API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 28th, 2011
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.87 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-08-28.01 - Mateo 8.08.2011. 20:42:03.1.4 - x64
  2. Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.4095.2519 [GMT 2:00]
  3. Running from: c:\users\Mateo\Desktop\ComboFix.exe
  4. AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
  5. SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
  6. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7. .
  8. .
  9. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  10. .
  11. .
  12. c:\programdata\TorrentEasy\fdmbtsupp.dll
  13. c:\users\Mateo\AppData\Roaming\Minecraft.exe
  14. c:\windows\SysWow64\jgaw400.dll
  15. c:\windows\SysWow64\Temp
  16. c:\windows\SysWow64\Temp\KSKD87SFDS
  17. .
  18. .
  19. ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
  20. .
  21. .
  22. 2011-08-28 18:47 . 2011-08-28 18:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
  23. 2011-08-28 18:47 . 2011-08-28 18:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
  24. 2011-08-28 18:47 . 2011-08-28 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
  25. 2011-08-28 15:59 . 2011-08-28 15:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll
  26. 2011-08-28 15:59 . 2011-08-28 15:59 2048 ----a-w- c:\windows\system32\tzres.dll
  27. 2011-08-28 00:16 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05B6E846-747B-4A77-AED3-58845FEE5307}\mpengine.dll
  28. 2011-08-26 12:47 . 2011-08-26 15:04 -------- d-----w- c:\users\Mateo\AppData\Local\Ahead
  29. 2011-08-26 12:44 . 2011-08-28 16:09 -------- d-----w- c:\program files (x86)\Common Files\Ahead
  30. 2011-08-22 13:36 . 2011-08-22 13:42 -------- d-----w- c:\program files (x86)\Minecraft Beta
  31. 2011-08-21 20:30 . 2011-08-21 20:30 -------- d-----w- c:\program files (x86)\LIMBO
  32. 2011-08-21 07:21 . 2011-08-22 21:26 2656 ----a-w- c:\windows\SysWow64\io02.sys
  33. 2011-08-11 11:27 . 2011-08-13 00:09 -------- d-----w- c:\users\Mateo\AppData\Roaming\.minecraft
  34. 2011-08-11 11:27 . 2011-08-11 11:27 -------- d-----w- c:\users\Mateo\AppData\Roaming\Minecraft
  35. 2011-08-11 06:19 . 2011-08-11 06:19 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
  36. 2011-08-10 14:45 . 2011-08-10 14:45 -------- d-----w- c:\program files (x86)\MSI Kombustor
  37. 2011-08-10 14:29 . 2011-08-10 14:29 -------- d-----w- c:\users\Mateo\AppData\Local\Micro-Star_Int'l_Co.,_Ltd
  38. 2011-08-10 14:07 . 2011-08-17 08:59 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
  39. 2011-08-10 14:07 . 2011-08-17 08:59 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
  40. 2011-08-10 14:07 . 2011-08-17 08:59 785368 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
  41. 2011-08-10 14:07 . 2011-08-17 08:59 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
  42. 2011-08-10 14:07 . 2011-08-17 08:59 1846232 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
  43. 2011-08-10 14:07 . 2011-08-17 08:59 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
  44. 2011-08-10 14:07 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
  45. 2011-08-10 14:07 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
  46. 2011-08-10 13:54 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe
  47. 2011-08-10 12:04 . 1999-06-25 08:55 149504 ----a-w- c:\windows\UNWISE.EXE
  48. 2011-08-10 10:14 . 2011-08-10 15:44 -------- d-----r- c:\users\Mateo\Virtual Machines
  49. 2011-08-10 10:07 . 2009-07-22 22:24 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcusb.sys.mui
  50. 2011-08-10 10:01 . 2005-05-10 23:01 20480 ----a-w- c:\windows\system32\Jb4Instx.crl
  51. 2011-08-10 09:47 . 2011-08-10 09:47 -------- d-----w- C:\CtJbFW
