virus-dirtydecrypt.exe :: Pc Klinika ~ Doktori za vas kompjuter

ComboFix 13-07-30.05 - Administrator 07/31/2013 11:31:06.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.244 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\New Folder (2)\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-31 )))))))))))))))))))))))))))))))
.
.
2013-07-30 18:48 . 2013-07-30 18:48   --------   d-----w-   c:\program files\Web Cake
2013-07-30 18:48 . 2013-07-30 18:48   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Web Cake
2013-07-30 18:48 . 2013-07-30 18:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\Tarma Installer
2013-07-30 18:47 . 2013-07-30 19:03   --------   d-----w-   c:\program files\MyPC Backup
2013-07-30 18:47 . 2013-07-30 18:47   --------   d-----w-   c:\documents and settings\Administrator\Application Data\PandoraRecovery
2013-07-30 18:46 . 2013-07-30 18:50   --------   d-----w-   c:\program files\Pandora Recovery
2013-07-30 17:40 . 2013-07-30 17:40   110080   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
2013-07-30 17:40 . 2013-07-30 17:40   110080   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
2013-07-30 17:40 . 2013-07-30 17:40   110080   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
2013-07-30 14:27 . 2013-07-30 14:25   276760   ----a-w-   C:\te94decrypt.exe
2013-07-30 13:04 . 2013-07-30 13:04   --------   d-----w-   c:\documents and settings\Administrator\Application Data\PCFixKit
2013-07-30 12:24 . 2013-07-30 17:23   --------   d-----w-   c:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-29 20:28 . 2013-07-29 20:28   --------   d-----w-   c:\program files\VQshyekeq
2013-07-29 20:26 . 2013-07-29 20:26   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\VQshyeke
2013-07-29 19:03 . 2013-07-29 19:03   --------   d-----w-   c:\program files\Kaspersky Lab
2013-07-29 19:03 . 2013-07-31 08:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab
2013-07-29 19:01 . 2013-07-29 19:42   74336   ----a-w-   c:\windows\system32\drivers\klflt.sys
2013-07-29 15:42 . 2013-07-29 15:42   --------   d-----w-   c:\documents and settings\Administrator\Doctor Web
2013-07-29 15:38 . 2013-07-29 16:33   --------   d-----w-   c:\program files\DrWeb
2013-07-29 13:17 . 2013-07-29 13:17   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Radiocom
2013-07-29 13:17 . 2013-07-29 13:17   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Radiocom
2013-07-29 13:14 . 2013-07-29 19:27   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Rich Media Player
2013-07-29 13:13 . 2013-07-30 18:24   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Media Player Classic
2013-07-29 13:12 . 2012-06-09 17:21   178688   ----a-w-   c:\windows\system32\unrar.dll
2013-07-29 13:12 . 2013-07-29 13:12   --------   d-----w-   c:\program files\K-Lite Codec Pack
2013-07-28 23:16 . 2013-07-28 23:16   --------   d-----w-   c:\documents and settings\Administrator\Application Data\DivX
2013-07-28 21:45 . 2013-07-28 21:45   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-07-28 21:45 . 2013-07-28 21:45   --------   d-----w-   c:\program files\SUPERAntiSpyware
2013-07-28 21:45 . 2013-07-28 21:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-07-28 20:49 . 2013-07-29 13:02   --------   d-----w-   c:\program files\DivX
2013-07-28 20:48 . 2013-07-29 13:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\DivX
2013-07-28 20:38 . 2013-07-28 20:41   --------   d-----w-   c:\documents and settings\Administrator\Application Data\vlc
2013-07-28 18:25 . 2013-07-29 00:52   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Boat
2013-07-28 18:25 . 2013-07-28 21:53   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Hoykfu
