offline
- Djole
- Mod u pemziji
- Pridružio: 02 Sep 2003
- Poruke: 4955
|
ComboFix 10-05-13.03 - Korisnik 05/14/2010 9:37.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2046.1255 [GMT 2:00]
Running from: c:\users\Korisnik\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\wc98pp.dll
Infected copy of c:\windows\system32\drivers\partmgr.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))))
.
2010-05-14 07:41 . 2010-05-14 07:41 -------- d-----w- c:\users\Korisnik\AppData\Local\temp
2010-05-14 07:41 . 2010-05-14 07:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Colasoft MAC Scanner
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\program files\Common Files\Colasoft Shared
2010-05-13 16:56 . 2010-05-13 16:57 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Packet Analyzer - Colasoft Capsa 7.1
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\program files\Common Files\Software FX Shared
2010-05-13 16:56 . 2009-12-14 16:11 28184 ----a-w- c:\windows\system32\drivers\CSN5PDTS82.sys
2010-05-13 16:56 . 2010-05-13 16:56 -------- d-----w- c:\program files\Packet Analyzer - Colasoft Capsa 7.1 Demo
2010-05-13 16:54 . 2010-05-13 16:54 -------- d-----w- c:\program files\Flexbyte Software
2010-05-13 16:16 . 2010-05-13 16:16 -------- d-----w- c:\program files\Defraggler
2010-05-13 13:09 . 2010-05-13 13:09 -------- d-----w- c:\program files\Ask.com
2010-05-13 08:21 . 2010-05-13 08:21 0 ----a-w- c:\users\Korisnik\AppData\Roaming\AidMaker\AIDMAKERSILENTBUNDLESETUP.EXE
2010-05-13 08:21 . 2010-05-13 08:21 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AidMaker
2010-05-13 08:21 . 2007-02-07 09:01 22 ----a-w- c:\windows\system32\dciman13.sys
2010-05-13 07:47 . 2010-05-13 07:47 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AVS4YOU
2010-05-13 07:47 . 2010-05-13 07:47 -------- d-----w- c:\programdata\AVS4YOU
2010-05-13 07:46 . 2010-05-13 16:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-13 07:46 . 2010-05-13 16:03 -------- d-----w- c:\program files\AVS4YOU
2010-05-13 07:46 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-05-13 07:46 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-05-13 07:46 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-05-13 07:46 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-05-13 07:46 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-12 11:05 . 2010-05-12 11:05 45056 ---ha-w- c:\users\Korisnik\AppData\Roaming\Microsoft\Emulator for Windows CE\VPCKeyboard.dll
2010-05-09 21:50 . 2010-05-09 21:50 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-05-09 21:48 . 2010-05-09 21:48 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-05-09 21:46 . 2010-05-09 21:46 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-08 16:15 . 2008-09-08 13:11 13099456 ----a-w- c:\programdata\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\PCCS.exe
2010-05-07 14:20 . 2010-05-13 08:32 -------- d-----w- c:\program files\DScaler
2010-05-07 14:20 . 2010-05-07 14:25 -------- d-----w- c:\users\Korisnik\AppData\Roaming\DScaler4
2010-05-06 07:11 . 2010-05-06 07:11 -------- d-----w- c:\users\Korisnik\AppData\Roaming\The Creative Assembly
2010-05-05 13:10 . 2010-05-05 13:10 -------- d-----w- c:\program files\The KMPlayer
2010-05-05 09:04 . 2010-05-05 09:05 -------- d-----w- c:\program files\Gigatron Konfigurator
2010-05-02 16:02 . 2010-05-02 16:02 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Thinstall
2010-05-02 16:02 . 2010-05-02 16:02 -------- d-----w- c:\users\Korisnik\AppData\Local\Thinstall
2010-05-01 09:32 . 2010-05-01 09:32 -------- d-----w- c:\program files\Common Files\NSV
2010-04-30 22:11 . 2010-04-30 22:11 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-30 11:21 . 2010-04-30 11:21 -------- d-----w- c:\users\Korisnik\AppData\Roaming\PCF-VLC
2010-04-30 11:18 . 2010-04-30 11:18 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Participatory Culture Foundation
2010-04-30 11:17 . 2010-04-30 11:17 -------- d-----w- c:\program files\Participatory Culture Foundation
2010-04-30 07:15 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-30 07:13 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-30 07:13 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-30 07:13 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-04-30 07:13 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-04-30 07:13 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-30 07:13 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-30 07:13 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-30 07:03 . 2010-04-30 07:03 -------- d-----w- c:\programdata\ATI