  52. 2011-08-10 09:37 . 2011-08-10 10:01 -------- d-----w- c:\program files\Creative
  53. 2011-08-10 09:20 . 2000-05-22 08:58 647872 ------w- c:\windows\SysWow64\Mscomct2.ocx
  54. 2011-08-10 09:20 . 1999-10-11 01:00 41984 ------w- c:\windows\Ctregrun.exe
  55. 2011-08-10 09:19 . 2011-08-10 09:19 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
  56. 2011-08-10 09:17 . 2011-08-10 12:04 -------- d-----w- c:\program files (x86)\Creative
  57. 2011-08-10 09:16 . 2003-11-10 16:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
  58. 2011-08-10 09:16 . 2003-11-10 16:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
  59. 2011-08-10 09:16 . 2003-11-10 16:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
  60. 2011-08-10 09:16 . 2003-11-10 16:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
  61. 2011-08-10 09:16 . 2003-11-10 16:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
  62. 2011-08-10 09:16 . 2011-08-10 09:16 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
  63. 2011-08-10 09:16 . 2011-08-10 09:16 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
  64. 2011-08-09 17:55 . 2011-08-10 13:52 -------- d-----w- c:\users\Mateo\AppData\Roaming\go
  65. 2011-08-09 17:55 . 2011-08-10 13:52 -------- d-----w- c:\programdata\Easybits GO
  66. 2011-08-09 15:40 . 2011-08-09 15:40 -------- d-----w- c:\users\Mateo\AppData\Roaming\DVRemote
  67. 2011-08-09 14:39 . 2011-08-09 14:39 -------- d-----w- c:\users\Mateo\AppData\Roaming\Malwarebytes
  68. 2011-08-09 14:38 . 2011-08-09 14:38 -------- d-----w- c:\programdata\Malwarebytes
  69. 2011-08-09 14:38 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
  70. 2011-08-09 10:51 . 2011-08-09 11:26 -------- d-----w- c:\users\Mateo\AppData\Local\WMTools Downloaded Files
  71. 2011-08-09 10:26 . 2011-08-09 10:26 -------- d-----w- c:\program files (x86)\Movie Maker 2.6
  72. 2011-08-07 18:32 . 2011-08-07 18:32 -------- d-----w- c:\programdata\YouTube Downloader
  73. 2011-08-07 18:32 . 2011-08-07 18:32 -------- d-----w- c:\program files (x86)\YouTube Downloader
  74. 2011-08-07 18:08 . 2011-08-07 18:08 -------- d-----w- C:\Download
  75. 2011-08-07 18:08 . 2011-08-07 18:08 -------- d-----w- C:\tmpDownload
  76. 2011-08-07 18:08 . 2011-08-07 18:13 -------- d-----w- C:\YoutubeMusicDownloader
  77. 2011-08-06 17:22 . 2011-08-06 17:22 -------- d-----w- c:\programdata\Futuremark
  78. 2011-08-05 14:22 . 2011-08-05 14:50 -------- d-----w- c:\program files (x86)\DVDInfoPro
  79. 2011-08-04 09:50 . 2011-08-04 09:50 53248 ----a-r- c:\users\Mateo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
  80. 2011-08-04 09:50 . 2011-08-04 09:50 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
  81. 2011-08-04 09:50 . 2011-08-04 09:50 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
  82. 2011-08-04 09:49 . 2011-08-04 09:51 -------- d-----w- c:\programdata\Logishrd
  83. 2011-08-04 09:49 . 2011-08-04 09:50 -------- d-----w- c:\users\Mateo\AppData\Roaming\Logitech
  84. 2011-08-04 09:49 . 2011-08-04 09:49 -------- d-----w- c:\users\Mateo\AppData\Roaming\Logishrd
  85. 2011-08-04 09:44 . 2011-08-04 09:44 -------- d-----w- c:\program files (x86)\Driver-Soft
  86. 2011-08-02 07:02 . 2011-08-02 07:02 -------- d-----w- c:\users\Mateo\.mobione
  87. 2011-07-31 12:07 . 2011-07-31 12:07 -------- d-----w- c:\program files (x86)\Common Files\Bcgsoft
  88. 2011-07-31 12:05 . 2011-07-31 12:05 -------- d-----w- c:\program files (x86)\The Game Creators
  89. 2011-07-31 11:21 . 2011-07-31 13:46 -------- d-----w- c:\users\Mateo\AppData\Roaming\WindSolutions
  90. 2011-07-31 11:21 . 2011-07-31 11:22 -------- d-----w- c:\programdata\WindSolutions
  91. 2011-07-31 10:08 . 2011-07-31 10:14 -------- d-----w- c:\windows\occache
  92. .
