Evo i Combofix log.....
ComboFix 09-04-04.01 - -Bajt 2009-04-11 18:19:07.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2502 [GMT 2:00]
Running from: c:\documents and settings\-Bajt\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.
2009-04-11 15:15 . 2009-04-11 15:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-11 15:15 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 15:15 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-11 11:33 . 2009-04-11 11:33 <DIR> d-------- c:\program files\Real
2009-04-11 11:33 . 2009-04-11 11:47 <DIR> d-------- c:\documents and settings\-Bajt\Contacts
2009-04-11 11:32 . 2009-04-11 11:32 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-04-11 11:32 . 2009-04-11 15:12 <DIR> d-------- c:\program files\MSN Messenger
2009-04-11 10:48 . 2009-04-11 10:48 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Avira
2009-04-11 10:45 . 2009-04-11 10:45 <DIR> d-------- c:\program files\Avira
2009-04-11 10:45 . 2009-04-11 10:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-04-11 10:45 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-04-10 23:25 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft.NET
2009-04-10 23:25 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft Works
2009-04-10 23:25 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-04-10 23:24 . 2009-04-10 23:25 <DIR> d-------- c:\program files\Microsoft Expression
2009-04-10 23:24 . 2009-04-10 23:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-10 23:23 . 2009-04-10 23:23 <DIR> dr-h----- C:\MSOCache
2009-04-10 22:50 . 2009-04-10 22:50 <DIR> d-------- c:\program files\Alwil Software
2009-04-10 14:59 . 2009-04-10 14:59 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> dr------- c:\program files\Skype
2009-04-10 14:58 . 2009-04-10 15:01 <DIR> d-------- c:\program files\Google
2009-04-10 14:58 . 2009-04-10 14:58 <DIR> d-------- c:\program files\Common Files\Skype
2009-04-10 14:58 . 2009-04-11 17:48 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\skypePM
2009-04-10 14:58 . 2009-04-11 18:16 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Skype
2009-04-10 14:58 . 2009-04-10 14:58 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-04-10 14:57 . 2009-04-10 14:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-04-10 14:51 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-04-10 14:36 . 2009-04-10 23:52 116 --a------ c:\windows\NeroDigital.ini
2009-04-10 11:36 . 2009-04-10 11:36 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\TrojanHunter
2009-04-10 10:55 . 2009-04-10 10:55 <DIR> d--h----- c:\windows\PIF
2009-04-10 10:55 . 2009-04-10 11:55 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-04-10 10:17 . 2009-04-10 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-10 10:16 . 2009-04-10 10:16 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Simply Super Software
2009-04-09 23:43 . 2009-04-09 23:43 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Malwarebytes
2009-04-09 23:13 . 2009-04-09 23:13 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Macromedia
2009-04-09 23:13 . 2009-04-10 19:00 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Adobe
2009-04-09 23:10 . 2009-04-09 23:10 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\BSplayer PRO
2009-04-09 23:09 . 2009-04-10 23:46 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Ahead
2009-04-09 23:06 . 2009-04-09 23:06 <DIR> d-------- c:\documents and settings\-Bajt\Application Data\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 12:57 --------- d-----w c:\program files\Winamp
2009-04-11 12:57 --------- d-----w c:\program files\QuickTime
2009-04-11 11:37 --------- d-----w c:\program files\Apple Software Update
2009-04-10 17:40 --------- d-----w c:\program files\Enigma Software Group
2009-04-10 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-09 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 21:32 --------- d-----w c:\program files\Common Files\Adobe
2009-04-09 21:28 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-09 21:10 --------- d-----w c:\program files\Webteh
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-09 21:09 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-09 21:09 --------- d-----w c:\program files\Common Files\Ahead
2009-04-09 21:08 --------- d-----w c:\program files\Nero
2009-04-09 21:06 --------- d-----w c:\program files\Opera
2009-04-09 20:45 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 20:35 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((( SnapShot@2009-04-10_12.03.31.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-10 21:25:45 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2009-04-10 21:25:46 4,608 ----a-w c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2009-04-10 21:25:41 183,104 ----a-w c:\windows\assembly\GAC\Microsoft.Expression.Interop.WebDesigner\12.0.0.0__71e9bce111e9429c\Microsoft.Expression.Interop.WebDesigner.dll
+ 2009-04-10 21:25:41 1,989,448 ----a-w c:\windows\assembly\GAC\Microsoft.Expression.Interop.WebDesignerPage\12.0.0.0__71e9bce111e9429c\Microsoft.Expression.Interop.WebDesignerPage.dll
+ 2009-04-10 21:25:44 8,007,680 ----a-w c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2009-04-10 21:25:13 80,696 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2009-04-10 21:25:43 13,312 ----a-w c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2009-04-10 21:25:33 371,496 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2009-04-10 21:25:33 64,288 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-04-10 21:25:43 229,376 ----a-w c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2009-04-10 21:25:45 4,096 ----a-w c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2009-04-10 21:25:33 416,544 ----a-w c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-04-10 21:25:36 12,080 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2009-04-10 21:25:36 11,544 ----a-w c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2009-04-10 21:25:43 16,384 ----a-w c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2009-04-10 21:24:46 53,248 ----a-w c:\windows\assembly\GAC_32\WebDev.WebHost\8.0.0.0__b03f5f7f11d50a3a\WebDev.WebHost.dll
+ 2009-04-10 21:27:10 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\783f9001734087408c0ecb5606234920\Microsoft.VisualC.ni.dll