2010-04-26 06:01 . 2010-04-27 10:20 -------- d-----w- c:\program files\TweakNow PowerPack 2010
2010-04-25 08:00 . 2010-04-10 07:03 77824 ----a-w- c:\windows\KMService.exe
2010-04-25 08:00 . 2003-04-18 17:06 8192 ----a-w- c:\windows\system32\srvany.exe
2010-04-24 09:27 . 2010-04-24 09:27 -------- d-----w- c:\program files\7-Zip
2010-04-21 12:29 . 2010-04-21 12:29 -------- d-----w- c:\users\Korisnik\AppData\Local\Bump Technologies, Inc
2010-04-21 12:29 . 2010-04-21 12:29 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Bump Technologies, Inc
2010-04-21 10:53 . 2010-04-21 10:53 -------- d-----w- c:\windows\Sun
2010-04-21 10:53 . 2010-04-21 10:53 -------- d-----w- c:\program files\Common Files\Java
2010-04-21 10:53 . 2010-04-21 10:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 10:53 . 2010-04-21 10:53 -------- d-----w- c:\program files\Java
2010-04-20 06:38 . 2010-04-20 06:38 5430 ----a-r- c:\users\Korisnik\AppData\Roaming\Microsoft\Installer\{DA084DC0-F7C4-4285-9304-D0EB88AF0998}\_F7BD5300A94D01B980311C.exe
2010-04-20 06:38 . 2010-04-20 06:38 5430 ----a-r- c:\users\Korisnik\AppData\Roaming\Microsoft\Installer\{DA084DC0-F7C4-4285-9304-D0EB88AF0998}\_6FEFF9B68218417F98F549.exe
2010-04-20 06:38 . 2010-04-20 06:38 5430 ----a-r- c:\users\Korisnik\AppData\Roaming\Microsoft\Installer\{DA084DC0-F7C4-4285-9304-D0EB88AF0998}\_4C2FBD8A940F15BB854FB5.exe
2010-04-20 06:38 . 2010-04-20 06:38 -------- d-----w- c:\program files\Readon Technology
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 07:42 . 2009-12-30 14:43 -------- d-----w- c:\program files\SpeedFan
2010-05-13 22:26 . 2009-12-30 14:51 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Skype
2010-05-13 22:24 . 2009-12-30 14:55 -------- d-----w- c:\users\Korisnik\AppData\Roaming\uTorrent
2010-05-13 16:16 . 2009-12-31 09:40 -------- d-----w- c:\program files\CCleaner
2010-05-13 16:15 . 2010-03-17 23:12 -------- d-----w- c:\program files\RocketDock
2010-05-13 16:09 . 2009-12-30 14:54 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-13 16:07 . 2009-12-30 20:53 -------- d-----w- c:\program files\Ray Adams
2010-05-13 16:05 . 2010-03-29 08:12 -------- d-----w- c:\program files\iGoEditor
2010-05-13 08:51 . 2010-02-02 21:23 -------- d-----w- c:\users\Korisnik\AppData\Roaming\vlc
2010-05-13 08:38 . 2009-12-30 20:50 111592 ----a-w- c:\users\Korisnik\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-13 06:17 . 2010-01-23 22:31 -------- d-----w- c:\program files\MSI Kombustor
2010-05-12 08:24 . 2009-12-30 14:56 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AIMP
2010-05-10 08:10 . 2010-03-09 14:51 -------- d-----w- c:\programdata\VMware
2010-05-09 15:33 . 2009-12-31 11:29 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Wildfire
2010-05-08 16:15 . 2010-05-08 16:15 8192 ----a-w- c:\programdata\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-08 16:15 . 2010-05-08 15:17 -------- d-----w- c:\programdata\Installations
2010-05-08 15:51 . 2009-12-30 14:30 -------- d-----w- c:\program files\fraps
2010-05-08 15:51 . 2010-05-08 15:51 -------- d-----w- c:\program files\IVT Corporation
2010-05-08 15:33 . 2010-05-08 15:33 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-05-08 15:19 . 2010-05-08 15:18 -------- d-----w- c:\users\Korisnik\AppData\Roaming\PC Suite
2010-05-08 15:19 . 2010-05-08 15:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-08 15:19 . 2010-05-08 15:18 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Nokia
2010-05-08 15:19 . 2010-05-08 15:18 -------- d-----w- c:\programdata\PC Suite
2010-05-08 15:18 . 2009-12-30 15:01 -------- d-----w- c:\program files\DIFX
2010-05-08 15:18 . 2010-05-08 15:18 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2010-05-08 15:18 . 2010-05-08 15:18 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-08 15:18 . 2010-05-08 15:18 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-05-08 15:18 . 2010-05-08 15:18 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-08 15:16 . 2009-12-30 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-08 07:59 . 2009-12-31 09:19 -------- d-----w- c:\users\Korisnik\AppData\Roaming\.purple
2010-05-06 20:59 . 2009-12-30 15:08 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-12-30 15:08 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-12-30 15:08 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-12-30 15:08 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2009-12-30 15:08 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2009-12-30 15:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 08:40 . 2009-12-30 15:33 -------- d--h--w- c:\program files\Temp