  93. .
  94. .
  95. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  96. .
  97. 2011-08-25 12:10 . 2011-06-25 17:26 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
  98. 2011-08-25 12:10 . 2011-04-05 14:44 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
  99. 2011-08-24 08:56 . 2011-04-08 15:20 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
  100. 2011-08-22 19:44 . 2011-04-05 14:44 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
  101. 2011-08-13 12:09 . 2011-05-15 07:18 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  102. 2011-07-17 09:24 . 2011-07-17 09:24 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
  103. 2011-07-17 09:24 . 2011-07-17 09:24 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
  104. 2011-07-16 11:56 . 2011-07-16 11:56 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
  105. 2011-07-16 04:26 . 2011-08-10 13:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
  106. 2011-06-30 11:30 . 2011-06-30 11:30 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
  107. 2011-06-30 11:30 . 2011-04-02 21:35 122904 ----a-w- c:\windows\system32\OpenAL32.dll
  108. 2011-06-20 11:28 . 2011-06-20 11:28 4096 ----a-w- c:\windows\SysWow64\drivers\nocashio.sys
  109. 2011-06-11 03:07 . 2011-07-13 09:01 3137536 ----a-w- c:\windows\system32\win32k.sys
  110. 2011-06-10 23:58 . 2011-06-10 23:58 81744 ----a-w- c:\windows\SysWow64\mfcm100u.dll
  111. 2011-06-10 23:58 . 2011-06-10 23:58 81744 ----a-w- c:\windows\SysWow64\mfcm100.dll
  112. 2011-06-10 23:58 . 2011-06-10 23:58 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
  113. 2011-06-10 23:58 . 2011-06-10 23:58 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll
  114. 2011-06-10 23:58 . 2011-06-10 23:58 64336 ----a-w- c:\windows\SysWow64\mfc100deu.dll
  115. 2011-06-10 23:58 . 2011-06-10 23:58 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll
  116. 2011-06-10 23:58 . 2011-06-10 23:58 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll
  117. 2011-06-10 23:58 . 2011-06-10 23:58 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll
  118. 2011-06-10 23:58 . 2011-06-10 23:58 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll
  119. 2011-06-10 23:58 . 2011-06-10 23:58 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll
  120. 2011-06-10 23:58 . 2011-06-10 23:58 4422992 ----a-w- c:\windows\SysWow64\mfc100u.dll
  121. 2011-06-10 23:58 . 2011-06-10 23:58 4397384 ----a-w- c:\windows\SysWow64\mfc100.dll
  122. 2011-06-10 23:58 . 2011-06-10 23:58 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll
  123. 2011-06-10 23:58 . 2011-06-10 23:58 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll
  124. 2011-06-10 23:58 . 2011-06-10 23:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
  125. 2011-06-10 23:58 . 2011-06-10 23:58 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll
  126. 2011-06-10 23:58 . 2011-06-10 23:58 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll
  127. 2011-06-10 23:58 . 2011-06-10 23:58 138056 ----a-w- c:\windows\SysWow64\atl100.dll
  128. 2011-06-10 23:15 . 2011-06-10 23:15 93008 ----a-w- c:\windows\SysWow64\TBM3A63.tmp