2013-07-28 17:57 . 2013-07-28 17:57   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Ryiehdyq
2013-07-28 17:57 . 2013-07-30 05:38   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Dirty
2013-07-28 17:57 . 2013-07-28 17:57   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\ZFfkPIWv
2013-07-23 21:56 . 2013-07-23 21:56   --------   d-----w-   c:\program files\CCleaner
2013-07-22 18:33 . 2013-07-30 18:53   --------   d-----w-   c:\program files\Google
2013-07-17 16:20 . 2013-03-26 22:53   74752   ------w-   c:\windows\system32\dllcache\cryptdlg.dll
2013-07-04 13:36 . 2013-07-30 15:19   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Updater36928
2013-07-04 13:36 . 2013-07-04 13:37   --------   d-----w-   c:\program files\hosts2
2013-07-03 20:05 . 2013-07-03 20:05   --------   d-----w-   c:\program files\Common Files\Skype
2013-07-03 16:07 . 2013-07-31 08:48   --------   d-----w-   c:\documents and settings\Administrator\Application Data\uTorrent
2013-07-03 14:21 . 2013-06-04 07:23   562688   ------w-   c:\windows\system32\dllcache\qedit.dll
2013-07-03 12:22 . 2013-07-03 12:22   --------   d-----w-   c:\windows\system32\LogFiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-29 19:42 . 2012-08-13 14:49   145040   ----a-w-   c:\windows\system32\drivers\kneps.sys
2013-07-29 19:42 . 2012-07-25 12:53   24920   ----a-w-   c:\windows\system32\drivers\klmouflt.sys
2013-07-29 19:42 . 2012-06-08 09:38   44000   ----a-w-   c:\windows\system32\drivers\kltdi.sys
2013-07-29 19:42 . 2012-05-25 17:38   24408   ----a-w-   c:\windows\system32\drivers\klkbdflt.sys
2013-06-11 22:39 . 2012-12-26 08:29   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-06-11 22:39 . 2012-12-26 08:29   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-04 07:23 . 2007-11-07 09:00   562688   ----a-w-   c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2007-11-07 09:00   1876736   ----a-w-   c:\windows\system32\win32k.sys
2013-05-08 22:28 . 2007-11-07 09:00   1543680   ----a-w-   c:\windows\system32\wmvdecod.dll
2013-05-03 01:30 . 2007-11-07 09:00   2149888   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2007-07-19 05:40   2028544   ----a-w-   c:\windows\system32\ntkrnlpa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2013-01-11 . 830BB7F63412366F3AAD7BB723C29DE4 . 3619328 . . [7.00.6000.17117] . . c:\windows\ie8\mshtml.dll
[7] 2013-01-11 . 728F5E630CDF204DF0707BEA5E0F3D28 . 3621376 . . [7.00.6000.21319] . . c:\windows\$hf_mig$\KB2799329-IE7\SP3QFE\mshtml.dll
[7] 2013-01-06 . BDF6CC938C0644FE3643BC0D6A678E26 . 6009856 . . [8.00.6001.19394] . . c:\windows\SoftwareDistribution\Download\ba76551526d6c0dc13a37b3c3ba56dc3\SP3GDR\mshtml.dll
[7] 2013-01-06 . BDF6CC938C0644FE3643BC0D6A678E26 . 6009856 . . [8.00.6001.19394] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2013-01-06 . 14FD1CAEFB6D2749019AC2F54859568C . 6011392 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll
[7] 2013-01-06 . 14FD1CAEFB6D2749019AC2F54859568C . 6011392 . . [8.00.6001.23462] . . c:\windows\SoftwareDistribution\Download\ba76551526d6c0dc13a37b3c3ba56dc3\SP3QFE\mshtml.dll
[7] 2012-11-14 . 9E3B9AFB15D210893E5F10899A127FFC . 3620864 . . [7.00.6000.21318] . . c:\windows\$hf_mig$\KB2761465-IE7\SP3QFE\mshtml.dll
[7] 2012-11-14 . 75450799DB55482CBDC7A54C51A0F238 . 3618816 . . [7.00.6000.17116] . . c:\windows\ie7updates\KB2799329-IE7\mshtml.dll
[7] 2012-11-13 . 02D8509E2362D777DEBFFC05C022CBF2 . 6010880 . . [8.00.6001.23461] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll
[7] 2012-11-13 . 02D8509E2362D777DEBFFC05C022CBF2 . 6010880 . . [8.00.6001.23461] . . c:\windows\SoftwareDistribution\Download\cc96b93914846861794489046c97de97\SP3QFE\mshtml.dll