2010-05-03 10:08 . 2010-03-09 14:58 -------- d-----w- c:\users\Korisnik\AppData\Roaming\VMware
2010-05-02 19:40 . 2010-01-09 08:52 -------- d-----w- c:\program files\Opera 10.50 pre-alpha
2010-04-30 07:03 . 2010-02-12 09:50 -------- d-----w- c:\program files\ATI
2010-04-30 07:00 . 2009-12-30 22:43 -------- d-----w- c:\program files\ATI Technologies
2010-04-16 08:10 . 2009-12-30 15:59 -------- d-----w- c:\users\Korisnik\AppData\Roaming\My Games
2010-04-14 16:47 . 2009-12-30 15:08 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-13 20:29 . 2010-03-05 09:21 -------- d-----w- c:\programdata\MumboJumbo
2010-04-12 20:46 . 2010-04-12 20:46 -------- d-----w- c:\program files\NRadioBox
2010-04-08 13:15 . 2009-12-30 20:36 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Nero
2010-04-08 12:56 . 2010-04-08 12:55 -------- d-----w- c:\programdata\DVD Shrink
2010-04-08 12:55 . 2010-04-08 12:55 -------- d-----w- c:\program files\DVD Shrink
2010-04-07 13:35 . 2010-04-07 13:35 -------- d-----w- c:\program files\7room
2010-04-07 02:43 . 2010-04-07 02:43 5430272 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-04-07 02:16 . 2010-04-07 02:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 02:16 . 2010-02-03 04:23 489472 ----a-w- c:\windows\system32\aticfx32.dll
2010-04-07 02:13 . 2010-04-07 02:13 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 02:12 . 2010-04-07 02:12 372736 ----a-w- c:\windows\system32\atieclxx.exe
2010-04-07 02:12 . 2010-04-07 02:12 14321664 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 02:12 . 2010-04-07 02:12 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2010-04-07 02:10 . 2010-04-07 02:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-04-07 02:10 . 2010-04-07 02:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 02:10 . 2010-04-07 02:10 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 02:10 . 2010-04-07 02:10 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-04-07 02:10 . 2010-04-07 02:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 02:06 . 2009-09-23 22:22 3164160 ----a-w- c:\windows\system32\atidxx32.dll
2010-04-07 01:46 . 2010-02-03 03:23 50176 ----a-w- c:\windows\system32\coinst.dll
2010-04-07 01:40 . 2009-09-23 22:06 3707904 ----a-w- c:\windows\system32\atiumdag.dll
2010-04-07 01:40 . 2010-04-07 01:40 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 01:40 . 2010-04-07 01:40 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 01:38 . 2010-04-07 01:38 4018176 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:23 . 2009-11-25 02:25 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:23 . 2010-04-07 01:23 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-04-07 01:23 . 2010-04-07 01:23 14848 ----a-w- c:\windows\system32\atigktxx.dll
2010-04-07 01:23 . 2010-04-07 01:23 157184 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-04-07 01:22 . 2010-02-03 03:23 28160 ----a-w- c:\windows\system32\atiuxpag.dll
2010-04-07 01:22 . 2010-02-03 03:22 20480 ----a-w- c:\windows\system32\atiu9pag.dll
2010-04-07 01:22 . 2010-04-07 01:22 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:21 . 2009-09-23 21:48 2983936 ----a-w- c:\windows\system32\atiumdva.dll
2010-04-07 01:08 . 2010-04-07 01:08 52224 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:08 . 2010-04-07 01:08 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2010-04-06 16:13 . 2010-05-05 08:40 3066912 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-04-06 15:58 . 2010-05-05 08:40 1759264 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-04-06 15:58 . 2010-05-05 08:40 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-04-06 15:58 . 2010-05-05 08:40 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-04-06 15:58 . 2010-05-05 08:40 2649632 ----a-w- c:\windows\system32\RtkAPO.dll
2010-04-06 10:19 . 2010-02-03 16:15 -------- d-----w- c:\program files\Partition Wizard Home Edition 4.1
2010-04-03 16:46 . 2009-12-30 14:55 -------- d-----w- c:\program files\AIMP2
2010-04-02 16:09 . 2010-04-02 16:09 2023 ----a-w- c:\windows\system32\atipblag.dat
2010-03-30 18:35 . 2010-05-05 08:40 299936 ----a-w- c:\windows\system32\FMAPO.dll
2010-03-29 08:12 . 2010-03-29 08:12 249856 ------w- c:\windows\Setup1.exe
2010-03-29 08:12 . 2010-03-29 08:12 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-28 17:48 . 2009-12-30 14:51 -------- d-----w- c:\program files\Universal Share Download
2010-03-27 16:52 . 2010-03-16 05:48 -------- d-----w- c:\users\Korisnik\AppData\Roaming\skypePM