  129. 2011-06-10 23:15 . 2011-06-10 23:15 93008 ----a-w- c:\windows\SysWow64\TBM3A42.tmp
  130. 2011-06-10 23:15 . 2011-06-10 23:15 829264 ----a-w- c:\windows\SysWow64\TBM3B20.tmp
  131. 2011-06-10 23:15 . 2011-06-10 23:15 64336 ----a-w- c:\windows\SysWow64\TBM3943.tmp
  132. 2011-06-10 23:15 . 2011-06-10 23:15 64336 ----a-w- c:\windows\SysWow64\TBM38F2.tmp
  133. 2011-06-10 23:15 . 2011-06-10 23:15 63824 ----a-w- c:\windows\SysWow64\TBM3932.tmp
  134. 2011-06-10 23:15 . 2011-06-10 23:15 62288 ----a-w- c:\windows\SysWow64\TBM3963.tmp
  135. 2011-06-10 23:15 . 2011-06-10 23:15 608080 ----a-w- c:\windows\SysWow64\TBM3A73.tmp
  136. 2011-06-10 23:15 . 2011-06-10 23:15 60752 ----a-w- c:\windows\SysWow64\TBM39B4.tmp
  137. 2011-06-10 23:15 . 2011-06-10 23:15 57168 ----a-w- c:\windows\SysWow64\TBM3B7F.tmp
  138. 2011-06-10 23:15 . 2011-06-10 23:15 5601616 ----a-w- c:\windows\SysWow64\TBM39F3.tmp
  139. 2011-06-10 23:15 . 2011-06-10 23:15 5574984 ----a-w- c:\windows\SysWow64\TBM3872.tmp
  140. 2011-06-10 23:15 . 2011-06-10 23:15 55120 ----a-w- c:\windows\SysWow64\TBM3922.tmp
  141. 2011-06-10 23:15 . 2011-06-10 23:15 43856 ----a-w- c:\windows\SysWow64\TBM3974.tmp
  142. 2011-06-10 23:15 . 2011-06-10 23:15 43344 ----a-w- c:\windows\SysWow64\TBM3994.tmp
  143. 2011-06-10 23:15 . 2011-06-10 23:15 36176 ----a-w- c:\windows\SysWow64\TBM38E1.tmp
  144. 2011-06-10 23:15 . 2011-06-10 23:15 36176 ----a-w- c:\windows\SysWow64\TBM38D1.tmp
  145. 2011-06-10 23:15 . 2011-06-10 23:15 158536 ----a-w- c:\windows\SysWow64\TBM3833.tmp
  146. 2011-06-01 14:43 . 2011-06-01 14:43 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
  147. .
  148. .
  149. ------- Sigcheck -------
  150. Note: Unsigned files aren't necessarily malware.
  151. .
  152. [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
  153. [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
  154. [-] 2011-04-02 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
  155. .
  156. [-] 2011-04-02 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
  157. [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
  158. [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
  159. .
  160. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  161. .
  162. .
  163. *Note* empty entries & legit default entries are not shown
  164. REGEDIT4
  165. .
  166. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  167. "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
  168. "Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-22 402832]
  169. .
  170. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  171. "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
  172. "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
  173. .
  174. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  175. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  176. "ConsentPromptBehaviorUser"= 3 (0x3)
  177. "EnableLUA"= 0 (0x0)
  178. "EnableUIADesktopToggle"= 0 (0x0)
  179. "PromptOnSecureDesktop"= 0 (0x0)
  180. "EnableLinkedConnections"= 1 (0x1)
  181. .
  182. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  183. Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  184. .
