:\program files\lfpcx13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 65536 ----a-w- c:\program files\Lfpct13n.dll
2004-01-19 09:36 . 2004-01-19 09:36 18944 ----a-w- c:\program files\lfmsp13n.dll
2004-01-19 09:35 . 2004-01-19 09:35 18944 ----a-w- c:\program files\lfmac13n.dll
2004-01-19 09:35 . 2004-01-19 09:35 20992 ----a-w- c:\program files\lfimg13n.dll
2004-01-19 09:34 . 2004-01-19 09:34 31744 ----a-w- c:\program files\lfclp13n.dll
2004-01-19 09:34 . 2004-01-19 09:34 30208 ----a-w- c:\program files\lfbmp13n.dll
2004-01-19 09:33 . 2004-01-19 09:33 444928 ----a-w- c:\program files\ltimg13n.dll
2004-01-19 09:32 . 2004-01-19 09:32 265216 ----a-w- c:\program files\LTDIS13n.dll
2000-05-02 02:17 . 2000-05-02 02:17 212480 ----a-w- c:\program files\PCDLIB32.DLL
1999-11-18 21:00 . 1999-11-18 21:00 284032 ----a-w- c:\program files\XceedZip.dll
2011-11-10 17:02 . 2011-10-04 12:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-28 77824]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 606208]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-06-11 503808]
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2009-10-07 939272]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
DKS 1500.lnk - c:\dks\Dks_scan.bat [2006-7-31 78]
.
c:\documents and settings\Uzivatel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Software Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Software Kodak EasyShare.lnk
backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SoftWedge.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SoftWedge.lnk
backup=c:\windows\pss\SoftWedge.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 07:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\temp\\PhotoTeller\\PictureOrganiser.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9.5.2010 9:55 64288]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [7.7.2006 15:00 19240]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [29.9.2009 18:18 809736]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird_2_1\bin\fbguard.exe [2.12.2010 18:53 81920]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [10.3.2010 22:24 98304]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird_2_1\bin\fbserver.exe [2.12.2010 18:53 2736128]
R3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [17.5.2010 22:41 12953]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.7.2011 22:20 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 14:19 1181328]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.7.2011 22:20 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 USTORAGE;UMass Storage Device;c:\windows\system32\drivers\UStorage.sys [14.4.2009 2:05 31104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 14:55]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 21:20]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 21:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
Trusted Zone: blogger.com\www
Trusted Zone: google.sk\www
TCP: DhcpNameServer = 85.237.225.250 192.168.0.1
FF - ProfilePath - c:\documents and settings\Uzivatel\Application Data\Mozilla\Firefox\Profiles\o1p2i3rx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D882232E-0E7A-8357-050D-354A05E61C15}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabhakjpnbkjniidch"=hex:63,61,70,65,6a,61,00,7c
.
Completion time: 2011-11-19 17:58:20
ComboFix-quarantined-files.txt 2011-11-19 16:58
ComboFix2.txt 2011-11-18 08:31
.
Pre-Run: 14 971 842 560 bytes free
Post-Run: 18 adresárov, 14 956 101 632 voľných bajtov
.
- - End Of File - - 4FD3ACF668E91B38F8FFC39989BFFF9C