[7] 2012-11-12 . 9C46E5C82F94D9AEDD2CE798F0DF1158 . 6008832 . . [8.00.6001.19393] . . c:\windows\ie8updates\KB2799329-IE8\mshtml.dll
[7] 2012-11-12 . 9C46E5C82F94D9AEDD2CE798F0DF1158 . 6008832 . . [8.00.6001.19393] . . c:\windows\SoftwareDistribution\Download\cc96b93914846861794489046c97de97\SP3GDR\mshtml.dll
[7] 2012-08-28 . DF3C3CA94CBC9DE07AC3EB49440A8D45 . 6008832 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\mshtml.dll
[7] 2012-08-28 . DF3C3CA94CBC9DE07AC3EB49440A8D45 . 6008832 . . [8.00.6001.19328] . . c:\windows\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3GDR\mshtml.dll
[7] 2012-08-28 . CF6B381C3518AB328382429CAE206D64 . 6010368 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll
[7] 2012-08-28 . CF6B381C3518AB328382429CAE206D64 . 6010368 . . [8.00.6001.23415] . . c:\windows\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3QFE\mshtml.dll
[7] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\ie8updates\KB2744842-IE8\mshtml.dll
[7] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\mshtml.dll
[7] 2011-11-04 . 699421E2E1313C18671A703953CAE14B . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[7] 2011-11-04 . 699421E2E1313C18671A703953CAE14B . 5978624 . . [8.00.6001.23266] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\mshtml.dll
[7] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
[7] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\mshtml.dll
[7] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-11-07 . 4785DE39046921260C57C771C5D17B29 . 4081664 . . [7.00.5730.13] . . c:\windows\ie7updates\KB2761465-IE7\mshtml.dll
[-] 2007-11-07 . 4785DE39046921260C57C771C5D17B29 . 4081664 . . [7.00.5730.13] . . c:\windows\system32\mshtml.dll
.
[7] 2012-11-01 . 9AD88EA663124336E88EB031F917CE20 . 916992 . . [8.00.6001.19389] . . c:\windows\SoftwareDistribution\Download\cc96b93914846861794489046c97de97\SP3GDR\wininet.dll
[7] 2012-11-01 . 9AD88EA663124336E88EB031F917CE20 . 916992 . . [8.00.6001.19389] . . c:\windows\system32\dllcache\wininet.dll
[7] 2012-11-01 . ACC92628CFFF9BB6F8886329888014A8 . 920064 . . [8.00.6001.23458] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll
[7] 2012-11-01 . ACC92628CFFF9BB6F8886329888014A8 . 920064 . . [8.00.6001.23458] . . c:\windows\SoftwareDistribution\Download\cc96b93914846861794489046c97de97\SP3QFE\wininet.dll
[7] 2012-11-01 . 8381B36D077D043D0D4FE6AC94C44A1F . 832512 . . [7.00.6000.17115] . . c:\windows\ie8\wininet.dll
[7] 2012-11-01 . EA3D664709A7B217AAE73F943E5C9004 . 841216 . . [7.00.6000.21317] . . c:\windows\$hf_mig$\KB2761465-IE7\SP3QFE\wininet.dll
[7] 2012-08-28 . FF1C14BCA1A797CE45DD359FA2C9EDA8 . 916992 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\wininet.dll
[7] 2012-08-28 . FF1C14BCA1A797CE45DD359FA2C9EDA8 . 916992 . . [8.00.6001.19328] . . c:\windows\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3GDR\wininet.dll
[7] 2012-08-28 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll
[7] 2012-08-28 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3QFE\wininet.dll
[7] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2744842-IE8\wininet.dll
[7] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\wininet.dll
[7] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[7] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\wininet.dll
[7] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[7] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll
[7] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-11-07 . 82697376AB9B952FC86134EBD9CC1F07 . 885248 . . [7.00.5730.13] . . c:\windows\ie7updates\KB2761465-IE7\wininet.dll
[-] 2007-11-07 . 82697376AB9B952FC86134EBD9CC1F07 . 885248 . . [7.00.5730.13] . . c:\windows\system32\wininet.dll
.