  185. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  186. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  187. R2 Firefox Service;Firefox Service;c:\users\Mateo\AppData\Roaming\Mozilla\Firefox\Profiles\77cuhd3z.default\extensions\startup.service@mozilla.com\svc.exe [x]
  188. R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
  189. R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
  190. R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
  191. R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
  192. R3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [x]
  193. R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
  194. R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
  195. R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
  196. R3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
  197. R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
  198. R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
  199. R3 Jukebox3_x64;Jukebox3_x64;c:\windows\system32\DRIVERS\ctpdusbx.sys [x]
  200. R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
  201. R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
  202. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
  203. R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
  204. R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
  205. R3 TipCtrl;TipCtrl;c:\program files (x86)\uTIPu\TipCtrl.exe [x]
  206. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
  207. R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
  208. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
  209. R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
  210. R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
  211. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
  212. R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
  213. R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
  214. R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
  215. R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
  216. R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
  217. R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
  218. R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
  219. S1 aswSnx;aswSnx; [x]
  220. S1 aswSP;aswSP; [x]
  221. S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
  222. S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-22 352656]
  223. S2 aswFsBlk;aswFsBlk; [x]
  224. S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
  225. S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
  226. S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
  227. S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
  228. S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
  229. S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
  230. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
  231. .
  232. .
  233. Contents of the 'Scheduled Tasks' folder
  234. .
  235. 2011-08-28 c:\windows\Tasks\GlaryInitialize.job
  236. - c:\program files (x86)\Glary Utilities\initialize.exe [2011-04-02 09:28]
  237. .
  238. 2011-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  239. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 08:53]
  240. .
  241. 2011-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  242. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 08:53]
  243. .
  244. .
  245. --------- x86-64 -----------
  246. .
  247. .
  248. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
  249. @="{472083B0-C522-11CF-8763-00608CC02F24}"
  250. [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
  251. 2011-02-23 14:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
  252. .
  253. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  254. "LoadAppInit_DLLs"=0x0
  255. .
  256. ------- Supplementary Scan -------
  257. .
  258. uLocal Page = c:\windows\system32\blank.htm
  259. uStart Page = hxxp://www.google.hr/
  260. uInternet Settings,ProxyOverride = *.local
  261. IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
  262. IE: Save video on Savevid.com - c:\program files (x86)\Savevid\redirect.htm
  263. TCP: Interfaces\{5F461A11-4018-45FC-8570-DD2DFA551E15}: NameServer = 208.67.222.222,208.67.220.220
  264. DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} - hxxp://213.147.118.29:6055/DVRemoteAx.cab
  265. FF - ProfilePath - c:\users\Mateo\AppData\Roaming\Mozilla\Firefox\Profiles\lzvjtc6w.default\
  266. FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
  267. FF - user.js: browser.cache.memory.capacity - 65536
  268. FF - user.js: browser.chrome.favicons - false
  269. FF - user.js: browser.display.show_image_placeholders - true
  270. FF - user.js: browser.turbo.enabled - true
  271. FF - user.js: browser.urlbar.autocomplete.enabled - true
  272. FF - user.js: browser.urlbar.autofill - true
  273. FF - user.js: browser.xul.error_pages.enabled - true
  274. FF - user.js: content.interrupt.parsing - true
  275. FF - user.js: content.max.tokenizing.time - 3000000
  276. FF - user.js: content.maxtextrun - 8191
  277. FF - user.js: content.notify.backoffcount - 5
  278. FF - user.js: content.notify.interval - 750000
  279. FF - user.js: content.notify.ontimer - true
  280. FF - user.js: content.switch.threshold - 750000
  281. FF - user.js: network.http.max-connections - 32
  282. FF - user.js: network.http.max-connections-per-server - 8
  283. FF - user.js: network.http.max-persistent-connections-per-proxy - 8
  284. FF - user.js: network.http.max-persistent-connections-per-server - 4
  285. FF - user.js: network.http.pipelining - true
  286. FF - user.js: network.http.pipelining.maxrequests - 8
  287. FF - user.js: network.http.proxy.pipelining - true
  288. FF - user.js: network.http.request.max-start-delay - 0
  289. FF - user.js: nglayout.initialpaint.delay - 0
  290. FF - user.js: plugin.expose_full_path - true
  291. FF - user.js: ui.submenuDelay - 0
  292. .
  293. - - - - ORPHANS REMOVED - - - -
  294. .
  295. AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
  296. AddRemove-Theme Park World - f:\igre\simtheme park\Uninst.isu
  297. .
  298. .
  299. .
  300. --------------------- LOCKED REGISTRY KEYS ---------------------
  301. .