+ 2009-04-10 21:26:58 778,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Autho#\3ac652be369b41488c3294507e3d1cbe\Microsoft.Web.Authoring.ni.dll
+ 2009-04-10 21:27:29 1,560,576 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Desig#\c75f12d4d01c2240abefc015710cb52d\Microsoft.Web.Design.Client.ni.dll
+ 2009-04-10 21:27:19 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\4a18ee53436fd74cb3ed7fc188ebf6be\System.Configuration.Install.ni.dll
+ 2009-04-10 21:27:23 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\7c3ec0bde1dbdd4b8dc0da29499ae5f4\System.Data.OracleClient.ni.dll
+ 2009-04-10 21:27:10 2,703,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\645ba35aa640a94181ecc0856c2d8ff1\System.Data.SqlXml.ni.dll
+ 2009-04-10 21:27:15 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f219b676e04e2e4099a18325eb9f9f97\System.Runtime.Remoting.ni.dll
+ 2009-04-10 21:27:19 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9dad7d5a6b31fb46a2f83cd2a757fbe3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-04-10 21:27:18 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\4c2afca607e16242a4bf605b0685d4c1\System.ServiceProcess.ni.dll
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-10 12:58:04 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2009-04-11 13:12:04 29,926 ----a-r c:\windows\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
+ 2009-04-10 21:26:00 20,240 ----a-r c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-10 21:26:00 217,864 ----a-r c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-10 21:26:00 18,704 ----a-r c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-10 21:26:00 35,088 ----a-r c:\windows\Installer\{90120000-0026-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-04-10 21:24:15 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2006-10-26 11:45:04 118,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WebDev.WebServer.EXE
- 2009-04-09 20:34:22 8,738 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2009-04-11 08:32:16 8,972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
- 2009-04-09 20:34:20 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-04-11 08:34:35 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2009-04-09 20:34:22 2,112 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-04-11 08:34:35 2,722 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-02-13 09:17:49 45,416 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2009-02-13 09:29:11 22,360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2009-02-13 12:22:54 95,576 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2009-02-13 09:50:02 28,376 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2004-08-03 21:08:48 26,496 ----a-w c:\windows\system32\drivers\USBSTOR.SYS
+ 2006-10-26 12:10:08 1,190,688 ----a-w c:\windows\system32\FM20.DLL
+ 2006-10-26 12:10:06 33,088 ----a-w c:\windows\system32\FM20ENU.DLL
- 2009-04-09 21:39:41 1,974,880 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-11 08:23:06 2,011,792 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2006-10-26 11:45:04 207,360 ----a-w c:\windows\system32\INKED.DLL
+ 2006-07-24 08:50:38 125,744 ----a-w c:\windows\system32\MSSTDFMT.DLL
+ 2006-07-24 08:50:40 39,728 ----a-w c:\windows\system32\SCP32.DLL
+ 2007-01-19 10:53:04 51,056 ----a-w c:\windows\system32\sirenacm.dll
+ 2006-07-24 08:50:40 47,920 ----a-w c:\windows\system32\VBAME.DLL
+ 2006-10-26 11:45:04 293,376 ----a-w c:\windows\system32\WISPTIS.EXE
+ 2006-10-26 11:40:34 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-06-05 12:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 12:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 12:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-10-26 11:40:36 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 11:40:36 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 11:40:36 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 11:40:36 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 11:40:36 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 11:40:36 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 11:40:36 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 11:40:36 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 11:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 11:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 11:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 11:40:36 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 11:40:36 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2008-07-29 06:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 01:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 06:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 06:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 04:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 04:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 06:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2007-11-07 00:19:20 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-04-11 186625]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-11 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2009-04-11 432897]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qkhjpn.sys --> c:\windows\system32\drivers\qkhjpn.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - USNJSVC
.
Contents of the 'Scheduled Tasks' folder
2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-SW20 - c:\windows\system32\sw20.exe
MSConfigStartUp-SW24 - c:\windows\system32\sw24.exe
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.enigmasoftware.a013.com/congratulation_spyhunter_scanner.php
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-04-11 18:20:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(756)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-04-11 18:21:09
ComboFix-quarantined-files.txt 2009-04-11 16:21:07
ComboFix2.txt 2009-04-10 17:49:40
ComboFix3.txt 2009-04-10 17:29:42
ComboFix4.txt 2009-04-10 16:36:37
ComboFix5.txt 2009-04-11 16:18:54
Pre-Run: 36,737,331,200 bytes free
Post-Run: 36,823,584,768 bytes free
254
Re: Task Manager i Registry Editor disabled + W32/Sality.AA
Registrovani: 11 ( aleksim, djura63, fangorn, valjan, bojanum, Gibli, sikira069, peromalosutra, stil2, ademare, presa )