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2007-11-07 . A2F03ADFB6C17E732FC42D51352EDCC3 . 502784 . . [1.0626.6000.20581] . . c:\windows\system32\usp10.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Center Agent"="c:\program files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-07-13 1435648]
"uTorrent"="c:\documents and settings\Administrator\Application Data\uTorrent\uTorrent.exe" [2013-07-03 1221200]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"WebCake Desktop"="c:\documents and settings\Administrator\Application Data\Web Cake\WebCakeDesktop.exe" [2013-07-26 52504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 344064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2007-01-09 49152]
"Domino"="c:\windows\Domino.EXE" [2007-01-09 49152]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-07-29 356376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-11-07 123904]
"NewUser"="c:\windows\System32\NewUser.cmd" [2007-11-07 2475]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSecurityTab"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
2013-04-18 18:38   491840   ----a-w-   c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
2013-07-30 17:43   5076416   ----a-w-   c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-01 19:45   4763008   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [12/21/2011 2:47 PM 21512]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [6/8/2012 11:38 AM 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [8/13/2012 4:49 PM 145040]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 11:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 8:54 PM 116608]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [7/18/2013 10:51 PM 574272]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/9/2012 12:47 AM 418376]
R2 WebCakeUpdater;WebCakeUpdater;c:\program files\Web Cake\WebCakeDesktop.Updater.exe [7/30/2013 8:48 PM 50968]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [12/26/2012 12:32 AM 674048]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 2:09 PM 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [5/25/2012 7:38 PM 24408]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [7/25/2012 2:53 PM 24920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/9/2012 12:45 AM 22856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2013 10:48 PM 116648]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/9/2012 12:45 AM 701512]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/12/2013 2:37 PM 3289472]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/21/2013 9:53 AM 162408]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [7/11/2012 2:58 PM 763840]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys --> c:\windows\system32\DRIVERS\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/21/2011 2:47 PM 27744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2013 10:48 PM 116648]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [4/6/2010 6:32 PM 26248]
S3 NTProcDrv;Process creation detector for NT.;

S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [6/8/2013 11:10 PM 428160]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASPI32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-22 20:50   1173456   ----a-w-   c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-22 20:48]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-22 20:48]
.
2013-07-30 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2012-12-08 16:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ONE_LINK
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Iz&vezi u Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-31 11:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-562591055-1417001333-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,65,6b,
80,78,c4,7e,0a,9f,6a,36,4b,59,49,3d,a5
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,dc,17,
b9,e0,2c,c4,09,bb,87,d0,a1,8f,ee,51,00
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,21,37,
50,8e,3c,16,02,8a,f7,a2,83,03,74,39,60
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,82,92,
85,1d,11,b1,0c,83,d5,83,de,6d,a9,3d,a9
"{FF2F7AD6-0F16-F175-FD57-AFE0FEE5168E}"=hex:51,66,7a,6c,4c,1d,3b,1b,c6,60,35,
e2,26,5a,19,b4,e7,55,f0,b8,f8,a4,56,9b
"{00A08A12-4B9B-05A2-058D-671BA279ECB1}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,90,ba,
1d,ab,1e,ce,40,1f,8f,38,43,a4,38,ac,a4
"{97D61DD0-6A89-3071-0EAA-ED0650DB88DB}"=hex:51,66,7a,6c,4c,1d,3b,1b,c0,07,cc,
8a,b9,3f,1d,75,14,a8,b2,5e,56,9a,c8,ce
"{8BA5BDAE-4BDA-5A58-79F6-BE43D4DDFB51}"=hex:51,66,7a,6c,4c,1d,3b,1b,be,a7,bf,
96,ea,1e,34,1f,63,f4,e1,1b,d2,9c,bb,44
"{5C6C17AA-5F35-CBF1-590D-A7129DB1E520}"=hex:51,66,7a,6c,4c,1d,3b,1b,ba,0d,76,
41,05,0a,9d,8e,43,0f,f8,4a,9b,f0,a5,35
"{11111111-1111-1111-1111-110311691128}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0b,0b,
0c,21,44,7d,54,0b,13,4e,5b,17,28,51,3d
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,8d,16,
a7,39,8c,da,0c,b5,e0,d4,86,22,1c,87,f3
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,6c,74,
2f,b2,14,91,03,86,14,4b,11,a2,d6,d5,e1
.
[HKEY_USERS\S-1-5-21-484763869-562591055-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1148)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(7432)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2013-07-31 11:41:53
ComboFix-quarantined-files.txt 2013-07-31 09:41
ComboFix2.txt 2013-07-30 15:53
.
Pre-Run: 52,639,981,568 bytes free
Post-Run: 52,752,158,720 bytes free
.
- - End Of File - - 4700B31762D6585A16337244C600C3FE
8F558EB6672622401DA993E1E865C861