  302. [HKEY_USERS\S-1-5-21-3263693909-2342236705-2179083420-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  303. "??"=hex:95,cc,bb,0a,1d,89,07,be,1e,3e,29,f5,66,bc,52,93,4d,ba,ec,ec,5b,10,1a,
  304. 28,eb,07,d1,7f,62,44,77,66,a8,b4,04,91,c5,09,08,28,bd,b8,c9,1d,68,b8,68,e6,\
  305. "??"=hex:ee,05,af,95,26,d8,05,61,94,55,77,8f,bf,f8,62,97
  306. .
  307. [HKEY_USERS\S-1-5-21-3263693909-2342236705-2179083420-1001\Software\SecuROM\License information*]
  308. "datasecu"=hex:c2,f8,e0,8b,2f,6c,3c,0f,37,bf,99,3e,ac,e5,44,73,db,95,79,7e,2a,
  309. 0c,58,fe,30,71,83,0b,b3,ec,4b,c8,ec,03,19,67,c7,b3,d4,ff,77,9c,bb,68,78,20,\
  310. "rkeysecu"=hex:5b,d3,d4,03,8f,90,cc,ce,5a,ed,c2,05,a5,77,1d,47
  311. .
  312. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  313. @Denied: (A 2) (Everyone)
  314. @="FlashBroker"
  315. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
  316. .
  317. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  318. "Enabled"=dword:00000001
  319. .
  320. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  321. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
  322. .
  323. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  324. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  325. .
  326. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  327. @Denied: (A 2) (Everyone)
  328. @="Shockwave Flash Object"
  329. .
  330. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  331. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
  332. "ThreadingModel"="Apartment"
  333. .
  334. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  335. @="0"
  336. .
  337. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  338. @="ShockwaveFlash.ShockwaveFlash.10"
  339. .
  340. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  341. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
  342. .
  343. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  344. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  345. .
  346. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  347. @="1.0"
  348. .
  349. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  350. @="ShockwaveFlash.ShockwaveFlash"
  351. .
  352. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  353. @Denied: (A 2) (Everyone)
  354. @="Macromedia Flash Factory Object"
  355. .
  356. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  357. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
  358. "ThreadingModel"="Apartment"
  359. .
  360. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  361. @="FlashFactory.FlashFactory.1"
  362. .
  363. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  364. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
  365. .
  366. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  367. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  368. .
  369. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  370. @="1.0"
  371. .
  372. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  373. @="FlashFactory.FlashFactory"
  374. .
  375. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  376. @Denied: (A 2) (Everyone)
  377. @="IFlashBroker4"
  378. .
  379. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  380. @="{00020424-0000-0000-C000-000000000046}"
  381. .
  382. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  383. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  384. "Version"="1.0"
  385. .
  386. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  387. @Denied: (A) (Users)
  388. @Denied: (A) (Everyone)
  389. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  390. "BlindDial"=dword:00000000
  391. .
  392. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  393. @Denied: (A) (Users)
  394. @Denied: (A) (Everyone)
  395. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  396. "BlindDial"=dword:00000000
  397. .
  398. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  399. @Denied: (Full) (Everyone)
  400. .
  401. ------------------------ Other Running Processes ------------------------
  402. .
  403. c:\program files\AVAST Software\Avast\AvastSvc.exe
  404. c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  405. c:\windows\SysWOW64\PnkBstrA.exe
  406. c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
  407. c:\program files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
  408. c:\program files (x86)\Google\Update\1.3.21.65\GoogleCrashHandler.exe
  409. .
  410. **************************************************************************
  411. .
  412. Completion time: 2011-08-28 20:53:44 - machine was rebooted
  413. ComboFix-quarantined-files.txt 2011-08-28 18:53
  414. .
  415. Pre-Run: 13.578.944.512 bytes free
  416. Post-Run: 13.241.544.704 bytes free
  417. .
  418. - - End Of File - - 1D40B250D1822DB68C84B7B7F8DAC626
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!