2010-03-23 13:16 . 2010-03-23 13:16 -------- d-----w- c:\users\Korisnik\AppData\Roaming\MAXON
2010-03-23 09:21 . 2010-03-23 09:17 -------- d-----w- c:\programdata\TrackMania
2010-03-22 12:22 . 2010-05-05 08:40 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-22 09:25 . 2010-03-22 09:25 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-22 09:25 . 2009-12-30 14:48 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-22 09:25 . 2009-12-30 14:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-20 08:22 . 2009-12-30 14:54 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Thunderbird
2010-03-17 15:06 . 2010-03-17 15:06 202234 ----a-w- c:\windows\system32\atiicdxx.dat
2010-03-16 22:15 . 2010-03-16 05:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-16 05:48 . 2010-03-16 05:48 -------- d-----w- c:\program files\Common Files\Skype
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-01-16 07:59 561552 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 15:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WizMouse"="c:\program files\WizMouse\WizMouse.exe" [2009-03-06 552184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IconSaver"="c:\program files\IconSaver\IconSaver.exe" [2002-02-18 110592]
"PhoneTray"="c:\program files\Traysoft\PhoneTray\PhoneTray.exe" [2009-12-20 445680]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EventGhost.lnk - c:\program files\EventGhost\EventGhost.exe [2009-12-30 30208]
Volume OSD.exe [2009-1-17 216652]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-04-06 19:25 102400 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R3 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-09-24 29192]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-01-06 17488]
R3 GarenaPEngine;GarenaPEngine;c:\users\Korisnik\AppData\Local\Temp\HYC207D.tmp [x]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2010-01-06 24944]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 25480]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-21 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-21 11088]
R3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe [2009-08-24 93336]
R3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
R3 speccy;speccy;c:\users\Korisnik\AppData\Local\Temp\830202641571742035463306544speccy.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-09-24 19592]
S1 aswSP;aswSP; [x]
S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [2009-12-14 28184]
S1 HWiNFO32;HWiNFO32 Kernel Driver;d:\programi\Benchmark\HWInfo32\HWiNFO32.SYS [2009-07-16 19064]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 BT848;bt848 tweaked WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2001-04-27 204127]
S2 BTTUNER;bt848 tweaked WDM TvTuner;c:\windows\system32\drivers\BTTUNER.sys [2001-04-27 9251]
S2 BTXBAR;bt848 tweaked TV WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [2001-04-27 8193]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [2009-10-27 261392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 WUSB11;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\DRIVERS\LSWLUSB.sys [2002-05-28 54083]
.
Contents of the 'Scheduled Tasks' folder
2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43753074-2541558060-2943434843-1000Core.job
- c:\users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-30 15:51]
2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-43753074-2541558060-2943434843-1000UA.job
- c:\users\Korisnik\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-30 15:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-Canaveral - c:\windows\system32\sshnas21.dll
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Korisnik\AppData\Local\Temp\HYC207D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-43753074-2541558060-2943434843-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:18,fd,a3,bc,4e,de,a0,d5,89,03,b8,ee,be,34,5a,67,65,04,5f,5e,2d,68,c8,
18,f2,3a,42,ab,04,02,55,86,40,87,60,0c,24,40,cb,8f,92,c1,97,16,d3,8a,56,e5,\
"??"=hex:b3,24,74,8a,67,e8,cb,e0,96,03,bf,6e,ed,3e,8b,d6
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3916)
c:\program files\EventGhost\plugins\Task\hook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\KMService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volume OSD.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-05-14 09:45:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-14 07:45
Pre-Run: 7,402,086,400 bytes free
Post-Run: 7,212,355,584 bytes free
- - End Of File - - 1A374EB570BB145D7114CEE51F8D7A9C
|